Viewing entries tagged
Disaster Recovery Service

What to do when an ex-employee starts deleting your company data.

What to do when an ex-employee starts deleting your company data.

We had an interesting customer situation to deal with recently here at Abtech.

One of our StorTrust clients had to let one of their employees go.  Nothing too unusual.

However, they didn’t escort the person off the premises, delete their login and move on.  Instead, they let her go back to her desk while they sorted out the necessary paperwork.

So, what did the now ex-employee do with that time? Did she quietly pack up her stuff and say goodbye to her colleagues?

Unfortunately not.  Instead, she logged onto her system and started to delete files and emails.  The company was in the medical space and not having these files could have compliance implications.

Luckily, someone noticed and notified their manager, who removed the ex-employee from her desk and arranged for her network access to be revoked.  

I guess that person will not be getting a reference anytime soon.

So, what could they do to recover the data?

After a bit of head scratching, someone pointed out that they had recently signed up for a StorTrust backup and DR contract with Abtech.

They called us up and asked if we could help.

StorTrust uses Quest Rapid Recovery software at its core, which has powerful recovery capabilities.  It can be used to recover complete servers but also individual files and emails.  

Our engineer logged on and reviewed the logs.  They found where the files had been deleted and recover them from a recent backup.  

The whole process took less than 10 minutes.  All the data and emails were recovered to their original location.  

The first thing to learn from this is that, when you let go an employee, they can sometimes do irrational things.  So, have everything prepared, including instructions to cancel their network login, before you have that “we are having to let you go” conversation.

What this also shows is the value of having the right backup and recovery solution in place.  StorTrust and Rapid Recovery provide the protection against this and many other scenarios.  These include ransomware attacks and hardware failures as well as the more obvious natural disasters.

If you want to know more, please give us a call or download our ebooks on Disaster Planning and How to Deal with a Ransomware Attack

 

An employee opens an email virus. Read what happens & see a timeline of events [Infographic]

Curious how a backup and disaster recovery (BDR) service can be really helpful? Here's a real-life example: 

One of our managed services customers recently experienced a ransomware attack. A member of staff was sent an email with a virus attached to it. This is a widely used piece of ransomware, which encrypts the files on the computer it infects and any directories on other systems it has access to.

The email looked genuine and was addressed personally to that staff member by name, so he opened it. Immediately his system was encrypted. The virus also encrypted the company file server so none of the users could access their data. Everything ground to a halt.

Shortly after a ransom request arrived in the user’s inbox asking for a sizeable amount to be paid in bitcoins. The CEO and CFO were alerted and, after a short period of mild panic and discussion, they called Abtech for advice.

Fortunately, they were signed up to our StorTrust Backup and Disaster Recovery (BDR) services. The service uses Quest Rapid Recovery software that is configured to take snapshots of their systems every 30 minutes (it can take Snapshots every 5 minutes, but this customer preferred every 30). The data is then replicated to our StorTrust cloud data center in Nevada, for disaster recovery purposes.

The StorTrust engineer checked the logs and found that the last good backup happened 5 minutes before the ransomware attack. This meant that we would be able to recover the data to a clean file server and the client would only lose 5 minutes’ worth of data.

The client agreed and we restored their infected server from a clean backup. The user’s system was also reimaged and data restored from the backup. The whole process took less than an hour and no ransom was paid.

If the infection had been more widespread, we would have elected to spin up their critical systems in our cloud, using the replicated good backup, so their users could continue working, while we cleaned and restored all their infected systems.

If you want to know more, please give us a call or download our ebooks on Disaster Planning and How to Deal with a Ransomware Attack

 

recoveringcompanydatafromransonware.png

Disaster Recovery Planning

Disaster Recovery Planning

Disaster Recovery (DR) and Business Continuity (BC) plans used to be reserved for large enterprise level companies. Disaster Recovery and Business Continuity provision required a very large budget and often included cold or hot sites, expensive replication software and duplicate equipment ready to go in case the worst were to happen. Not only is this equipment expensive to purchase and house, it also needed staff with the knowledge and time to both manage IT and regularly test it. Face it a disaster recovery or business continuity plan that isn’t tested, is unlikely to perform well when a real disaster strikes.

Disaster recovery as a Service (DRaaS) advances has brought the cost of developing and implementing a Disaster Recovery or Business Continuity solution down to the point where it can fit into nearly any size budget. Even so, planning for both Disaster Recovery and Business Continuity is still best done by partnering with experts in the field.

A proper Disaster Recovery or Business Continuity plan needs to meets some key criteria for each organization.  The criteria will depend on their individuals need sand their business model. The easiest starting point when creating a plan is to consider the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) requirements for your critical IT systems.

RTO:  How long your critical IT systems can be down before your company starts to incur unacceptable consequences.

For most companies this time frame will range anywhere from 8-24 hours, allowing for one business day of downtime. RTO can also be broken up into different categories for your resources. Mission Critical services (like email, human resource applications, customer facing applications and phones) may have a shorter time period, needing to be brought back up within just a couple of hours, while other resources it may be acceptable to be down for a day or more.

RPO: How long you can afford to roll back to and lose any data added or changed during that time.

RPO is how much data loss a company can handle at any point in time. For example, if your main file server goes down how much data would be lost since the previous backup? Services that have a high rate of change for their data, like database or email servers, will need a shorter RPO. Services that have little data change, like web servers, can be fine with a longer RPO. With these two objectives in mind, you can begin to create a disaster recovery plan that will keep your company operational.

Once the RTO and RPO have been decided upon the next step is to decide where and how you will bring your services back up. It is also worth pointing out that achieving a shorter RTO and RPO often means a higher cost for the service.  So available budget needs to be considered. For companies that do not have an enterprise budget having a cold or hot site may stretch the budget too thin and lead to a site that does not meet the full requirements of the plan.

DRaaS and cloud based disaster recovery and business continuity solutions are available as a monthly service, which allows organizations to move the cost from a capital to and operational cost.  They are hosted and often fully managed solutions, providing the capabilities of a cold site without having to spend the capital to build one.

Cloud Backup.png

 

Even with a cloud disaster recovery or business continuity service, you cannot just set it up and forget it, then hope that it will work when a disaster strikes.  Just like a fire drill, it is important to regularly test the solution and also test your procedures for getting staff connected to the cloud service.  You also have to have a process in place for declaring a disaster and knowing who has the authority to do this. Returning your business back to normal, even if its a false alarm, can take time and effort.  it is important to work with a DRaaS partner who can help with the planning and design of the solution.  It is also important to work with a partner who includes a regular test of the solution and can help you plan for the test and also a disaster itself.

Abtech Technologies offers disaster recovery and business continuity services through their StorTrust brand, where we strive to provide a complete "white glove" service for every client. We partner with them through every step of their disaster recovery and business continuity process and make sure everything is thoroughly tested.  We want our customers to be able to sleep at night!

Utilizing industry-leading DR tools and software, StorTrust offers total disaster recovery service for your data and your critical computer systems in a single package. Built upon a Tier 3+, SSAE16 compliant data center utilizing the latest in security, StorTrust is a safe and secure location to store your data offsite for when you need it.  We can work with you to develop a DR plan that will meet your organization's requirements. We also include a yearly test with the service, so you don’t have to worry how you will handle a disaster, you will already know. Abtech has a team of engineers with years of first-hand knowledge of disaster recovery and business continuity planning. Our engineers will be with you every step of the way to make sure that your critical IT systems are up and running when you need them most.