Data Backup & Recovery Plans Can Protect Your Organization from the Consequences of Ransomware Attacks

Ransomware is one of the most prevalent forms of malicious cyber-attacks facing businesses today. “The advent of new tools that wrap victims’ data with tough encryption technology, hard-to-trace digital currency like Bitcoin, and even online sites that offer to do the data ransoming in return for a piece of the action, have made this method of cybertheft much easier,” reported the NY Times. AAFCPAs advises clients to develop a Data Recovery Plan, including regular data backup, which may allow you to restore your data without paying a ransom, and without affecting business continuity.

To create an effective data backup and recovery plan, AAFCPAs’ Business & IT Advisory practice offers the following key considerations:

  • How much, and how often should we backup? The frequency and breadth of your data backup must be determined by your business needs. This should include incremental daily, along with full monthly backups.
  • Where should the backup reside? Your backup can be stored locally, but another copy should be stored at least 50 miles away from the location the live system(s)/original backup resides. Cloud-based backup systems are a great solution, but providers must be properly vetted. AAFCPAs advises clients to ensure the Cloud provider has its own disaster/recovery plan which guarantees your backup would be available in the event the provider also has a disaster. In either case, backups need to be encrypted so only appropriate persons can decrypt and use them.
  • How long should we retain our backups? Unfortunately, in some instances, ransomware (and viruses) make it into backups. We recommend redundant data file backups, usually more than three months, which will allow your organization to restore from a clean backup point. This is especially important for mission-critical data.
  • How do we know if we are restoring safe files? Make sure you have someone knowledgeable assess the restored system, including applications, to ensure the restoration is fully functional and data is not corrupted. Additionally, AAFCPAs recommends that clients test their backups periodically to ensure the data is usable. For example, the finance department may spot check the backup by running a compare against the live financial system to ensure data accuracy. These quality control tests are best performed by users transacting with the backup data.

AAFCPAs also encourages clients to consider moving into a virtual machine (VM) environment, as VMs are easy to re-generate. System administrators can take an image of the system once in a business desired state, which along with application specific backups can substantially decrease system restoration time, and minimize disruption.

In honor of October being Cyber-Security Awareness Month, AAFCPAs would like to take this moment to remind our clients again of the critical importance of taking measures to protect against malicious cyber-attacks. AAFCPAs advises clients to take a disciplined approach to cyber-security in order to better guard against, and minimize your organization’s risk of becoming a victim. Data Backup & Recovery Plans are one tool that can help protect your organization from the consequences of ransomware attacks.

To schedule a cyber-security assessment, or for specific advice on how to best protect your organization against cyber-attacks, please contact James Jumes at 774.512.4062jjumes@nullaafcpa.comVassilis Kontoglis at or your AAFCPAs partner.

Related Post: AAFCPAs encourages clients to learn how Installing Patches Immediately Helps Protect Your Organization from Cyber Vulnerabilities.

About the Authors

James Jumes
James joined AAFCPAs in 2013 to lead the Business Consulting Services practice. He has more than 25 years of experience working with information technology systems and diverse business operational processes. James is highly experienced in IT controls and assurance, SOX 404, and Service Organization Control (SOC) reports: SOC 1 (SSAE 18), SOC 2, SOC 2+ and 3 attestation reporting.  James developed a unique methodology to delivering SOC reporting services, and he is an AICPA-approved Peer Review SOC Specialist, assisting peer review teams to review SOC 1, 2, 2+ and 3 engagements. He is a HITRUST Certified Common Security Framework (CSF) Practitioner, providing HITRUST CSF self-assessment consulting, or SOC 2 + HITRUST for assessing against the evolving compliance landscape shaped by HITECH, HIPAA, CMS and various other federal, state and business requirements.
Vassilis is a leader in AAFCPAs’ Business Process & IT Consulting Practice. He has 20+ years’ proven experience providing business intelligence, productivity, information risk management, and cybersecurity solutions. He is a critical resource in keeping clients and the firm on the forefront of transformative technologies while mitigating risks that come along with these advancements. Vassilis leads the delivery of Robotic Process Automation solutions at AAFCPAs. He understands the unique requirements to achieve RPA success, including proper design, planning, implementation, and governance. He works collaboratively with clients and cross-functional teams, and leverages his deep understanding of enterprise information systems, business logic, and structured inputs to automate rote processes and increase operational efficiency. Vassilis is also the leader of AAFCPAs’ automation center of excellence (CoE), an internal team that streamlines automation output, provides structure, and helps scale automation through the firm.