, , , ,

Ransomware Backup Protection | 2 of 2

Part One | Part Two

Ransomware Backup Protection: There is nothing quite like an incident infecting hundreds of thousands of computers globally to bring a problem into rather sharp focus. Ransomware has been with us for many years. We’ve seen a number of customer cases that prove it’s possible to survive these attacks. Without having to pay. in 2017 there have been two major ransomware attacks, WannaCry and NotPetya. As the ransomware threat continues, it’s imperative to understand how you can protect your business against ransomware. Having a strategy is a really good start.

Get a Ransomware Backup Protection Strategy

A ransomware protection strategy requires at least three elements, education, patching, and backup.

  • Educate: Education of your users and your Administrators is essential to protect your business from ransomware. It’s critical that your staff and stakeholders understand what ransomware is and the significant threat it poses. Provide your teams with examples of suspicious emails. Empower them with clear instructions on what to do if they encounter a potential ransomware lure. For example, don’t open attachments, if you see something, say something about it. Conduct quarterly formal training to inform staff about the risk of ransomware and other cyber security threats.
  • Patch: Antivirus software is essential for any business to protect against ransomware and other cyber risks. Ensure your security software, and all critical software elements, such as operating systems,  are up to date. Keep all business applications patched and updated to minimise vulnerabilities.
  • Backup: Snapshot-based incremental backups, as frequently as every five minutes, to create a series of recovery points are a feature of modern total data protection solutions. If you suffer a ransomware attack, this allows you to roll-back your data to a point-in-time before the attack. The benefit of this is two-fold. First, you don’t need to pay the ransom to get your data back. Second, since you are restoring to a point-in-time before your systems were infected, you can be certain everything is clean and the malware can not be triggered again.

Ransomware Backup Protection for Business Continuity

Survival requires preparation before an attack. Data protection technology, and ransomware backup protection best practices, are critical for mitigating the damage that ransomware attacks can inflict the Business Continuity of organisations. The possibility of getting ‘hit’ by ransomware are really rather high. And it’s not getting any better. It’s obvious backup is one line of defence against ransomware.

Most Government organisations recommend backing up frequently as a way to beat ransomware. The UK National Cyber Security Centre recommends you verify the integrity of backups and secure the backups. Ransomware backup protection is best when they are maintained offline from the production environments, because the ransomware viruses can corrupt backup copies, as well. Snapshots and replication can be vulnerable to time-delayed ransomware attacks.

The National Cyber Security Centre has recently updated it’s advice regarding backup in NCSC: Basking up your Data. It is reasonable guidance, which hopefully the NCSC will expand upon in the future. In broad terms:

  • Identify what data you need to back up
  • Keep your backup separate
  • Consider the cloud
  • Read our cloud security guidance
  • Make backing-up part of your everyday business

Ransomware Backup Protection with the Cloud

Data protection vendors, such as Datto, have been adding features that will protect against ransomware. Storage vendors are also providing reporting tools that can help protect against ransomware by alerting users of anomalies occurring within files. The use of pattern detection on data and files alert administrators of unusual encryption levels, so they can intervene and limit the damage.

Serviceteam IT  use a number or vendors and solutions in order to protect customer data, not only for the last line of defence against ransomware, but also to provide seamless Business Continuity. Our primary solution recommendation for small businesses is the Datto ALTO. Datto ALTO is the only continuity solution designed specifically for small business. Using image-based backup, and a hybrid cloud model, ALTO delivers enterprise-grade functionality at a small business price. The ALTO easily protects any physical, virtual and cloud infrastructure running on Windows, Mac or Linux. Spin up lost servers in seconds without the need for additional tools.

Backup automatically on schedule to a local device, and replicate backups to the Datto Cloud. Recover granular data quickly from multiple points in time, and use Datto Cloud virtualisation to get back to business in minutes. Get more than just one server back up and running; virtualize your entire Infrastructure with the click of a few buttons. Be back up and running as fast as the images can boot in Datto’s Cloud. Once the crisis is past, ALTO makes it easy to get back to normal operations. Say goodbye to business down time, and hello to fast and easy business continuity all in one product.

