COVID-19 has resulted in majority of employees working from home. But here’s the problem, by working from home, employees are now no longer connected directly to the infrastructure put in place at their physical office. This includes things like firewalls, servers/printers, and on-premises backup and recovery systems, etc. The list goes on.
I mean, let’s face it. In an office environment, it’s easier to secure any transmission of data, as everyone is in a controlled environment. Basically, when workstations are contained in one physical building, it’s easier to control management, ongoing maintenance through managed IT services, and physical security.
But when people go remote, companies are now faced with connectivity, file-sharing and collaboration workflows that don’t exist when you are co-located with your co-workers. The shift in business continuity is now from centralized devices in a server room to highly distributed workstations on a variety of network connections, spread out over multiple home networks and devices, which may be employee-owned, company-owned, or a combination. This includes data like emails, documents, communication trails via messaging apps, and more. And if that data isn’t backed up properly from wherever it is, it can bring about costly consequences.
I mean, did you know that between 2018 and 2019, Singapore businesses lost an average of S$1.9 million (US$1.4 million) due to data-loss incidents? Additionally, 86% of organizations have been impacted by downtime during data-loss incidents during that time, with 37% suffering permanent data loss. The cost of unplanned downtime while working through a data loss incident is an average of $463,000 per incident for Singapore businesses.
Preventing Data Loss from a Remote Workforce
But before going into the importance of having a backup and disaster recovery solution in place especially now with working from home becoming the new normal, a key to preventing data loss from a remote workforce is to first understand all the ways that data loss can occur.
In order for employees to work remotely, cloud systems are crucial so they can remotely access business apps and data. But many companies falsely think that just by putting your data in the cloud, it’s already being backed up. But that’s not the case.
A cloud storage system will make your files available in the cloud, but the synching mechanism also means that data can be deleted because cloud storage is NOT the same as cloud backup. It is recommended that data in cloud services be backed up in a third-party backup and recovery program in case of an outage or loss of cloud data.
Hard Drive Crashes
Remote working employees may be working on personal devices that are older or don’t have the same monitoring and maintenance that they’re used to on their workstation at the office. Often personal devices also aren’t designed for business use, which is much more demanding. This can lead to more risk of a hard drive crash that can cause major data loss of all work files on an employee device.
Many homes share a main computer, and if another family member is accessing a computer that’s also being used to work from home, the is a risk of accidental data loss through deletion. While the ideal situation is to have a work laptop only used for work when it’s in a home environment, that may not always be the case. For starters, some companies may not have the necessary financial means to provide all their employees with a work laptop. And another thing, physical device security just isn’t the same at home as in an office environment.
Another threat that is increased for remote workers who may not have the IT support they’re used to while working from home is the chance of a ransomware infection. Ransomware encrypts files to make them unusable until a ransom is paid to the hacker. Even once it’s paid, companies often still suffer data loss and/or costly downtime. Phishing attacks have increased 667% due to criminals taking advantage of the COVID-19 crisis and they’re targeting employees working from home.
The Importance of having a Business Continuity Disaster Recovery (BCDR) Solution
While companies are dealing with the sudden move to a remote workforce, it is still very crucial that they still make cybersecurity a top priority. This is because, sadly, hackers are using this pandemic as an opportunity to take advantage of businesses that haven’t maintained the same level of cybersecurity throughout the pandemic. In fact, there has been an increase in ransomware attempts as well as new attack vectors since the start of COVID-19 thus far!
BCDR is an essential piece of the security matrix and is a strong last-line defense to ensure companies never have to resort to paying ransom to get their data back.
However, it is also important to note that BCDR must be in place at all locations where the data lives — locally and in the cloud.
But how do you ensure that every single device connecting from outside your company is properly secured?
Well, the short answer is – you can’t. A January phishing report found that globally, 50% of working adults don’t password-protect their home networks, and 90% said they use employer-issued devices for personal activities. But whether your employees use company-owned or personal devices at home, protecting your data is a challenge. Even with access from virtual private networks (VPNs) protected by next-generation firewalls, no network is completely secure.
And another thing, how do you prevent someone from clicking on a link that could lock up your entire network?
The answer is, once again, you can’t. But of course, this can be minimized and even prevented by signing your employees up for a cyber security awareness training to heighten their awareness in regards to cybersecurity.
Here’s what you can do
Revise Your Recovery Objectives
Your business continuity and disaster recovery (BCDR) plan must include recovery objectives that help you determine what success looks like. With remote work becoming a new standard, it’s a great time to re-evaluate your recovery time objectives (RTOs) and recovery point objectives (RPOs).
Ask yourself, given my current situation, can I still get systems back up and running fast enough to avoid costly downtime? What if I can’t be there in person? With people working in many places, can I still back-up systems frequently enough to protect critical data? If not, will my infrastructure need to be upgraded to achieve these goals, and do I have the budget? And, does my current backup solution give me the flexibility I need to keep data protected and easy to recover, even remotely?
Evaluate Your Current BCDR Solution
There are plenty of backup solutions, but many don’t offer the features you need to manage fully remote backup and recovery. Before you make any infrastructure or policy changes, re-evaluate the backup solutions driving your BCDR strategy. Ask yourself these questions:
Does the solution allow me to deploy agents to remote machines?
Does it give me a cloud-based console to manage backups?
Can I test backups remotely?
In a pinch, could an end-user restore a backup if I can’t help?
How much flexibility do I get in terms of options for storing backups (local storage vs. public cloud vs. private cloud)?
Can I restore machines without physically accessing them?
How easily can I do everything above in an emergency?
If your BCDR solution can’t do these things, you may struggle to meet your recovery objectives.
Focus on Cloud-Based Backup and Recovery
The cloud makes the work-from-home era possible. According to a research, digital collaboration has increased by 19% in the last two weeks of February 2020 relative to same period in 2019. But it’s not just file and folder sharing that depends on the cloud.
An effective remote backup strategy uses the cloud for taking and storing backups, restoring them, and managing the whole process.
Let’s take a quick look at each of these areas.
In the work-from-home era, admins might need to do everything remotely. You must be positive you can monitor, maintain, test, and recover every backup from wherever you are.
Now, I am sure you have heard about the 3-2-1 backup rule before. If you momentarily forgot what it is, let me trigger it slightly for you. The 3-2-1 backup rule simply states that you should have 3 copies of your data (your production data and 2 backup copies) on two different media (disk and tape) with one copy off-site for disaster recovery.
But let me introduce you to the 3-2-2 rule now:
3: Keep two local copies of your data, including the one on the original hard drive, for a total of three
2: The two copies should be on two different types of media
2: Those two copies should also be stored or replicated to two separate off-site locations
Most backup solutions let you take remote backups and store them locally or offsite. But in an emergency, it’s recovery that matters. Since you may not have physical access to machines, you must be able to restore data from wherever you are, with as minimal downtime as possible.
Want to get a Business Continuity and Disaster Recovery Solution for your business, or interested to find out more about our Employee Cyber Security Awareness Training Program? Click the green button to contact us today!
eVantage Technology is a professional and trusted IT solutions provider, dedicated to providing exceptional service to companies in Singapore and across Asia.