Multiple Backups? Why? Is it Time to add a Cloud Backup?

A reprint from the PC410 Security Newsletter:

Cloud Backup, Why now?

Cloud backup is a worthwhile addition to your backup choices. Here’s why: Security software doesn’t block new threats under three days old, surge suppressors can’t handle a direct lightning strike, and no one is ready for what they don’t expect. Damage to computers and your backup drives is going to happen, and there won’t be advance notice.

Different backup types and destinations offer protection against different threats, and have dramatically different restore times. Some protect the newest files, and can be up and running in 10 minutes after a disaster. Others protect everything EXCEPT the newest files, from more types of mayhem, but take multiple days for recovery.

These are instructions for small business and home users; large businesses have more options, like backing up systems to virtual computers for emulation of a failed computer while waiting for IT staff to configure new hardware.

WHAT to Backup?

You should have three copies of your data, on two different types of backup (drives, cloud, or DVD/BluRay disks), and one copy should be off-site. If you’re only running one kind of backup, you’re not protecting your data against the most-likely problems.

Modern backup software automatically grabs your document folders. Add the contents of folders on servers, and any project folders that aren’t already inside the ‘my documents’ folders. If you use DropBox or OneDrive for sharing files, set one system in your office to keep a full copy of those files, and include them in your backups, because cloud file-sharing isn’t immune to cryptoware.

And backup these items: Software license keys (scan them), software installation disks, especially of backup software (convert them to “ISO” files and setup a folder for them on your backup drives), and the invoices that establish warranties on your computer and office technology (scan these as well).

HOW to Backup?

Image Backups are a backup against drive failures and lightning strikes. This is the backup used to rebuild your system after a drive failure–it’s a snapshot of the entire drive. Some software offers this as either a drive backup or a system backup; when in doubt what a backup will do, ask the publisher.

Data Backup is a compressed copy of your data, usually documents and anything else inside the ‘My documents’ area, but not your software or operating system. Data Backups offer some protection against overwritten files and ransomware–there are multiple sets of data, and you can choose which to restore from.

File Sync is an automatic copy of your data. This backup saves time in getting your data running, because it can substitute for a file server, for a small number of users. Daily file sync to a network-attached storage device (NAS) is best. Continuous file sync is also an option, but that increases potential damage from ransomware, and provides no protection against human errors.

Cloud Backup, set for “continuous” backups, goes to a good service provider that keeps multiple file versions, as protection against cryptoware, and captures the most-recent files that may have changed since the last set of image backups and file syncs. Cloud backup can also save you from human errors, when you need an older version of a valuable document.

WHERE to Backup?

Cloud backup is protected from ransomware, but make sure the cloud company you choose can delete encrypted files for you, by date or by extension–ask the question, and if they can’t answer in plain language, take your business elsewhere. File Sharing services like OneDrive and Google Drive are not backups; they’re single-copy storage that ransomware sees as a folder that can be encrypted like any other folder. Don’t use them for backups.

Network-attached storage drives are for continuous or scheduled backups. With the right software, they offer protection against drive and computer failures. If you bolt them down in a hidden spot in your building, they can protect against data loss from technology theft. Some of these units are even fire-resistant. They aren’t immune to power problems, and won’t survive a direct-to-building lightning strike, but neither will the wiring of your building.

USB-connected ‘portable’ drives (small, no power cord), and ‘external’ drives (larger, with a power adapter), are for backing up and then locking up data, so they’re protection against burglars and lightning, and if off-site, floods, fire, and general mayhem. But as nothing done manually is reliable, they can’t be your only backup destination.

WHEN to Backup?

The standard question for backups is “How many days, hours, seconds, or months of data can you afford to lose?” Answer that, and plan accordingly. For an airline, one second of data loss is millions of dollars. For most small businesses, more than a few days of lost data may lead to financial trouble.

As a starting point for small business, try this:

  • Image backups once a month, automated, for each computer, to a NAS drive. If your software configuration only changes rarely, an image every three months is OK.
  • Data Backups, every weeknight, full backup once a week, and incremental (new files and changed files) for the rest of the week.
  • File Sync, weekdays, late in the day.
  • Cloud Backup, continuously.

On computers other than your file server, if all your data is going to the server, you can skip data backups and file sync, but in this case, create image backups at least quarterly of these machines. Check the location of data files from Outlook or Thunderbird; they should save to the file server so that they’re included in all backups.

Keep the last three complete sets of all these backups. Assume there’s corruption–there frequently is, and recovery of an older file set may be needed. In some cases, a failed backup is the first sign of hard drive trouble, so monitor the backups, and restore some files as a test. If there has been no test of your backups, you don’t have any backups. Always test.

Monitor your backups. All good backup software can email the results of a backup, either that it worked or that it failed. Usually, if it fails, the backup device didn’t turn back on after a power failure, or it’s full. That’s OK if you’ve got that email that tells you to check your backups.

Finally, if you’ve been carefully backing up for years, great! But look at the backup drive; if it’s a 240 Gb drive, it could be from 2004. Backup drives fail, and old drives are slow and erratic. If you are running one type of backup, to an old drive, it’s time to update.

Creator’s Update Settings: SmartScreen

New SmartScreen Setting

In the new Creator’s Update for Windows 10, SmartScreen has finally been made less horrible. The old settings were:

  • Off-Let all software run.
  • On-All new software from all sources is evil by definition. It’s not Microsoft, in any case. Delete with no option or recourse. (Or the anti-competitive restraint of trade equivalent.)

The NEW options, now moved into the ‘Windows Defender Security Center’, are no longer blatantly big brother:

  • On-Block the new and different.
  • Warn-Slow down and read the message before deciding.
  • Off–Scary, scary.

OK, I may have changed the descriptions. A lot. But clearly, SmartScreen should be ON for novice users and corporations with a “no software installs” policy, and WARN for users who know WHERE they are and WHAT they’re doing.

Note that the new setting appears TWICE, once as ‘Check apps and files’ for Internet Explorer, and as ‘SmarScreen for Microsoft Edge’. Minus 5 points for inconsistent naming and spreading confusion, but still an improvement.

Good Riddance, Vista

Windows Vista, RIP April 11th, 2017

Windows Vista reaches the end of “extended” support on April 11th, 2017. It couldn’t be too soon.

The end of ‘Extended Support’ means there will be no more security patches, and no online technical assistance from Microsoft after April 11th. Existing support pages will still be available online, but will no longer be updated. Google Chrome ended support for Vista back on April 1st, 2016. If Microsoft follows the pattern of Windows XP, phone activation for re-installs will only be available from the automated system, and not from an actual human on the phone.

If you are still running any Vista-based computers, it’s time to upgrade them, retire them or disconnect them from the Internet. Most computers that shipped with Vista can run Windows 7 faster, and many can run Windows 10. (Call any local tech for help identifying if any particular system is worth an upgrade.) And if there are still any Windows XP machines out there, it’s time to melt them down. Secure erasure and safe recycling is free for my customers.

Microsoft Office 2007

Microsoft Office 2007 will reach the end of extended support October 10th of 2017. If you’re running Outlook 2007, plan ahead. Running an unpatched email program isn’t safe. Now is a good time to switch to Thunderbird, or upgrade to Office 2016.

Calendar maintains a short list of the end-of-life dates of the most popular software products, here.