In 2016, Datto released the first ransomware backup detection in the industry, as part of its Total Data Protection solution. Ransomware, like most illicit software, leaves an identifiable footprint as it takes over a server, PC or laptop. Datto devices actively monitor backups, and when a ransomware footprint is detected, it notifies admins that they have a likely ransomware attack on their hands. From there, recovery is simply a matter of restoring from a previous backup. Stop worrying about ransomware and get back to business fast with Datto Ransomware Backup Protection.

To learn more about what you can to do avoid losing your data, check out our brochure: Business Continuity.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , , , , ,

Business Continuity helps BanaBay Grow

Midlands-based Cloud specialists Serviceteam IT support a flourishing organisation. Providing Office 365, Internet, IP Telephony, Business Continuity and IT Support for industry-leading grower, BanaBay.

Serviceteam IT, based in Birmingham, have confirmed the fourth consecutive year with BanaBay. Having delivered an initial fibre connection, services now include. IP Telephony, IT Support, Office 365 Support, Cloud Backup and Business Continuity.

What do we do?

  • Business Continuity: Infrastructure failure, user error, Ransomeware & Cyber Attacks or simple acts of God have dramatic affects upon any business. Serviceteam IT have implemented industry leading Datto ALTO for Banabay. The Datto ALTO is a fully featured complete data-protection platform. Providing enterprise grade business continuity at a small business price. Faster backups, faster restores, and superior recovery times, seamlessly addresses complex data protection use cases right out of the box.
  • IP Telephony: BanaBay required a flexible telephony system that could scale with the business. Communication between multiple countries can quickly become costly. BanaBay is a global business, in a competitive market and therefore cost is an important issue. Serviceteam IT solved their communication issues by sourcing and overseeing the installation of an IP Telephony system. This allows their staff to communicate seamlessly across the globe. And at a fraction of the cost of a traditional phone system.
  • Internet: Access to the Internet is important to BanaBay, ensuring that a robust Internet connection is available. Unexpected downtime was affecting the productivity of the business. Serviceteam IT solved their connectivity issues by sourcing and overseeing the installation of a high availability fibre Internet connection. This allowed the global workforce to connect to the resources they required on demand 24/7.
  • IT Support: A specific challenge was managing all of the businesses IT assets, and dealing with the day-to-day issues of technology. All without having to establish an IT department. Serviceteam IT implemented a dedicated support plan, allowing BanaBay to outsource their day-to-day IT problems. Enabling them to concentrate on their core business. IT Support costs are reduced with on-site self service Appliances. Functions such as self-service password management for all of their diverse services, user & service logging, asset management and network monitoring.
  • Office 365: The final challenge was that of enabling collaboration between multiple staff, in multiple sites, across the globe. Getting them access the resources they needed, as and when required. Microsoft Cloud Productivity Partner, Serviceteam IT enabled BanaBay to take advantage of the latest cloud-based productivity software, Office 365. This allowed their staff to communicate via email and Skype for Business, share and edit documents in real-time. Enabling effective collaboration between employees.

About BanaBay

BanaBay specialises in the production of premium quality fruit, with employees worldwide. Communication is therefore fundamental to the successful operation of the business and Banabay is dependent on having a robust and resilient IT infrastructure. After several years of rapid continuous growth, Banabay faced the challenge of applying the appropriate technology to support communication and collaboration within the business. The main areas that presented a challenge to BanaBay were telephony cost, internet reliability, IT support, collaboration capability and the absolute need for business continuity and disaster recovery.

“Serviceteam IT have been our IT support provider since the early stages of our business and helped us manage our technology as we have scaled. They take a holistic approach to technology to ensure that our current systems work for us while keeping us abreast of where our tech should be heading. They feel like part of the team and provide us with a number of IT services including outsourced IT support as they genuinely care about our infrastructure and our business.”

Mark O’Sullivan, Managing Director

Thank You

We’re proud to provide services and good value to our customers. We would like to thank BanaBay for giving us glowing recommendations to many new customers, including Substrakt and Rewired PR. If your organisation is moving premises or expanding, Serviceteam IT can provide a free, no-obligation network, cloud and communications consultation. Ensuring your organisation has the tools required, for the level of service needed.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , , , ,

Ransomware Backup Protection | 1 of 2

Part One | Part Two

Given the breach at the UK Governments leader in all things cyber security, the National Cyber Security Centre, perhaps now is a good time to discuss cyber security again, especially ransomware backup protection? As a little background the NCSC was opened to much fanfare by Her Majesty the Queen, and is headed up by chief executive Ciaran Martin, Director-General Cyber at GCHQ. The centre was announced by then chancellor, George Osborne, with £1.9 billion being made available for tackling cyber crime by 2020. Interestingly, the budget indicated an undisclosed amount to launch cyber attacks against terrorists and other countries.

