Why once a week backup is not enough

Backup is probably one of my favourite topics when it comes to data security. It’s relatively simple, it can save you from an unexpected disaster, it’s automated and in most cases, doesn’t require expensive or complicated setup.

Why backup?

If you own a car then you most likely have it insured because you never know what could happen due to your or someone else’s fault. You also probably have some form of health insurance in case you get sick or injured. Or not because you like living on the edge; I think you get the picture, insurance/backup is important and can save your butt without dipping into your hard-earned savings.

There are two kinds of people, “those who have had a storage failure and those who will have one in the future”.

3-2-1 strategy

What is 3-2-1 strategy you might ask? It means:

  • Having 3 copies of your data
  • On at least 2 different media
  • And 1 being offsite

This concept has been popularised thanks to Peter Krogh, a well-known photographer who wrote that there are two kinds of people, “those who have had a storage failure and those who will have one in the future”.

All-sercure-IT-Services-Data-in-cloud-joke

3 – Having three copies of your data

Many people underestimate this requirement because they think one is enough. True, one is better than none but what if it’s the one that’s connected to your PC/Server that got fried during last night’s storm and took the backup drive to the silicon heaven with it? Your data would be gone. There are dozens of other reasons why you want to have three copies, such as viruses, ransomware, malicious damage, corruption and theft among others. It’s understandable that this setup isn’t always possible but there are tools that can help you with your most important documents, such as BackBlaze, CrashPlan or Carbonite. I’ll talk about cloud backup storage in my next blog.

2 – Data saved on at least two different media

You could have your data saved one a computer and a different partition but they could be physically still stored on the same hard-drive which would exposed them to the same risk as the main drive. Good effort but not the smartest. You can pick up an external drive from Staples, Officeworks or online for less than a $100 that would cover all your data. For businesses, there are paid and far better and more efficient tools based on very precise matrix. I won’t cover them here as this is more about generic, sound backup principles.

1 – Keep one copy offsite

Off-site copy is important in case something happens at the primary site, whether it’s loss, theft, fire or aforementioned lightning that can fry your data. Literally. For home, you can use solutions like CrachPlan, BackBlaze or Carbonite that will keep your data safe and in the cloud.

One note: don’t confuse backup tools with synchronisation tools (Dropbox, Google drive, Sync and so on), they are not the same thing! If you delete file on your hard-drive, it gets removed in your cloud storage immediately. True, you can often recover it within certain period of time but what if you don’t notice or forget or accidentally remove something you might need in the future, beyond the recovery period? It certainly happened to me. Luckily, I had a backup and was able to recover however my heartrate went up when I discovered that one of my contractors removed files from our shared folder because he was running out of space.

TLDR;

By now you understand the importance of backups and why you should keep one off-site or in the cloud. In case you’re still wondering and thinking ‘nah, it won’t happen to me!’, here’s a story from a client that had recently realised the importance of backups.

One of the employees received a social engineered email and curiously clicked on the link that loaded ransomware on their computer and started encrypting files on the computer as well as remote server. Most of their files got encrypted before they realised what had happened. They disconnected it and luckily we were able to disconnect the computer, clean it from pesky ransomware and restore the data on the server without much downtime. Not having functional backups would cause them headaches beyond ‘pay or not to pay’. If they had backup done only once a week, they would have to spend working overtime to catch up with all their work they did since the last backup. That’s why once a week backup isn’t the best idea – time is valuable and storage is dirt cheap. Talk to us today about free audit of your backup solutions.

 

All Secure IT Services - Security Webinar

Webinar: Protect your Network, Data and Identity

We live in a data and technology dependent world in which protecting your business data is critical.

In the battle to defend your business data and technology, you need an edge. You need the ability to operate within your business environment and have the peace of mind knowing your data is protected in the event of user errors, security breaches, hardware failure and viruses.

What’s the risk of ignoring data security?

It’s not just malware, hacking, viruses, spam and online scams that may put your network and data at risk. A poorly secured mobile device or disgruntled employee could prove just as dangerous and allow criminals to steal private data. Furthermore, having a poorly designed and managed backup and disaster recovery plan places your entire business at risk.

Don’t wait for a Disaster!

Online security is vital to protect your businesses virtual assets (electronic data) and IT systems. Knowing about data protection and maintaining a secure online presence will result in building your customers’ trust and help you to meet legal obligations, including privacy laws.

Why watch the recording?

Prevention. The majority of security businesses operate at the point of patching rather than preventing breaches. All Secure IT Services designs and architects solutions with security in mind so as to prevent breaches, rather than simply patching them at the time of crisis.

In the current landscape, a security breach is almost certain. Engineering your IT systems to assume breach is essential to prevent disruption to business operations, minimise long-term loss of data and protect your business relationships.

This Webinar recording will provide you with the opportunity to hear first-hand from Juraj Benak, industry specialist and Founder of All Secure IT Services.

With over 20 years’ experience in the IT industry, Juraj has worked for a diverse range of industries including multinational IT companies, and financial and academic organisations. With extensive experience in the IT security landscape, Juraj is well-suited to and passionate about sharing his IT security knowledge.

