The Most Basic of Basics

CISO-in-a-Box CISO-in-a-Box

There are three elements of safer computing:

  • Confidentiality -- keeping what must be private, private
  • Integrity -- making sure no changes are made without your authorization
  • Availability -- making sure you can get to everything you rightly should be able to

Everything I am going to suggest to you in these pages supports at least one of these elements. There are a lot of things to talk about, and some of them need a pretty detailed discussion. But to begin, I am going to ask you to look at the most basic - even unglamorous - things that are just so important they should never be neglected. So let’s start right out with the most unglamorous one of all, but also the one most effective at helping you recover from the greatest variety of hazards.

Backup

All your important data should be backed up, ideally in two or more different ways. For example, if you copy everything to Google Drive or Dropbox, you should also get an inexpensive removable drive like a Passport or a MyBook and copy everything to that. Backup is really cheap protection against so many hazards, everything from a ransomware infection to a house fire. Using different locations diversifies your protection. If the MyBook is in the house next to the computer when fire breaks out, it’s not likely to be usable as the backup. On the other hand, if you need to get files back quickly after a mishap like an over-enthusiastic disk cleanup, a MyBook will be five to fifty times as fast as pulling data back down from somewhere on the internet.

Make sure that however your backups run, they don’t require you to remember to do something every time. You can set them to be scheduled for a certain time or choose a backup scheme that runs continuously, monitoring for new or changed files all the time and backing them up in the background.

The schedule you choose determines how much data you can expect to lose after a disaster. What this means is, if you suppose you might lose your main disk at any random time, and you have a backup that runs once a week on a schedule, then your data loss from what hasn’t been backed up can be up to seven days’ worth of changes. If that’s tolerable to you, then a weekly schedule may be just fine. But if you cringe at losing even seven hours - never mind seven days - of changes to your data, you should be looking for a backup that runs daily or continuously.

Finally, a bit that too many people forget: testing.  Every so often (I would suggest once a month: set a calendar reminder), you have to test your backup to make sure it does what it says on on the tin.  Pick a file at random from a recent backup, and restore it.  Don't overwrite the original; choose another location.  You want to be able to confirm that the restored file and the original match.  Besides confirming your backups actually work, it also keeps your hand in on working the restore process.  In an actual emergency where you need to restore critical data, deer-in-the-headlights is not a good look on you.

A wide variety of free and low-cost backup software is available. Check out these superb write-ups from TechRadar, a site that specializes in reviews of software for both consumers and small business. 

Questions?  Send them to questions@safer-computing.com  

This article originally appeared in the May, 2016 edition of The Empty Closet.

This article was updated on 2023-05-11 04:53:26

CISO-in-a-Box

Infosec geekosaurus.  All opinions my own.

Information security since 2005.  IT... well into my second millenium.