The IT system just crashed. What happened to bring the system down? Regardless of why, there needs to be a process in place to get this important data back with minimal business disruption. It’s time to shine a light on one of IT’s most fundamental availability processes, backups.

Example 1:  Hardware Failure

A business has hardware failure on a primary storage device. (This could be a hard drive, a RAID drive, or a flash drive.) After analysis, it was determined that the device was damaged beyond repair and all the data it contained is gone, including reservations, billing, and accounts receivable.

A plan is developed to replace the drive, and get the system back up. A replacement drive was installed but all upcoming appointments were missing and it was almost impossible to take new appointments. In addition, the last week of billings did not go out and were also missing.

The Impact:

Employees worked overtime to perform all work manually. Over the next 6 months, booking errors caused significant lost revenue and poor customer satisfaction which caused strain and customer loss.

How a cloud backup could have solved the problem:

If the company had invested in a daily backup, then a contracted service provider could have replaced the drive and restored the data. Once backup data was restored, daily manual logs could be added to what was recovered from the previous day before the crash. The impact to the business would be minimized. The company would still have to work manually for 1.5 days until the hard drive could be replaced and data restored, but that is much less than the six months of frustration without the backup in place.

Example 2:  Ransomware attack

A business is hit with ransomware attack demanding Bitcoin. The company has a second hard drive to duplicate critical data but that drive was also attached to the system and encrypted during the cyberattack.

The Impact:

1. The building remained closed for almost 2 weeks until a new system could be installed
2. Had to format all of their IT equipment and rebuilt the system and applications
3. Manually recovered data using overtime and temporary help over the next 6 months
4. Struggled for 2 years to supply records, financial information and maintenance information

How a cloud backup could have solved the problem:

The IT department could isolate the IT equipment and format the servers and storage. Then using the latest weekly backup kept encrypted on a cloud service, restore the system and all data to the previous week’s image. After that, only a minimal amount of data was missing and was recreated using overtime and temporary labor from paper documents. The impact was to close for 2 days until the system could be recovered and the data manually restored.

Recommendations:

1. Any business or person with critical data should make backup copies of that data
2. Backups should be made for system images as well as application data
3. The frequency of backup should be commensurate with the amount of change and value of the data.
   • In Example 1, daily backups would be ideal.
   • In Example 2, weekly backups are adequate.
4. Backups should be kept outside of the IT system being backed up, either on removable media that can be stored in another physical location, or by sending backup data electronically to a backup facility.
5. Backups should be encrypted if PII or PSI data is included
6. Backups should be scanned prior to creation and prior to recovery for all known viruses and malware

Want more information like this delivered straight to your inbox? Click the “Follow” button on the bottom of the screen and enter your email address.

© 2021 The Hartford Steam Boiler Inspection and Insurance Company. All rights reserved. This article is for informational purposes only and is not intended to convey or constitute legal advice. HSB makes no warranties or representations as to the accuracy or completeness of the content herein. Under no circumstances shall HSB or any party involved in creating or delivering this article be liable to you for any loss or damage that results from the use of the information contained herein. Except as otherwise expressly permitted by HSB in writing, no portion of this article may be reproduced, copied, or distributed in any way. This article does not modify or invalidate any of the provisions, exclusions, terms or conditions of the applicable policy and endorsements. For specific terms and conditions, please refer to the applicable endorsement form.