Ransomware and disaster recovery plans
Disaster recovery is a basic element of good business continuity planning. Business continuity planning refers to the broad range of plans created so that a business–that includes contact centers–can continue to be operational no matter what negative event might occur. Business continuity planning addresses severe, catastrophic events, loss of the CEO, director, or other principals in the organization, severe natural disasters that incapacitate a physical location, etc. Disaster recovery planning is one piece of this broad planning. Specifically, disaster recovery plans refer to how to quickly recover from some event that compromises your IT infrastructure.
In general, smaller centers–which often have no IT support staff - will utilize the services of a managed service provider to develop disaster recovery plans. One piece of your disaster recovery planning needs to address how the contact center can protect its data from a ransomware attack. Unike more well known viruses, ransomware doesn't just access your data, it locks it down so it is unusable. The business model behind this approach is simple: they are betting you will have no segregated backups and will be willing to buy back access to your data.
The only real defense against a ransomware attack is offensive. Just routinely making backups of your data may not necessarily protect it from being held hostage. Talk to your managed service provider about the design of your backups and how they are structured so you will always have a “clean” copy of your data. If you want to defeat the designers of ransomware, your only real solution is to have uninfected backups. As long as you have these, you can simply refuse to pay the ransom. In the case of this virus, offense is the only defense that will keep your business data safe.
The most important thing you can do to make sure your data cannot be held ransom is strictly adhering to a regimen of backups. Routine backup your data. However, even backups may not be foolproof. If your data has been infected and you are unaware of it, or the backup is not segregated from your network, your backups may also be corrupted. Given the severe consequences of a ransomware attack to a contact center, consider having a security evaluation done by a managed service provider who will have the security expertise to advise you on the best backup protocols for your situation.