To sum up, they have the right people, they have plenty of money, they have the full backing of government and industry. So why exactly do they not have a clue? The deliverables of the Cyber Security Essentials are, in my opinion, woefully inadequate, with the assumption of an organisations IT being in the 20th Century and not the 21st Century. By way of a simple example, their infographic regarding Password Guidance is nothing short of laughable. Such as, “Only use passwords where they are needed?” Passwords are a minimum requirement for every single element of an organisational network. No ifs or buts, which I said in Password, encryption and good Practice in 2015. I can’t stress enough the importance of Multi-Factor Authentication alongside passwords.

Why use Ransomware Backup Protection?

Using the recent WannaCry Ransomware incident as an example of how ransomware backup protection should be used, in October 2016 the NCSC published the guidance Protecting your organisation from ransomware. In the original guidance they recommended:

“Backups should be considered a last resort only, as the adoption of good security practices will mean not getting ransomware in the first place.”

Where I agree wholeheartedly with good practice to begin with, ransomware backup protection must form part of that. In mid-December they received feedback that “this line could be misinterpreted by a busy reader as”

“the NCSC does not advocate keeping backups”

Which therefore precipitated clarification, almost a month later! Backing up a bit, proving the Technical Director for Assurance has a sense of humour at least, although falling short of recommending ransomware backup protection:

Just to be clear: the NCSC recommend organisations use backups as a way to help mitigate against a wide range of potentially catastrophic problems, such as fire, theft, flooding, and – naturally – ransomware. Our intention with this paragraph was to note that whilst a backup can help minimise the harm that a ransomware incident causes to an organisation (assuming the backup is current, and is not able to be compromised itself by the ransomware), backups shouldn’t be seen as the primary defence against ransomware. Backups are a last resort, rather than a primary protection. It’s better to design and operate your systems in such a way as to minimise the chances of ransomware gaining a foothold, and to use backups as a mitigation should this occur.

Right then. Ransomware backup protection is good, according to the NCSC. In part two I’ll dicuss what to backup, and how to backup, whilst still wondering that perhaps the undisclosed element of the £1.9 billion was the greater proportion of the pot. And constantly looking over my shoulder, as I’m probably on a list, because of Britain’s nuclear submarines at risk of same cyber attack that crippled the NHS say experts on 21st May. The 36 page follow-up report, released by BASIC last week, HACKING UK TRIDENT: A Growing Threat makes really interesting reading.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , , , ,

Leased Line Connectivity: What is it?

If your organisation needs connectivity to support business critical data and applications, it’s important to find a solution that works for you, and a leased line connection is often part of that. Leased lines provide connections between networks that require data to ease communication. This could mean they connect offices to the Internet, or to other geographically distant offices and sites, or they might even carry telephony data such as a call centre.

In short:

A leased line is a dedicated, uncontended, symmetric, resilient data connection often used by businesses or distributed organisations.

Since that contains a lot of technical jargon, let’s run through those terms individually:

Leased Line Features


Dedicated

This means your leased line connection is solely used for your data.

This is important for two reasons. Firstly it’s better for data security as your data doesn’t travel on public routes. But it also means other users don’t affect the quality of your connection.

Uncontended

Contention ratio is the maximum potential demand at any one time, over the actual available bandwidth.

Often with shared Internet connections such as home broadband there are peaks and troughs in terms of bandwidth. You may notice in the evenings that Internet seems ‘slower’. The higher the ratio, the more likely that your connection will be affected and ‘slowed down’ at peak times.

A dedicated leased line will have a 1:1 contention ratio. This means that the provider can guarantee a fixed speed or bandwidth, regardless of the time of day.

Symmetric

This means the downloads speeds are the same as the upload speeds. This is useful for a number of common activities such as:

  • Online Backups
  • Desktop as a Service
  • Video Conferencing
  • IP Telephony
  • Uploading large files

Additionally, leased line connections usually come at higher bandwidths than ordinary connections with up to 10Gbps capacity available.

Resilient

Resilience means that the connection doesn’t go wrong, and if it does, it has the ability the quickly recover. Most leased line connections have around 99.99% uptime. That’s about 60 seconds of downtime a week.

