Cyber Security



Backups

Backups are to information technology, as seatbelts are to cars. You don't need to rely upon them very often, but if you don't have one when you really need one then things turn very bad, very quickly. And a poorly functioning one is pretty much useless!

For many people, backups are something to turn to if you make a mistake and need to restore a file back to a previous version. For others they are only needed when your hardware takes a nose dive. And yes, they fill both of these role perfectly. But now, with the ever increasing threat of ransomware attacks, your backups may be necessary for a quick and cheap recovery. The more that companies resort to paying the ransoms, the more attacks everyone is likely to have to endure. And ransomware attacks aren't the only threat of course. Aggrieved employees can pose a very real problem. Not to mention this, that, the other. Many of these threats are completely out of anyone's control, and so backups are your "get out of jail free" card. They are not optional.

I use OneDrive/DropBox/GoogleDrive which makes a copy of my files in the cloud AND on my computer, this is a backup isn't it?

Partially. Whilst you could indeed argue that this is a backup in the event of hardware failure, it absolutely isn't something that you could turn to in the event of a ransomware attack. Due to the way that ransomware works and how these cloud storage applications are usually configured, the moment that ransomware encrypts a file, this change is then immediately replicated to the cloud storage location.

I have a portable hard drive which I leave plugged into my Window laptop, and I have configured File History. Is this good enough?

This is better than nothing, but again a ransomware attack could render the drive contents completely useless. Generally speaking the ransomware would scramble the configuration data meaning that it could not locate the files required. If you are just going to rely on File History, don't leave the drive permanently plugged into your computer. This way, during a ransomware attack the drive contents would not be affected. Plug the drive in once every so often, perhaps whilst you are having your lunch, and make sure you are not opening email etc. whilst the process completes, and then disconnect it afterwards.

The last time I tried to restore from a backup, the media was useless! Why should I bother?

This is extremely common. Not only do you need to perform backups, you also need to regularly test them. Obviously if you are responsible for banks of servers used by thousands of users then you absolutely must have a regular process in place for performing a "bare-metal" restore of each and every server on a rotating basis. But if you just have a few users then even restoring half a dozen files once a month could well be the difference between your company sinking and swimming after a ransomware attack. And rather than just having one portable hard drive, why not invest in a second, doubling your chances of a successful recovery! Many of my clients have dozens of separate removable media. For example they might have 8 covering backups for 2 weeks on Mondays to Thursdays, 5 for backing up on Fridays, and 6 for backing up at the end of the month.

Posted 09/12/2021