Watch the Webinar recording below

 

Source: Dialog

How to secure your passwords

How to secure your passwords

Password leaks and hacks have become almost a commonplace. In 2016 alone we had breach of 117 million emails and passwords from LinkedIn, 43 million of Webly users, MySpace and of course Yahoo!. Twice. Oh and again in 2017.

Computer security is not easy and there are many challenges that providers need to face. Imagine you have a castle build on a mountain top that has millions of users running through their gates every day to do their work from within the city. There is only one legitimate entry to get to get in and you also need to know a secret phrase so the guards will let you in. But you also have guards that need to change 3 times a day and might take a nap at times. You have windows from sides that aren’t as secure as the main gate and I’m not even talking about the aerial approach. My point is that the companies need to think about security from almost every possible angle however the bad guys only need to find one tiny weakness that can expose the whole castle. That is hard.

My point is that the companies need to think about security from almost every possible angle however the bad guys only need to find one tiny weakness that can expose the whole castle. That is hard.

I am not trying to justify poor security at any of those companies and mainly not at Yahoo!, who didn’t even bother to invest in security, but I want you to understand what is going on here and that you need to play your part in order to stay secure.

Read more

How to create a hotspot in Windows 10

 

How to create hotspot in Windows 10 Creators update and why use it

1) Click Windows logo (start) and type “hotspot”
2) Choose “Change mobile hotspot settings”
3) Switch your mobile hotspot on
4) Change wifi hotspot name and password
5) Connect

You can use it to protect your privacy when travelling overseas on multiple devices using VPN or to share single cable connection amongst multiple devices.

 

All-Secure-IT-Services-cerber-ransomware-demand

Ransomware is about to get a lot worse, by holding your operating system hostage

All-Secure-IT-Services-cerber-ransomware-demand

The threat of ransomware has grown at an unprecedented rate, rising from being a menace to becoming by far the most common form of malware delivered to victims by cyberattackers.

In the space of a year, ransomware appears to have evolved on from the simple but effective strategy of locking down the files of infected targets until they pay a ransom, to incorporating additional malicious elements, such as stealing personal or financial data from the victim’s system.

all-secure-it-services-malware

The cost of ransomware attacks: $1 billion this year

And it’s only the beginning, with file locking malware only set to grow and take larger role in cybercrime, warn researchers.

While the success of ransomware demonstrates there are plenty of victims who’ll pay cybercriminals in order to get their files back, there are also schemes such as No More Ransom which allow them to restore their computer without having to part with a penny.

Now cybersecurity researchers warn that new ransomware features could make life even worse for victims. Rather than just encrypting key files, ransomware could soon infect a computer to such an extent that the only two options available to the user would be to pay, or to lose access to the entire system.

According to the Malwarebytes State of Malware Report 2017, we’re likely to see more variants of this type of ransomware, which is designed to modify the infected computer’s Master Boot Record, the part of the system which controls the ability to boot into the operating system.

Once modified in this way using malicious code, the system will boot into a lock screen set up by the malware, demanding payment not only to decrypt files but also to restore access to the main operating system. The inability to do anything with the system aside from viewing the ransomware note will only give victims two options: pay up, or have their system wiped completely. It’s likely to make ransomware an even more appealing avenue of attack for cybercriminals.

Ransomware has boomed in the last year. The Malwarebytes report details how 12 months ago, ransomware was a threat to both individuals and organisations, accounting for almost one in five payloads delivered using exploits and spam emails.

Almost a year later, in November 2016, ransomware accounted for two thirds of all malicious payloads, making it by far the dominant form of malware, with the number of instances increasing by 267 percent. Ad fraud malware was a distant second place, accounting for one in ten malicious payloads.

Cybersecurity researchers catalogued nearly 400 variants of ransomware in the fourth quarter of last year alone, as cybercriminals across the globe attempted to cash in.

Unlike other forms of malware which often require the perpetrator to have some technical knowhow to deploy, the growth of ransomware-as-a-service has enabled even those without any coding skills to successfully hold victims’ data hostage until they receive a ransom payment — with a cut going to the ransomware developer.

While there are hundreds of variants of ransomware, three families dominated 2016: TeslaCrypt, Locky, and Cerber.

TeslaCrypt was the most dominant form of ransomware during the first half of 2016, before effectively being rendered useless by June, when its master decryption key was released.

Cerber and Locky quickly filled its place. Cerber became a particularly prevalent form of ransomware, because its as-a-service model means anyone can infect victims with it.

Meanwhile, Locky evolved to become the most notorious ransomware threat during 2016, even becoming the second most common malware threat by November. Despite a lull over Christmas, it shows no signs of slowing down, with instances of Locky once again on the up.

That’s bad news for the countries hit by the most ransomware attacks. The United States was the number one country to be targeted with ransomware attacks during 2016, followed Germany, Italy, the United Kingdom, and France.

The attacks against Western targets might not surprise. They are the countries with the most access to technology, and there’s also the potential that these states are being targeted for political reasons. The researchers points out that many cybercriminal syndicates work out of Eastern Europe.

“A country that seems to be missing from this list is Russia. This isn’t because Russian citizens have a firm grasp on computer security. Rather, it’s an indicator that Russian ransomware developers might shy away from targeting their own,” the report says.

 

Source www.zdnet.com