In past week we came to know about two distinctive business entities of Bahrain that were under ransomware attack. One is a grocery store having multiple outlets working 24X7. The other has multiple companies with about 5 stores. As usual an employee opened an email attachment that contained the software thereby opening up Pandora’s Box. The malware blocked user PC and somehow reached the business ERP system that is hosted on local server. Customer received ransom demand emails from the hacker. The customer called the ERP vendor for assistance. It was found that one customer backup data was 60 days old and the other customer’s ERP was never backed up. It is to be stressed that both these ERP were from vendors selling ‘world-famous” ERP for more than two decades in Bahrain.
We met one of the affected company as they are our existing customer for other products. We were asked to help restore the system. Our investigation led us to discovery that the ERP used by our customer does not have a feature to automate backup. It relied on user to do manual backup. We do not know about the other affected company. Our guess is that it also does not have such a feature.
It was very surprising for us to learn that business of this magnitude had overlooked such an important requirement whilst approving the ERP for production use. This is an integral requirement and a must-have of any business information technology system. This post is not going to discuss the root cause of the attack but what could be done if such an event takes place on the ERP that we offer to our customers.
Our ERP backup methodology
Internal Backups: The default frequency set for internal back is four per day. This can be increased or decreased as per client requirement. At any point of time 4 backup files of various timeline from past 24 hours are available. It is one backup every six hours.
External backups: Data is automatically sent to external storage facilities like Dropbox at a regular frequency per 24 hours. This type of backup would be needed is we are not able to extract the data from back-end system of our ERP.
Image backups: If the ERP is hosted on a Virtual Private Server then we configure the server to automatically do an image backup every day. This type of backup is like an automated backing up of entire computer at another location.
Manual backups: We train customer’s relevant staff to take manual data backup frequently. It is to be kept in a safe external location. This data can be used if all the above fails. However, the data can be dated but businesses can have good clean data.
SSL (Secure Sockets Layer): Our ERP is accessed through any web browser. It can be configured to be accessible from any location globally through desktop, laptops, mobiles or tablets. We are able encrypt the connection between user device and the ERP through SSL certificate. This is a method used to secure and encrypt sensitive information like credit cards, usernames, passwords, and other private data sent over the Internet. Website pages secured with SSL are those branded with the HTTPS in their URL address.
We have created 5 line of defenses to make sure business are not hit hard due to an attack on their system.
Our Plan of Action
Here is our Goto plan of action for instances of a ransomware or any form of attack that blocks access to ERP system.
Collect latest backup: If the ERP is hosted locally then we try to get the latest backup either from internal source, and if not accessible, then the external source backup. Key word here is “latest backup” to ensure business can restart from the closest point of time since the attack.
Make new ERP Instance: After formatting the affected server a fresh operating software is installed. This would clean up any ransomware/virus/malware that maybe residing on it. If issue found then a new hardware is recommended. A new ERP instance is then created and latest back-up is uploaded. And just with few clicks the business is back online.
VPS Image: The possibility of malware or any other forms of attack on virtual private server is remote. But we are ready for such eventuality. We can create a new slice of server at a new remote location in 5 minutes flat. The latest backup image is transferred to the new VPS instance. In reality making a new ERP instance out of a backed up image is much faster than local server. Once the image is set the only additional task is to correctly redirect the domain to new static IP. Users can now login with their existing ID without finding any change to the system. It is as if there was no serious breach.
It is of paramount importance that businesses in Bahrain understand that data has to be backed up. The cost of backup is negligible as compared to the trouble they find in extracting data from the corrupt hard disk. Plus the financial cost to the business. Backup is like an insurance, you need it when you need it. There is no predefined time for such eventualities. It just happens.
We always advise our customer to backup data at a regular frequency. It is repeated in every presentation/communication and is mandatory part of our installation process. Ensuring that our ERP has the right number of backups per day is part of our installation checklist. The pre-delivery internal quality check fails if system has not been configured for making automated backup.
How will businesses cope up with Bahrain Decree 48 (VAT) requirement of reporting and paying collected VAT if they do not have access to the information? Financial penalty for not reporting VAT information to concerned government department can be steep. It can lead to serious harm to the business. To be safe from such eventualities choose our ERP solution. Be secured in the knowledge that we have a total plan of ensuring your business does not suffer due to such eventuality. You can test drive our ERP here.
You will find this certificate on our demo server URL.