Let’s face it, nobody really wants a disaster to occur, but they do anyway. It doesn’t matter if it’s a tornado, flood, hack, ransomware attack, or whatever the flavor of disaster, your office needs a plan created in advance.
I’m sure many IT teams would love to test backups, but for many teams, it’s entirely unreasonable. I’m sure your team would love to look at every single patch and evaluate implications on your network (note: all patches may not be compatible with your network. Your IT support team needs to carefully evaluate these patches).
Often times, your internal team will have to decide between an exchange server upgrade and rolling out performing a disaster recovery and restore test. Since exchange is critical to everyone on your team, it wins out every time. But without a bare metal restore test you never know whether or not your hospital will be able to recover from a disaster—like one of those ransomware attacks every one of us has heard on the news.
Today, I want to give you some easy checks to ensure you’re doing everything to keep backups working for your hospital (and to, more importantly, keep those backups secure—EVEN if you have cloud-based backups).
Backup Checks:
Set deadlines—since your IT team likely faces all sorts of activities and responsibilities day in and day out, setting deadlines for activities related to critical infrastructure, like backups, is critical to ensuring everything is working the way you expect it to. Maybe once a week, every month, do a test of the currently saved data by restoring a small number of files or folders to a machine. This will help ensure that the data you restore will be usable. You’d hate to wait for a real emergency to restore the data and realize that it is unusable or corrupted. Schedule times in your calendar on a regular basis to review your backups (do more than simply checking that a report looks the way you expect).
Test your backups are working—once a backup has run, you might rely on a report that says a backup was successful. What this really means is that something was backed up. But how can you be sure that the backup really worked?
At very least, look weekly at the size of the backup files. If they are smaller than expected, something is wrong. Don’t trust reports. Roll up your sleeves and try restoring something from backup to make sure that actual usable data is on your backups.
Create a full step by step checklist of how to restore data from backups—if you don’t do this consistently or don’t have a process to get you from backup to full recovery, consider taking an afternoon to put together a checklist that walks through every single nitty gritty restore step. Even with data in your backup, unless you have a clear process for restoring that data (which takes into account your entire network environment), you may be days or even weeks until staff are completely up and running post- network failure.
To summarize:
More than three quarters of hospitals we’ve evaluated fail to have secure backups. Most hospitals get into hot water when posed with a ransomware attack because their backups either did not work to recover them or were encrypted by the virus (EVEN cloud-based backups!).
Are you sure your backups are working? Contact Us TODAY for a free ransomware vulnerability assessment!