Deciphering Cloud Store Could be Your Saving Grace from Disaster

Don’t let years of confidential client data walk out the door

Matt Burke

Jim Hunt (left) credits Christophe Réglat and his experts at Coaxis International with rescuing Moore Communications from a cyber attack nightmare.

Deep inside a non-descript concrete bunker surrounded inside and out by Vegas-level security, Christophe Réglat, president and CEO of Coaxis International, shakes his head as he ponders the power of denial.

“People think it happens to others. They think, ‘It’s not going to happen to me,’ ” Réglat said from his Tallahassee headquarters.

He’s referring to disasters — the natural kind and those perpetrated by data thieves. In either case, you can lose priceless files of valuable confidential information that just can’t be replaced. And if you don’t have a properly maintained and secured backup somewhere, it’s game over. Réglat said that in this fully digital age, 80 percent of companies that have lost everything end up going bankrupt. 

“People don’t realize you can’t go back to your storage room where you have paper and get it back,” he said.

Fortunately for Jim Hunt, vice president at Moore Communications Group, Coaxis — a top-tier IT provider of private “cloud” storage and security — was their backup when an incident last spring shut the whole company out of 20 years’ worth of irreplaceable (and priceless) files. Hunt said the company used to have servers on-site until just a few short years ago when they contracted with Coaxis to be their private “cloud.” 

“Our entire network, everything we do, is on the cloud. Literally. We have no servers in-house. Everything is off-site,” Hunt said. They went into the cloud, he said, to reduce the cost of equipment and maintenance and to prevent losing everything in the event of a disaster. 

In this case, the disaster arrived in the form of “CryptoLocker,” a “ransomware” computer virus that sneaks into a network and encrypts every file it can get its grubby little digital fingers on. When an employee turns on his or her computer, they’re greeted by a sinister message that informs the user they either pay up and receive a key or lose their data forever. The message is even accompanied by an ominous countdown clock. 

According to an alert from the U.S. Department of Homeland Security’s Computer Emergency Readiness Team, a 2012 survey by the anti-virus software company Symantec showed just how profitable such a bug is for the bad guys. Using data from a “command and control” server of 5,700 computers compromised in one day, Symantec estimated that about 2.9 percent of those users paid the ransom. At an average ransom of $200, the bad guys were able to bring home $33,600 for one day’s work, or $394,400 per month, from a single C2 server. This success spawned various forms of ransomware, and more destructive and lucrative versions like CryptoLocker were introduced in 2013. According to DHS, some versions encrypt not just the files on an infected device but also the contents of shared network drives. The files are rendered useless until the hostage-takers receive a ransom within a 72-hour timeframe.

Hunt said this is exactly what happened one morning at his office. An employee opened up a laptop to begin work only to discover something had gone very wrong. CryptoLocker had locked up every file they had. A message popped up indicating that they had a limited amount of time to pony up a king’s ransom in return for a decryption key — or else. 

Fortunately, there was no need to pay the IT kidnappers. Everything was safely and securely backed up a few miles away at the Coaxis facility. By lunchtime everything was restored — an amazing feat considering the massive number of files and records.

“Imagine what you would do if you didn’t have a good backup,” Hunt said. “If we lost anything, we lost time. It was nothing short of a miracle. Had our servers still been in-house and we’d been responsible (for fixing it), we would be at the mercy of whatever our last backup was and hope that the mechanism and technology was working.”

A couple hours of lost time is nothing compared to the disaster that could have been, Réglat said. Companies that live and breathe by their data, and are required to maintain compliance with confidentiality regulations, can’t afford to have “downtime” or compromised security. This is especially true for CPAs, law firms, doctors and medical offices.

“When you think about it, it’s not your company’s info that has been hacked. It’s your client’s info,” he said.

They have migrated from a paper environment to a digital environment, and that digital environment has to be protected. We have seen big problems when people have lost their data, and it is not a joke. It’s a real thing, and if they think it’s not going to happen to them, they need to rethink that.”

Réglat said that viruses have always been the bane of computer users. In the case of Moore Communications, the Cryptolocker bug was traced back to a Gmail account.  But there’s another type of data theft to be aware of: social hacking. This doesn’t have anything to do with social media. Social hacking takes place when the bad guys bypass firewalls altogether and decide to show up in person to rob your data. 

“This is big. Social hacking is done by extremely intelligent hackers. They’re very intelligent people. They’re not idiots. If they want to get in somewhere, they’re going to get in somewhere,” he said. “Nowadays everybody has firewalls and stuff like that. These people know they’re not coming in through the network. So what do they do? They’re going in physically.”

So, rather than beat a machine, social hackers attempt to exploit human fallibility. They pick a mark and case the joint to discover what cable or ISP or other data service provider the mark uses. Then, they go online and recreate a badge. Next, they take their laptop and proceed through the front door. All it takes is a less than discerning receptionist and they are “in.” The impersonator says something like, “We got a complaint that your Internet is slow. I need to look at your server.”

“So, you get in and you hook in and people don’t pay attention and you leave with the data,” Réglat said. “You have to teach people to be aware. It’s the little things that people don’t realize.” 

Hackers aside, it pays for a company to make sure that any backup they do on their own actually happens. They don’t necessarily have to be clients of a cloud service to do this, according to Rick Gargan, CMO of Coaxis. It can still be an on-site server — you just have to make sure the data is removed from the premises every night and downloaded to an off-site backup. It can mean the difference between going to work the next day or closing shop. A disaster can happen and you think you’re safe only to later experience a groan-inducing discovery that your info wasn’t backed up properly, he said.

For example, Gargan recalled the time an insurance company that was not a client asked Coaxis to help recover some lost information. 

“It’s a perfect example of you think you’re covered and doing the backups but when you go to get the information out, the backups really didn’t exist,” he said. “And what was backed up was irrelevant to the business. There wasn’t anything to save because the backup wasn’t being done appropriately. Nobody was ever confirming the backups were completed and that the content they needed to have was there. We have since moved them to hosted services and have put their mind at ease.”

Gargan noted that when Coaxis clients have had issues, they have been able to recover what was lost thanks to the hosted services. 

“Most of those have either had servers on site that have crashed or have had viruses, but in those cases Coaxis has been able to step in and save everything in all those instances,” he said. “Most of them were current clients, but one was in the process of transitioning the IT to Coaxis.”