Ransomware Recovery: Fast & Secure | GBQ
Restaurant operators must be vigilant against ransomware due to its potential to disrupt operations, cause financial losses, and lead to data breaches, all of which can impact business continuity and undermine customer trust. The integrity of financial information is particularly at risk, as ransomware attacks can corrupt or permanently erase critical financial data, posing serious problems to shareholders, investors, and lenders. Therefore, it is not enough for operators to simply invest in preventive measures; they must also focus on building resilience. A resilient operation can effectively manage a security event and swiftly return to normalcy, minimizing the impact of such attacks. As we performed this year's financial statement audits, this also included obtaining an understanding of the company’s Information Technology General Controls (ITGC), which covers backup strategies and disaster recovery. Our questions covered controls for three Information Technology (IT) risks related to backup, disaster recovery, and business continuity:
  1. Financial data is not backed up regularly according to an established schedule and frequency.
  2. Availability or integrity of the financial data was compromised.
  3. Restoration of backups is unsuccessful or slow.
Ideally, you can answer "yes" to the following questions and present evidence to support it:
  • Is financial data regularly backed up according to a set schedule and stored off-site following the 3-2-1 rule?
  • Are there procedures in place to prevent data loss, and are these backups and recovery methods tested?
  • Are off-site backup restoration tests conducted to ensure file usability and integrity, and the results of these tests are documented?
  • Are tabletop exercises done to help management learn their roles in an outage?
It is not just about “passing” your audit but also about ensuring you are successfully protecting your business. The path to success in reducing those risks to an acceptable level is the adoption of a 3-2-1-0 backup architecture.

Components of the architecture

The 3-2-1-0 backup architecture is a best practice strategy for data backup and recovery, particularly effective for mitigating the risks associated with ransomware attacks. Here is a breakdown of what this architecture entails:

3 Copies of Data: Always have three copies of your data. This includes the original data and two additional backups. The idea is that having multiple copies reduces the risk of data loss significantly. If one copy is compromised, you still have two others to fall back on.

2 Different Media: Store these copies on at least two different types of storage media. For example, one copy could be on a local server, another on an external hard drive, and the third in the cloud. Using different media types reduces the risk that all copies could be affected by the same failure or attack.

1 Offsite Copy: Ensure that one of these copies is stored offsite. This means it should be in a different physical location from your main operations, such as in a cloud service or a remote data center. This protects your data from local disasters like fires or floods.

0 Errors: Regularly verify that your backups are error-free. This involves monitoring backups daily and performing restore tests periodically to ensure that the data can be recovered without issues. Backups are only useful if they can be reliably restored when needed.

Importance Against Ransomware

Ransomware attacks are a significant threat to businesses, as they can encrypt your data, rendering it unusable unless a ransom is paid. The 3-2-1-0 backup strategy is crucial for resilience against such attacks because:
  • Redundancy:  Multiple copies of data ensure that even if ransomware encrypts your primary data, you have backups to restore from.
  • Diverse Media:  Storing data on different media types makes it harder for ransomware to affect all copies simultaneously.
  • Offsite Protection:  An offsite backup ensures that even if your entire local network is compromised, you still have access to your data.
  • Error-Free Backups:  Regularly verifying backups ensures that you can rely on them when needed, minimizing downtime and data loss.

Questions to Ask IT Leadership or your Managed Service Provider (MSP)

To ensure your current backup solution aligns with the 3-2-1-0 architecture, consider asking the following questions:
  • How many copies of our data are maintained, and where are they stored?
  • What types of storage media are used for our backups?
  • Is there an offsite backup, and how is it secured?
  • How often are backups verified for errors, and what is the process for testing data recovery?
  • What measures are in place to protect our backups from ransomware and other cyber threats?
These questions will help you evaluate whether your backup strategy is robust enough to protect your business from data loss and ensure continuity in the event of a cyberattack or disaster. If you have any questions or need assistance in evaluating your backup strategy, please reach out to Doug Davidson or your GBQ advisor.