April 30, 2020
Protecting MSP Data from Ransomware
As cybersecurity threats continue to emerge and evolve, managed service providers (MSPs) are finding themselves in the crosshairs.
In an effort to help MSPs curb this threat, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) developed a guide for MSPs and their SMB customers.
According to the NCCoE, the guide provides recommendations to help MSPs conduct, maintain, and test backup files to reduce the impact of these data loss incidents. The deployment and implementation recommendations in this document can help MSPs restore files/data and systems with minimal impact on business operations.
In this blog, we’ll take a look at some of the suggestions and discuss what these mean for MSPs.
Identify Files and Processes for Backups:
- Prioritize files based on business value and operational needs.
- Identify what backup files/data to secure offline. Consider producing multiple backup file copies.
- Identify any regulatory and legal data retention requirements, such as chain of custody, that may affect the backup plan and technical approach.
- Determine if automated or manual processes are best for generating backups, including hard copies.
- Retain copies of credentials, including personal identification numbers, encryption keys, and web browser cookies.
Determine the Frequency of Backups:
- Establish the desired time frame to restore files and applications to minimize negative impacts to the organization’s mission or business operations–known as recovery time objective.
- Determine the maximum age of the backup files to enable operations to be reestablished with minimum acceptable interruption of operations– known as the recovery point objective.
Test Your Backup Recovery Plan:
- Develop response and recovery processes and procedures that utilize the backup files and backup systems. Conduct tabletop exercises to identify opportunities for improvement.
- Determine workplace relocation options: e.g., fire and flood could require temporary or permanent office relocation; not all backup capabilities will be portable.
- Test planning for recovery: Test individual systems and the entire operation (if possible).
- Monitor the backup processes for failures and consistency.
To learn more about the guidance and what MSPs and businesses should do avoid ransomware threats, check out their site.