Protect your stuff!
16/05/17 20:46 Filed in: Industry
Protecting your data & stuff - it's not as hard as you think…..
Haven't blogged for a while. I've been busy with the day job, doing some properly interesting stuff. Without boring you all to tears I've moved back from being constantly in a sale/pre-sales environment and gone back to actually doing stuff. It's what I enjoy, it's what I'm good at - I think.. and it produces defined actual outcomes. Mac is in a happy place.
Anyways, that's not the point of this blog. I'm sure by now you're all sick to death reading about the recent ransomware attack. Now, in the press it was all about the NHS - the UK's National Health Service for my overseas readers. FREE DOCTORS for my American friends. The actual scope of the attack was far wider of course - lots and lots of people got hit by it.
I'm not going to delve into that attack too much - like I say, you're probably sick of hearing about it - but I did have an interesting conversation about how to protect your stuff against such things. It set me thinking about how I protect my data.
I'll be honest and say I'm quite paranoid about my data. Why? Well, I've experienced losing some important things - think photos and some videos. Stuff you cannot reproduce. It's utterly gutting. Some stuff would just be a pain in the backside to lose - but you can reproduce it. Documents and the like. Others - irreplaceable.
This paranoia has led me to have a really robust backup system - I think. So I thought I'd share my thoughts on how you make your stuff resilient to such attacks.
There's more to just protecting your data by having a copy of it - you need to protect against corruption too, regardless of whether that corruption is accidental or malicious. The malicious bit may take some explaining - let's say for example you have a weeks worth of backups of your stuff. Now, you get infected by some pesky ransomware that slowly sits in the background encrypting your data….and in week three pops up the dreaded 'Give us ONE MEEEELION DOLLAARS' for your data. You're utterly stuffed. It's outside your backup window - all the stuff in your backups will already be infected with that crappy malware.
Now I'm not going to preach to you about how to protect your stuff, but I thought some of you may find it interesting to see how *I* protect my data.
For perspective, my typical active data is about 50Gb of work stuff, and about 200Gb of personal video/photos etc. I generate, on average, about 1Gb of work data a month (email and documents), and around 5Gb of personal stuff. I will point out that I archive and keep everything however, so your data production will likely be lower. Personally, storage is cheaper than my time to go through deleting emails I will never need. I just keep everything.
If you're not very techy, or don't have the inclination, I've ordered the below stuff in a list of importance and ease to do.
So, how do I do stuff? See below. Just to be clear - before I get a kicking in the comments - there are other things you need to do: Anti-Virus, keeping updates…updated etc. I'm specifically talking about how I handle backups.
Automate your backups
Firstly, and a really, really important point, is make your backups automatic. Why? Well, stuff that takes effort does not get done as often as it should. Also, it's an effort. You have to do stuff. Both Windows and Mac OSX can fully automate backups for you:
Apple Mac OS TimeMachine
Windows 10 Backup
I will honestly say that Apple's TimeMachine absolutely knocks the socks off Microsoft in this area. You setup TimeMachine, and it backs up every hour for you. That's it. You never need to do anything else. Windows - sure, you can do it, but it seems a lot more involved.
Anyway, make the point of it automatic and you'll *always* have backups of stuff. If I had one single recommendation, this would be it,
I have two backup media sets of 20Tb (Yer, I know - you probably won't need anything like that) that I swap out once a month. What do I mean? Well, imagine in my setup that TimeMachine backs up my main machine every hour, on the hour, to that backup set. Let's call it SetA. At the end of the month, I physically disconnect that backup set and stick it in a drawer - don't panic…we'll get to offsite in a minute - and then I connect another drive called 'SetB'.
Why? Well, it does numerous things: It protects against a failure of my backup drive(s), lengthens my backup window, and also provides a longer backup set and will protect against such ransomware encryption attacks. Perhaps not totally - more on that in a second.
So how could you use this? Well, 2Tb drives are cheap. Let's imagine you have a reasonable amount of data that a 2Tb drive could accommodate - buy two, and on the 1st of the month swap them over. Stick the other one in a drawer. If you want to be really fancy then stick it in a draw at your office.
Due to where I live, I'm blessed with a very good internet connection. I use this to backup up all of my stuff to an online service. Now, I use BackBlaze. It's on my main machine, and it just sits there uploading my stuff to the BackBlaze service. OMG THEY'VE GOT ALL YOUR DATA! Calm your boots. I encrypt everything. Not the subject of this blog but if anyone's interested happy to write about how I protect my own data when it hits the cloud? Let me know in the comments and I'll sort something.
I've the best part of a couple of Tb up in BackBlaze now and it works really well. It also keeps an archive of up to 30 days for each file so you have an archival history of each file backed up too. It's a good service. NOTE: With any backup service, make sure you test restoring!
The other thing I do is take snapshot or point in time backups. What do I mean by this? Well, in addition to the automated stuff above - the regular TimeMachine backups, and the backup to BackBlaze - I also take ZIP (Well, RAR, but people know what ZIP is) backups of my changed data, usually weekly. I put these into a folder that:
- Gets backed up to BackBlaze
- Gets backed up to my normal hard disk regular backups
Why do I do this? Well, simply to give me a point of time roll-back. I.e. I can go back and find all of my photos/documents etc. at a particular date. WAIT. Isn't this covered above in the Offsite/Auto-stuff?? Well, yes, it is, but it enables one more thing……
Non-Syncronised Offsite Backups
This bit is key to protecting against ransomware. What I do is I take those point in time backups above, and I put them somewhere that isn't synchronised anywhere on any of my machines. Think about this. I have a backup archive dated say 1st May 2017. I put it in a folder in DropBox that is *only* in DropBox. It's not synchronised to any of my machines. How could any ransomware possible encrypt that and block me access? It can't is the answer.
It's an incredibly simple thing to do. On DropBox for example you can do selective synchronisation. I create a folder on DropBox, and ensure it isn't synchronised to any of my kit - all using that selective synchronisation. If you've already uploaded the stuff you can use the DropBox web site to copy the stuff to the folder too - you don't need to upload it twice. This is important as if you've got a ton of data up there you don't want to be uploading it again.
So what does this give me? Well, it gives me a copy of all my stuff that my end-points (I.e. PCs, Macs etc.) can't access to encrypt. It's a simple solution to a complex issue.
Protecting your stuff shouldn't be that hard, and it shouldn't take very much technical know-how really. It would utterly break my heart to lose some of the photos, videos, content that I have - stuff that isn't reproducible. So with some effort, I do my best to avoid that happening. As a side-result of that I protect other reproducible stuff in the same way……I don't like having to re-do stuff.
Anyways, it's an interesting subject. As data-sets get bigger this is going to become more challenging, not less. I'm sure technology will keep up however.