Backup and Recovery…The types you need to know about

What is Back-up and Recovery?

A good back up is crucial in a business environment, a back-up strategy is the most effective and efficient way to protect your vital data. It provides a safeguard against unexpected data loss and application errors; should you lose your original data, you can use the backup to make it available again.

With the rise in cybercrime and malicious viruses and malware plus, the potential of accidental data loss, backing up and storing your data has never been more important. A company should always have a disaster recovery plan to deal with potential disasters, a plan to ensure the continuation of regular functions. By backing-up the effects of a disaster will be minimised and the organisation will be able to either maintain or quickly resume mission-critical functions.

The Different Types of Data Back-ups

Full backup

It is a method of backup where all the files and folders selected will be backed up. When consequent backups are ran, the integrated list of files and will all be backed up. The advantage is data restores are fast and easy to manage as the full list of files and folders are in one backup set. It is also easy to maintain and can be restore in various forms.

However, backups can take some time as each file is backed up repeatedly each time it is ran which can consume a considerable amount of network resources. This method absorbs the most storage capacity compared to incremental and differential backups. The exact same files are stored repeatedly which results in inefficient use of storage.

Mirror Backup

As the name states a mirror of the source being backed up. With this backup a file in the source is deleted and that file is eventually deleted in the mirror backup. This technique is clean and ensures the backup does not contain old and out-of-date files. But, there is a chance that files in the source are deleted accidentally, by distribution or through a virus.

Incremental backup

This is when once the initial full backup is completed consecutive incremental backups runs – it will just save the data that has been changed since the last backup, making it much faster backup than a full backup. The incremental technique is quicker and consumes less network resources. It also provides adequate use of storage space as files are not duplicated unlike the full backup method but, restores can be slower and more complicated.

Cloud Backup –

This is also known as Online Backup and Remote Backup – it is when data is backed up to a service or storage facility connected over the Internet. A form of offsite backup so, if anything happens to the premise like a fire or a natural disaster, the data is safe in a different location. The data is also replicated across different storage devices, usually serviced by multiple internet connections so the system is not at the point of failure and it provides easy backup accessibility with an internet connection. If the service is provided by a good commercial data center, the data will be managed and protected. The downside is it can be more expensive than local backups and the backup and restore times can be dependant on the availability of network bandwidth. Also depending on the service provider the owner of the data may not always be in full control of your files i.e. determine which datacenter the data is stored in or there may be security risks involved such as other people viewing your files especially if it’s not encrypted.

Offsite Backup

This is any backup where the backup storage medium is kept at a different geographic location from the origin is known as an offsite backup. For example, an administrator storing the data onto a tape drive and then take it to another location. Cloud backup is also a form of Offsite backup. It gives a company a peace of mind because if a disaster was to strike at the office like theft, fire, flood, earthquakes, hurricanes and more, there is a backup offsite to recover from. However, it may cost more because usually rotation between several storage devices is required. Another disadvantage is storage devices are not always reliable and often needs to be replaced because the more frequent handling of storage devices, the risk of damaging the delicate hard disk is greater.

For more information on the different types of backup and a discussion of our services please feel free to call us on 0845 603 5552.

Advertisements

Information Security isn’t just a Technology issue but, a Business one..

As the lines between work and play blurs due to the advances of technology, it becomes more apparent that ‘Information Security’ within the workplace is not just the IT department’s issue.

Information or data is a business enabler, it enables operations and productivity so, the security of it should be viewed as essential and promoted throughout the company – but, in most cases it is not.

Is this because we instinctively protect what we can see in front of us like buildings, personnel, hardware, the tangible assets but, we neglect the intangibles such as information because we struggle to see the physical value of it? Or is it the general attitude towards data security, the idea that we just need to do enough to meet regulations and compliance standards?

IT Security should be seen as a task to minimise risk for an organisation

This risk management is not just limited to the IT department or within the office because let’s face it, many of us do work a little when we get home even if its just checking our emails.

‘As many as 49% of individuals would use their personal device for work, found in a recent Norton Report’.

Employees use of unauthorised personal mobile devices can be a threat because it is an unknown object on the IT network. For example, if a user was to save business data onto an unauthorised device and then it was infected by malware, the data could end up in the wrong hands!

However, it is not about the IT department forbidding personal devices – if devices are approved then it is safe to have on the network. It’s all about having policies in place and training employees on how to access business data securely. The training should not be limited to the use of mobile devices but, general IT security practices i.e. always encrypt email containing sensitive data or never write login credentials on a piece of paper.

It is also important to ensure staff are aware of ‘Social Engineering’ because no matter how protected an IT Network is, there is always the possibility of external threats getting in, like CryptoWall which tricks users into opening infected attachments, exploit security gaps in Sliverlight, Flash and Java then, similar to CryptoLocker it will encrypt your files and demand a ransom.

Regular IT network assessments are recommended – not only will it help protect and minimise potential security risks, it can also be an opportunity to assess the efficiency levels of the network.

