25 years ago, I was writing some software for my father in law. Sometime during the process, my computer locked up and lost a bunch of work. The first time this happens, the experience is seared into your brain. I had to redo a bunch of work. Recoverable, but annoying. The painful process was made a bit worse because it was work I was doing for family.
The cost of lost data
Last week, a client of an acquaintance was struggling thru a ransomware attack. After discussing his options, it sounded like his client’s data is gone, not “just” encrypted. How would the rest of your week go if you found out right now that all of your company’s data is gone?
Think about what “all your data is gone” really means for your company. We’re talking about losing all of your data. Gone.
If you have a staff of people with a shared company calendar with appointments with clients – what would the impact be if the calendar was empty?
You might lose all of your accounting data. Imagine getting your books and taxes in order after a loss like that. While much of that data could be recovered from your bank’s records, you’ll still be missing important details.
Any activity that hasn’t yet created all of its financial transactions wouldn’t appear. The complexities of such transactions make it more difficult to reassemble the pieces, even from a bank statement. Imagine the invoices that don’t go out. Who has paid? Who hasn’t? The same thing affects invoices that come in for payment. Which ones have been paid? Which ones haven’t? Your customers who get invoices they’ve already paid will soon wonder what else you’re struggling with.
You might lose all of your sales and order data. That’d make it tough to calculate commissions, pay vendors, deliver orders and so on. What about your data used or created by manufacturing and shipping applications?
Losing all of your company’s data could be crippling, yet it happens regularly. You don’t often hear about it because no one wants to publicize such situations. It’s the same attitude that makes companies keep data breaches and hacks secret. These losses happen simply because not enough effort is put into making backups AND checking to make sure they work.
What does ransomware do?
Normally a ransomware event results from running a malware application or clicking on a link (or opening an email) that leads to installation of the ransomware. The bad part is that the ransomware encrypts all of your data and you can’t do anything with it unless you pay the ransom. In the case of my acquaintance, the loss was even worse – it didn’t encrypt the data, it erased it.
While ransomware (and charging a ransom) isn’t legal, companies with insufficient security, staff training, and/or inattentive users are victimized by ransomware every day. Few instances are reported because it’s embarrassing.
All it takes is one errant click on a legitimate looking website or email. The next thing you know, every computer on your company network could be encrypted (or just one).
Small price to pay
The company that lost their data had no backups. That’s right. NONE. The last time their data was backed up and stored off-premises 11 months earlier.
Fortunately, this backup was made by their developer or they’d have no backup at all. Ironically, the developer recently offered to setup backups for the client, but the offer was refused. Now he’s working to help them try and recover their data from the backup he made that will probably be the best shot they have to save their company.
If making backups and taking them off-premises sounds like hassle / cost you don’t need, I suggest you consider what your company’s worth. What’s it worth if all the data is gone?
My guess is the difference between those two numbers are worth the time / price of backing up your data. Maybe that’s the price of a monthly online backup service. Maybe it’s the price of an external hard drive or two. Either way, this small investment beats losing all of your business data.
Backup, take your backups offsite, educate your team on how to identify sketchy emails and websites – and help your staff with security software that can intervene to protect your assets. Your company’s worth it.