Читать книгу Networking All-in-One For Dummies - Lowe Doug, Doug Lowe - Страница 68

No matter how good your prevention measures are, cybersecurity events are bound to happen. A user will exercise bad judgement and click a link in a phishing email, an important security patch will be neglected and an intruder will exploit the resulting weakness, or someone’s password will be compromised. It’s bound to happen, so your cybersecurity plan must include recovery measures as well as prevention measures.

A recovery plan should also protect you against threats that aren’t necessarily malicious. For example, what if a hardware failure takes out a key file server and you lose all its data? Or what if there’s a fire in the server room? Disasters like this are unlikely but not impossible. For more information about disaster recovery planning, check out Book 10, Chapter 4.

The most important aspect of recovery is to plan for it in advance. Don’t wait until after a cyberattack has succeeded to start wondering how you can recover. Instead, assume that a cyberattack will eventually happen and plan in advance how you’ll recover.

The basis of any recovery plan is a good backup plan. In fact, planning for backup is an integral part of planning any network. I’ve devoted Book 3, Chapter 6 to this topic, so I won’t go into every detail here. But for now, know that backups must be:

 Comprehensive: Identify every critical server and data store in your organization and make sure it’s backed up regularly.

 Up to date: When you’re forced to recover from a backup, you’ll be rolling your business back to the date the backup was made. If that was three weeks ago, you’ll lose three weeks’ worth of work.

 Redundant: You should keep multiple copies of your backups, each representing a different recovery point. At the minimum, keep at least three generations of backups. That way, if the most recent set of backups doesn’t work, you can revert to the set before that and, if necessary, the set before that. A key factor to consider is that if your files have been corrupted by a cyberattack and you don’t discover the attack right away, your backups may contain copies of the corrupted data. You want to make sure that you have a good backup that was made before the attack occurred.

 Kept off-site: If a fire burns down your server room and your backups are kept on a shelf next to the servers, you’ll lose the backups, too. At that point, you won’t be able to restore anything.

 Offline: It’s not enough to keep backups off-site, they must also be offline. Backing up to the cloud has become popular recently, but keep in mind that a hacker skilled enough to break into your network and delete files on your servers may also be skilled enough to delete your cloud backups as well.

 Automated: Don’t rely on remembering to run a backup every Friday at the end of the day. You’ll forget. Make sure your backup processes are automated.

 Monitored: Don’t assume backups worked this week just because they worked last week. Monitor your backups regularly to ensure they’re working as designed.

 Tested: Don’t wait until the pressure of a recovery to see if your backups actually work. Regularly test them by restoring individual files and entire servers.

Here are a few other elements your recovery plan should include:

 Spare computers: If a cyberattack compromises one of your desktop computers, make sure you have a spare or two that you can quickly configure to quickly get the user back to work.

 Emergency disk capacity: Restore operations often require that you have plenty of spare disk capacity available so that you can move data around. Inexpensive network-attached storage (NAS; see Book 3, Chapter 5) may fit the bill, but keep in mind that this type of storage is very slow. If you rely on it, you may find that it takes several days to recover multiple terabytes of data.

 Communications: In the midst of a recovery from a cyberattack, it’s vital that you communicate with your users. They’ll need to know what’s going on, how long you expect the recovery to take, and so on. Unfortunately, this communication may be difficult if the normal channels of communication — such as email — have been disrupted by the attack. So, you should plan in advance for alternative methods of communicating with users, such as cloud-based communication platforms like Teams or Slack.