If your organisation is dependent on connection to the outside world, then it is vulnerable if this connection is lost. Having a connection with resilience mitigates this and provides business continuity.

A resilient leased line solution will ensure there is no single point of failure. This can be done by incorporating secondary lines to increase diversity, which means using multiple providers, fibre routes, and entry points. If connectivity is at the forefront of your operations, then a diverse leased line solution provides much better protection against interruptions or outages.

Leased Line Benefits


Save Time & Money

An improved connection provides an excellent return on investment, and enables organisations to take full advantage of cost-saving cloud services. Additionally the increased resilience of leased line connections means that the impact of costly downtime is mitigated.

Improve Productivity

Work smarter, not harder. Every organisation is somewhere on the way to being on the cloud, if not already fully cloud based. Cloud based software and collaboration services improves the way people work, and link them more effectively to sites or customers located in other sites or even across the globe.

Security & Continuity

Enjoy peace of mind with secure private virtual cloud. Mitigate both cost challenges and migration risks with flexibility and ensure business critical functions stay online around the clock with high availability backed by SLAs.

How do you get one?


Serviceteam IT have enterprise solutions for organisations of any size. We offer scalability and flexibility that would otherwise be unavailable from legacy services, and deliver dedicated, secure, uncontended fibre connections for all your voice and data traffic. What Serviceteam IT offer is:

  • Extensibility – Our infrastructure can grow, adapt and scale to your business
  • Continuity – Network designed with contingency options for business continuity
  • Cost Savings – Do away with expensive hardware, switching, and set-up costs
  • Fully managed – Eliminate admin and billing headaches
  • Proactively monitored SLA – with up to 99.999% uptime
  • Maintainence – Hardware maintenance included in standard service
  • 24/7 Support – From a dedicated fault management team

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , , , , , , , ,

Office 365 Email Continuity & Disaster Recovery | HowTo

Email continuity is critical. Learn how to protect email with simple, and old hat, methods in tandem with Exchange Online for email continuity & email disaster recovery.

Email continuity & Email Disaster Recovery: I’m not sure if it’s just me, but there does seem to be an incessant whine regarding the demise of email. Usually from some thought leader or other, who quite possibly only reads his emails in Outlook and has never had to configure a monitoring service, a notification tracker or a Line of Business Application for email continuity.

Of course in order for humans to communicate there are many other channels available, such as Slack, which I use for notifications that I’ve arrived at the office, but not left;). Skype for Business too, which is our go-to application for video conferences, chat with end users and to see if someone is both sentient and available. I even have a mobile phone and an IP Telephony desk phone, plus FaceTime, iMessage, Zoiper and many more. There are those other things, such as Social Media, where I occasionally play in the LinkedIn pool. Personally, I prefer an actual face to face conversation, sometimes involving a pen and paper and a cup of coffee.

Declaring the demise of email is a rather bold, personally I’d say a little ignorant. Not merely because of the pervasive implementation in things that don’t actually get read, but also because it is still a mechanism where you can write something, attach something and consider something prior to sending it. Radical Group reports that approximately 205 billion email messages are sent per day.  That is 2,372,685 emails per second. I had to turn my phone sideways to calculate that. One of our own customers sends and receives several million emails each month. On balance, email is not about to cease anytime soon.

Why implement Email Continuity & Email Disaster Recovery for Office 365 Exchange Online?

Okay, email can sometimes feel like an annoyance, however, imagine if email were suddenly cut off? Most organisations rely on email to not only conduct day-to-day business, but to also ensure the wheels in the background are turning. Loss of email access or usability can not only slow productivity, it can also cost money.

I recently read a post where it was suggested that an emergency inbox in the cloud was an ideal solution in order to achieve email continuity. It’s not. Look at the numbers above. It would be impractical to have a days worth of the several million emails per month for one business delivered in to one big bucket. How would you make sense of them? What would you do with them if you could? Where would they be stored? When would you be able to restore them to the primary mailboxes? Whilst I’m not laughing and pointing at the idea, much, there is a far better solution.

MX Fallback for Email Continuity & Email Disaster Recovery for Office 365 Exchange Online

Aside from having a reliable, enterprise designed provider, such as Microsoft Office 365, I have to confess to being a little distrusting of any particular service as the only resource. The very nature of technology means it will break or cease to operate correctly for some reason or other and email continuity is too important to ignore.

