Backups: The Cure to Viral Cyber Infections

By: Brett S. | Cyber Threat Intelligence Analyst, NJCCIC

Given the steady uptick in ransomware across the country, and right here in our State, we simply cannot overstate the importance of maintaining good backups that are stored offline (physically off of the network) and regularly tested to ensure you can fully recover in the event of a data loss incident. But what, specifically, does that mean to you and how do you go about implementing a sound data backup and recovery strategy?

Accepting the fact that backups are the best way to protect your sensitive, often irreplaceable data from disastrous events such as hard drive crashes or ransomware infections is just the start. Here are some of the key questions to consider:

How often should you backup data?

The frequency that you should conduct backups depends on the sensitivity and amount of data you accumulate. If your computer is solely for personal use and you do not add important data to the hard drive on a regular basis, then you can go two or more weeks at a time without backing it up. If you own a small to midsize business (SMB) that stores critical information such as finances, employee records, or inventory, it is recommended that you back up your computers and/or servers every other day, if not daily. Typically, the best time of day to do a comprehensive backup, without causing disruption, is after normal business hours.

What storage options are available?

Several cost-effective and easily integrated storage options are available. External hard drives are widely available online or at big box stores, and prices have come down considerably in recent years. One terabyte (TB) drives now come in under $100, and sixteen TB of storage can be purchased for less than $600. This is a great solution for individuals or SMB's due to their portability and ease of use. Additionally, it allows the external drive to be physically detached when the backup is complete, a best practice for data loss prevention.

For companies who require larger storage, there is no one-size-fits-all solution, but it requires working with a preferred hardware or software vendor. The most cost-effective and efficient option for most businesses these days is to use cloud storage. This provides an additional layer of protection that makes data recovery manageable but does require enduring subscription fees. When researching cloud storage providers, there are several considerations to factor into your decision:

  • Will the data be encrypted end-to-end – in transit and at rest?
  • If not, when is the data unencrypted and therefore vulnerable to compromise?
  • How will technical support assist you if you need to recover your files from their systems?
  • Where are their data centers located and what is the physical security posture?
  • What if a natural disaster strikes and causes severe damage to the data center?

How do you choose the right backup software?

There are a number of reputable software companies that provide cost-effective backup solutions for personal or small-business use. This type of software is specifically designed for individual computers and small servers. For larger companies, or smaller companies that have sizable data requirements, there are other commercial solutions that are costlier but have customizable options that can be tailored to a company's needs.

For more information on storage and software options:

How do you create a backup file?

Creating an ISO image file (with the extension .iso) is the best method of backing up all of the data from a system. An ISO file is an exact replica of a hard drive or server and contains all of the necessary files required to properly reconstruct the data. It is important to note that only the information that is imaged at the time of the backup will be replicated; therefore, nothing after the date of the backup can be recovered. This is why it is important to back up your data as often as necessary. There are many open source articles and videos that provide instruction for creating ISO images, depending on your operating system and hardware:

How do you test your backup?

Testing whether or not your backups contain all of your files is just as important as creating the backups in the first place. You can test an ISO file by loading it into virtual machine (VM) software, which allows you to customize the storage capacity to accommodate the size of the physical hard drive you backed up. It is important to remember that the size of the VM is limited to the available, unallocated space on the hard drive of the computer hosting the VM.

When you boot up a VM, you need to be careful when selecting one of the three options for Internet access: Host Only, Network Address Translation (NAT), or Bridge:

  • If you plan on only using the VM to test your backups, you should restrict access to the Internet by selecting Host Only. This is a precautionary step to prevent unwanted traffic from connecting to and potentially corrupting the VM. If you are testing a server backup, this will prevent other computers from connecting to it and acquiring data that might be outdated.
  • Selecting Virtual Network to NAT will share Internet access with the host computer but will use the host computer's MAC address as the originator of the traffic.
  • Bridging the virtual network will expose the VM directly to the external network, and could expose your backup to any threats encountered.

Once you have successfully loaded and booted the VM, you can spot check various locations for some of your most important files to ensure that you successfully replicated all of your data.

The goal of this blog post is to convey the importance of backups, and to identify some of the key things you need to consider in order to carry out a backup strategy. This task is less daunting using the steps and tools outlined above, and a proactive approach to data protection can prevent the loss of invaluable data, or eliminate the need to pay a hefty fee to decrypt your files in the case of ransomware.