May 2017. It wasn’t a good month for continuity or business as usual! Prince Philip announced his retirement, British Airways cancelled all flights for one day from both Heathrow and Gatwick amid a “major IT system failure”, and then there was the ‘biggest ransomware’ offensive in history; more than 300,000 computers in 150 countries were infected with a strain of ransomware dubbed WannaCry. There was international havoc, parts of the NHS were crippled and parcels in the FedEx network were delayed.
“Ransomware: A type of malware (malicious software) that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.”
At the time of the May 2017 cyber-breaches, ransomware was no new thing. It had in fact been around for years. From an exposure and awareness point of view, the attack that hit the NHS was a good thing - it put ransomware on the radar, and made a lot of people sit up straight. If a relatively simple and non-complex malware infection could spread that quickly across the NHS and cause that much disruption, how vulnerable were small to medium size businesses? Unfortunately, very vulnerable.
It was a few days after the initial WannaCry outbreak when out of the blue we had a lady come into our office. We’d never met before, she was a local photographer. In a state of despair, she proceeded to explain how she’d lost all her photos - everything that she had ever taken going back years, and she’d even lost her backups. The whole lot, gone. Unfortunately, she was right, absolutely everything had been encrypted. Had she had a more comprehensive backup solution (more than occasionally selecting photos and copy and pasting these to an external hard drive) it would have been a different story.
It’s not just ransomware that can stop businesses from operating, lack of management and being on the back-foot can cause catastrophic problems. We started working with a logistics company back in 2015, they moved their IT support to ourselves as they were constantly being let down by their previous provider. As part of our engagement and on-boarding with any new company or client, we always carry out an in-depth audit and review of their current and pre-existing IT systems, cyber security and network.
In this case, we flagged at our initial meeting that a hard drive had failed in their server and expressed the urgency that this required immediate attention and resolving as a priority. Having raised the issue with their IT provider on the day that we met (something their previous provider should have known about and sorted without bothering the client for anything other than access), just shy of two weeks later the server crashed. Another drive failed, resulting in the loss of three working days and 24 hours of data; and a lot of money... Safe to say they moved their IT support to ourselves and have been a client ever since.
There’s a common theme here, and that’s business continuity. All of the above situations could have been avoided. Had the NHS invested in their IT security, the WannaCry ransomware outbreak wouldn’t have brought hospitals to their knees. Had the photographer invested in a proper and more robust backup solution, she wouldn’t have lost her data. Had the previous IT company used an RMM (Remote Management and Monitoring) tool, the business wouldn’t have lost time, data or money. As for Prince Philip retiring, I can’t think of a way that that could have been avoided I’m afraid.
IT is critical for businesses of all sizes, so any outage can have catastrophic effects. And it’s not just the loss of time, data or money either, it’s the loss of reputation that can have a long-lasting damaging effect that’s unaccountable.
Unlike the retirement of Prince Philip being something that was ultimately unavoidable and just a matter of time, an IT disaster should never be ‘just a matter of time’. Frankly, it need not be a matter at all. At the front end, it’s all about making sure you have adequate IT security, IT protection and cyber breach mitigation in place; things that are more important than ever when you consider the implications of Article 32 of the GDPR. At the other end, you need more than just backup. Backup is not the be all and end all, it’s just one element that should be considered as part of your continuousness IT strategy, the others being Disaster Recovery (DR) and System Continuity. For instance:
Backup: A single user has accidentally deleted a file and needs to recover this from the backup. The rest of the business is none-the-wiser, everyone else is working and within a few minutes, the file is restored.
Disaster Recovery: The office has burnt down. The complete IT system needs to be recovered from an offsite image and within a few hours, there is access to data and systems.
System Continuity: A server has crashed and the software that runs the business is not accessible. Within a few minutes, everyone can switch over to the secondary server whilst the primary server is restored.
At LMS Group, we provide bespoke business continuity solutions that keep our clients fully operational and safe from IT disaster. For more information and to book a FREE IT Assessment visit: www.lms.group/continuity