MX, and the possibility of MX Fallback, was implemented in January 1986 in RFC973 and RFC974 and is perfect for email continuity with Office 365 Exchange Online. In simple terms, Mail Xchange was given a list, mail-1.serviceteamit.co.uk, mail-2.serviceteamit.co.uk and so on. Each MX can be given what is often referred to as a priority, but is in actual fact just an ordered list. Ordinarily your first entry is O, 1 or 10.

Adding MX Records to DNS

With Office 365 and Exchange Online there is only a single entry. Since the last update to Exchange Online the MX entry is in the form:

domain-suffix.mail.protection.outlook.com.

Prior to the previous update to Exchange Online the MX entry was in the form:

domain-suffix.mail.eo.outlook.com.

Both style entries work correctly and there are no current notices that the previous syntax will be deprecated.

For the purpose of fallback we want to add another MX record immediately following the main entry. For example our first two MX records are:

MX 0 serviceteamit-co-uk.mail.protection.outlook.com

MX 1 serviceteamit-co-uk.mail.eo.outlook.com

Our MX Fallback server records for email continuity and email disaster recovery are:

MX 11 mx00.1and1.co.uk

MX 12 mx01.1and1.co.uk

The first two entries. MX 0 and MX 1, are to our primary mail provider, Office 365 Exchange Online. Both of these records land on the same email servers and are of course not the fallback. The third and fourth entries are the Fallback servers. MX 11 or MX 12 will be chosen for delivery of email should either of the first two hosts not respond. There are a number of reasons the primary servers may not respond including network issues, DNS issues, DDoS issues, simply being offline and many others.

Adding recipients to the Fallback host

The simplest way to implement recipients is to enable a catch all on the Fallback server. Practically any email server has the functionality to receive at catch all, or catchall, denoted as *@serviceteamit.co.uk. This way any recipient for email disaster recovery,  firstname.lastname@serviceteamit.co.uk or random@serviceteamit.co.uk, will be delivered, albeit to one big bucket. The catch all instructions for 1&1 can be found here. A catch all is obviously not recommended as it’s merely a big bucket of email, the reasons not to have are outlined above.

The most sensible approach would be to add all users as mail recipients. All mail user recipients can be exported from Exchange Online as a CSV. Almost any mail server will support importing these users via the same CSV. You may need to alter the CSV headers.

In order to export your users:

1. Log in to your Office 365 Portal via https://portal.office.com.

2. Navigate to Admin and Exchange on the bottom-right of the page:
Exchange Online Admin for MX Fallback

 

3. Click on Mailboxes:
Exchange Online Recipients MX Fallback

 

4. Click on the three dots and select Export Data to a CSV file:
Exchange Online Export to CSV MX Fallback

 

5. A new window will have opened. Select the columns you wish to export, I prefer to select all of them. Then click Export:
Exchange Online Export to CSV Columns MX Fallback

 

You can now use this CSV file to import your user accounts in to your Fallback server as recipients for total email continuity with Office 365.

If you do not wish to import all users you can choose to only enable your highest priority accounts, whether they be individuals, groups, distribution or service accounts for monitoring and notification.

Once the accounts are imported you can now monitor the mail on the Fallback server in Office 365 Exchange Online in order to synchronise emails back to the primary account in Office 365 Exchange Online. This will ensure you have all the user emails in one place once the Office 365 Exchange Online service is available again. If I get time, I’ll update this post with the methods.

One final note regarding the MX Fallback method is that it is still subject to the availability of DNS, the Name Server for the DNS and the integrity of the Zone File. Please feel free to leave any comments you may have regarding High Availability DNS, in order to mitigate DDoS and Black Swan events. There are methods to almost completely protect your DNS integrity. Perhaps that’s for a future post?

In order to offer our clients complete peace of mind regarding email, we’re a Silver Productivity Partner with Microsoft and use Office 365 Exchange Online as the primary provider and select partners for Fallback and High Availability. Through our partnerships, you can choose from multiple service tiers to target specific security and email integrity requirements.

If you have any questions, or would like to speak to someone regarding Email Continuity and Email Disaster Recovery, please get in touch. Birmingham Research Park, 97 Vincent Drive, Birmingham, B15 2SQ. 0121 468 0101.