As Tropical Storm Alberto came and went, I couldn’t help but think how concerns like windstorms, lightning, and fire used to be the primary reason for implementing a backup strategy.  These days those items get discussed as an aside to the much larger threat of ransomware.  For veterans of the IT industry, ransomware still seems like a new threat, but this shift of concern began with the prevalence of CryptoLocker in 2013.  While not the first ransomware, CryptoLocker established a name for itself by the sheer volume of users affected.  These days I still hear the name used as a synonym, even though the new variants aren’t based on the same code at all.

Choose wisely

There are a lot of options when it comes to choosing a backup.  Balancing the cost of protection is a decision that can cost you a lot now or later if you get it wrong.  Some factors you need to consider are:

  • How much does downtime cost your company?
  • How long can you afford to be offline?
  • What time-period of data can you afford to lose?
  • How long do you need to retain the history of that data?
  • How many layers of protection do you need?
  • Are there regulatory obligations to protect your data?

Options for being able to spin-up a cloud in an instant, of your backup in the event of a local disaster are highly valuable to those for whom downtime is costly.  Retaining data indefinitely can be expensive, and while it’s rare to discover data corruption that requires going back more than a few weeks, if the fidelity of that data is of sufficient value, the cost may be worth it.

What’s new?

Many times during an initial interview with a prospect I’ve been told that their backup was “sufficient for their needs and working fine”, only to find during discovery that the backup hadn’t run in weeks or months, or that it didn’t include crucial folders or machines which had been created since the initial backup implementation, but never added to the backup job.  A review of what’s important vs. what’s being backed up should be performed at least annually, if not quarterly to ensure that additions and changes to the environment get included in the backup set.

Hello?  Is this thing on?

Most IT specialists don’t take the time to log in to their backup server every day and read the backup logs.  Instead, they depend upon notifications from the backup server to inform them if things are going well, usually via email.  While nearly every backup solution offers notifications as part of the package, many rely on the same computer that performs the backup to send those notifications.  The problem with this design is that if the machine which performs the backup stops functioning, the notifications will likely stop functioning too!

My recommendation to all clients is to implement monitoring that is separate from the actual backup system.  Then if the backup system dies, you can still be notified by the monitoring system that the backup job did not report in as successful.  While most newer backup options split these two roles, some software-only solutions do not.  However, if your IT provider has tools to remotely monitor system performance, backup completion can typically be added to that set of sensors so that an unresponsive backup system doesn’t sneak by unnoticed.

…and your little dog too!

Since ransomware developers are constantly evolving their tools to find new ways to more effectively extort their victims, it’s no surprise that the tools have evolved to encrypt not just the production file share, but the backups as well.  While I have not (as of this writing) had any clients experience this level of destruction, I have heard such experiences from peers.  So, now backing up alone is no longer sufficient.  Backing up the backup to a place where it can be protected from change is a necessity to guard against this new threat.

During implementation, backup systems often use a repository for storing the backup data which is accessible to a network administrator account.  To prevent this new threat from destroying your backups, any new backup repositories should be configured such that only the local backup administrator account has access to the backup repository.  Likewise, a review and reconfiguration should be performed on any existing backups.


If you would like a review of your current backup procedures, contact our tech team to schedule an appointment today at 850-426-4370