There will always be a possibility of a breach in security for every company, it could be due to a cyber attack, human error, social engineering etc but,if risk management is a common goal amongst every employee not just the IT department, it can help manage and minimise security risks in the long run.

To find out more about data protection or IT network security you can contact our consultants on 0845 603 5552 or drop us an email on info@netshield.co.uk

CryptoLocker – The New Kid on the Block for Trojan Ransomware

Cryptolocker Trojan Ransomware

Watchout for Cryptolocker! It claimed over 10,000 victims within a week.

CryptoLockerA new variant of Trojan Ransomware has recently appeared in the world of cybercrime; but, it is not just a typical piece of RansomWare

When it infects a system it would encrypt your data using a strong cryptography and the cybercriminals will hold the users’ data hostage until a ransom is paid. The users are usually infected by an email with an attach .exe file and when opened, it will execute scripts to encrypt all the users’ data. It has been reported the ransom demands are for either $300 US dollars or Bitcoins. However,  there is no guarantee the decryption of the data will occur after the ransom is paid.

CryptoLocker is spreading fast in phishing campaigns and it has been reported it can be sent as a fake delivery notification or an email from a financial institution.

According to Kaspersky’s Costin Raiu the primary target for this Trojan Ransomware is ‘US and UK, with India, Canada, Australia and France being second-tier targets’ and the National Crime Agency (NCA) in a recent BBC article said ‘Small to medium businesses seem to be the target’ and there are ‘significant risks’.

Protect yourself

It is important to have anti-virus protection in general but with over 10,000 people falling victim to CryptoLocker within a week, it further highlights the need to have a good level of IT security in place. But this is usually not the case, as anti-virus is often considered after one becomes a victim.

From a B2B perspective it is always suggested to have a layered approach to IT security i.e. having a firewall, anti-virus, endpoint security, email security products to limit inbound email threats. From personal use perspective having anti-virus in place is essential.

Email Security products such as NetMail will help protect users’ from this type of trojan by blocking .exe files as a rule. However, CryptoLocker can also infect systems via physical media, websites etc so, anti-virus and malware detectors are essential, to help create a strong defence to keep those criminals off your devices and networks.

So be extra careful and do not open those .exe files unless you know exactly who it is from.

Contact us today to find out more about IT Security and how we can help protect your business.  

Considerations when Implementing Security on your IT Network: Business of Cybercrime Series – Part 3

The lack of adequate protection and defences on an IT network would make a business vulnerable to hacking and the implications can be damaging, often the damage is dependent on what mood the hacker is in and what devastation they would like to cause.

Effects from a hacking can disrupt business operations, causing downtime, corrupt data, affect brand perception and reputation. Being a victim of cybercrime can also mean the business breaches the data protection act or experience compliance breaches.

With technology moving so quickly within the IT market, there are a number of methods and products to choose from – the key is to choose what is right for your network.

You need to consider:-

  • What type of IT infrastructure does the business have? Virtual or Physical?
  • What are your data requirements?
  • What would you consider to be your critical data or programs?
  • What security is currently implemented on your network?

Rule of thumb is a full assessment of the current security situation and the condition of the infrastructure is necessary, in order to help determine what is the right solution for your business.  After the assessment, you can then decide on which method or security brand would be most suitable.

3 methods of protection:-

Anti-Virus

Is software to help defend you against viruses and other malware threats including Trojans, worms and sometimes spyware; however, the level of protection provided by the anti-virus is dependent on the one you choose.  Well-known brands include Sophos, Symantec and Kaspersky.

Firewall

A firewall helps to prevent unauthorized access to a computer or a network, there are two types ‘network firewall’ and ‘client firewall’.

A network firewall is installed on the boundary between two networks, normally located between the internet and a company network – it can be either a device or software running on a computer that acts as a gateway to the company network.  Whereas, a client firewall is when software is installed and runs on an end users computer, protecting only that particular computer.  Well-known network firewall brands include SonicWall and Watchguard.

Encryption

This secures your data by encrypting your desktops, laptops, emails, USB’s files and other devices; it prevents unauthorized access where the information can only be accessed by entering an encryption key or password.

For an IT network it is advisable to have at least Firewalls and Anti-Virus software installed. For businesses that uses mobile devices and have a mobile workforce who carry business data around, encryption is recommended. For example, 2-factor authentication can be implemented on business mobile phones, to ensure if the phone was lost or stolen it will help prevent others using it because it is a secure method that seeks to decrease the probability that the user is presenting false evidence of its identity. Well-known 2-factor authentication brands include Cryptocard and Vasco.

Other ways of encryption includes installing a type of software on a device where data is automatically encrypted, email encryption and manual encryption where the user chooses what data requires encoding.

So, regardless of the size of the organisation security is necessary for protection as data is a key asset and is also valuable in the wrong hands.

When it comes to cybercrime business should not think it ‘will never happen to me’, ‘My data isn’t worth the hassle’ but, the truth is, cybercrime criminals do not discriminate, if you have business data you can potentially be a target.

For more information on how to protect your business data please feel free to contact us.