The process of making sure your business is prepared to protect its data from ransomware and other disasters depends largely on the characteristics of your specific computing environment, such as the type of data you have and how it is stored. To begin the process of implementing or optimizing a data protection plan, you need to gain a full understanding of how data is used within your organization and what needs to be protected the most. Start by asking yourself these four questions:
1. What data do I have?
The first thing to do is take an audit of the different types of data you have. For example, you might have marketing materials, financial records, employee information, customer information, operational data, strategic business information and analyst reports. Gaining a full understanding of the organization’s data landscape will help you prioritize what needs to be protected most.
2. Where is it stored?
After you know what data you have, take a look at where the data is located. The locations of data can be discovered by directly analyzing each machine via automated data inventory tools, which enumerate the files, index their key terms, and categorize them along with their location. Files containing sensitive data or other data matching criteria can be classified further.
3. Who has access to it?
The next thing to ponder is who has access to the data. Not only is this a core security question but it is key to limiting the scope of a ransomware or hack attack. Consider which users have access and which roles they hold in the organization. Mentally walk through what the impact of one of those users was the victim of ransomware—or if their credentials were stolen and then used to steal customer data. Make sure employees only have access to the data they need to do their jobs effectively.
4. How is it backed up?
A backup and recovery system is an essential component of any data protection plan. In addition to ransomware, a high-quality backup and recovery system will protect your data against accidental deletions, hardware failure, power outages and other disasters.
If you already have a backup system in place, have you taken a good look at it lately? Identify how often data is backed up, where backed-up data is stored and how long it takes your team to restore data. Find out if data can be restored granularly or only as a large chunk, and whether IT staff are experienced in the recovery process. And always be sure to test your backup system regularly so you are ready when ransomware strikes.