How to Have the Best Strategies in Place for Data Loss Recovery

Antwan Banks - April 27, 2023

Few disasters have more potential to cripple a trucking company than the loss of its data. Imagine not being able to make payroll, or losing all access to your invoices, or not having records on your assets or your customers.

Worse: Imagine not being able to get it back – at least not right away.

Considering the widespread risk of cyberattacks in the current environment, every trucking company needs to be prepared on two levels – prevention and recovery.

We talk a lot in this space about prevention. Today I want to focus on recovery. And this starts with having the right backup procedures.

Trucking companies need to understand something critical about the nature of current-day ransomware attacks: Once in your system, the ransomware will continue spreading and searching your system until it finds your backups and compromises them too.

Companies who have been hit by ransomware are sometimes shocked to find that the backups no longer work because the ransomware got to them. This is why it’s so critical to keep your backups offline and unreachable by ransomware attacks.

If your backups are on your system, they are at least potentially useless. Once the ransomware attack is complete, they could be gone as well.

That means your backups must be immutable.

Once your system has backed up the data, it has to live offline where the ransomware attack can’t get to it. You can do that the old-fashioned way with tapes, or you can do it by backing up your data to the cloud. Or you could do both. Mirroring your backups is one strategy to protect against complete disaster.

But you must have a backup that’s invulnerable to the ransomware. It may not be possible to back up absolutely everything, but at least make sure your critical datasets are backed up.

As you look toward the recovery phase, keep this in mind: How long can you afford to be down? If payroll is on Thursday and you lose your data on Tuesday, you need to be back up in two days. You must have protocols in place that can get you back up quickly.

You also need to think behind, by which I mean: How far back can your recovery point be? For some companies, the last two weeks’ worth of data might be sufficient. Another might say they need the past month’s worth of invoices.

This all comes down to how you use your data, and only you and your leadership team know that.

This is why it’s useful to conduct a tabletop exercise in which you bring your leadership together and run through various disaster scenarios. In such an exercise, you would actually simulate the process of knocking your system down, then work through the process for bringing it back.

What do you bring up first? Do you have to order new computers? How long would it take for them to arrive?

As you go through this scenario, you also need to consider whether your existing cybersecurity insurance is sufficient to cover what you’ll be dealing with. If an attack would knock you out for a week, and a week would cost you $1 million, do you have $1 million worth of coverage?

These are the kinds of issues the tabletop exercise is designed to help identify.

I hope every company in our industry is taking the preventive steps that would render all this completely unnecessary. I also hope every company in our industry is ready for what happens if an attack somehow still gets through. It’s not because the defensive measures available aren’t good. They’re very good, especially if they’re deployed effectively.

It’s simply because the cost of losing your data is too devastating not to have a backup and recovery plan ready to go if, God forbid, you need it.

Have questions? Contact me at antwan.banks@nmfta.org. I look forward to hearing from you.

Antwan Banks
Antwan Banks

Antwan Banks is an accomplished cybersecurity professional with extensive experience in various high-profile roles. He currently serving as the director of enterprise security for the NMFTA where he plays a pivotal role in educating the trucking and supply chain industry about the myriad of intricate security risks associated with enterprise networks. Prior to NMFTA, Antwan served as the director of cybersecurity at the Metropolitan Atlanta Rapid Transit Authority (MARTA), where he managed cybersecurity operations and built the Information Security Office to safeguard various systems and networks. Antwan's expertise also extends to his military service as a United States Army Lieutenant Colonel, where he oversaw IT and computer security projects in Germany and the Middle East and served as a military advisor to the Saudi Arabian military Chief Information Officer.