By popular request this is the first post in what will be a series giving steps and tips for how real people can improve their cyber security. Most of the tips will be either free or low cost and they're all things that non-techies should be able to do, at worst with a bit of gentle guidance from the nearest 14-year old.
What Is Security?
First thing you need to know is that security is a process, not a product. You can't really buy anything, plug it in and say "Yay, I'm secure!" There are products that help but real security involves setting things up properly, maintaining them and doing smart stuff on a regular basis. We'll talk more about that as we go...
If you run a small business (or a large family) you should be talking to your staff (or your kids) on a regular basis about practicing safe computing. I'll give you a few talking points in this series.
So After This I'll Be Impervious to Cyber Harm?
So the other thing security is...is a trade-off. It's a trade-off between safety and usability. You can make your computer impossible to hack...just disconnect every wire (including the power cord), encase it in a block of concrete and bury it 100 feet below ground. You may also need to hire an security guard to stand over it just in case somebody tries to dig it up. Come to think of it...that might still be hackable if somebody is determined enough.
Seriously though...it's almost impossible to make a computer (especially in a home or small business where you can't devote a lot of money to state of the art defenses) completely impervious. But there are things we can do to dramatically reduce your risk. So let's dig into what a few of those things are....
Backups Are The Great Savior
There are two primary consequences for bad cyber security: Loss of data or theft of data. Loss of data is probably the more common of the two (at least traditionally, that may be changing) and it can be quite catastrophic. It's been estimated that ~50% businesses that suffer a massive data loss go out of business.
When you have a data loss (and most businesses will eventually) backups can be your savior.
A good general rule is that you should have 3 copies of any critical data (which in modern times may include photos or video) and it should be on at least 2 different kinds of media (like a hard drive AND a DVD or flash drive or...) and at least 1 copy should be off-site. If every copy of your accounting data is located in the same room and something bad happens to that room...
Backups don't have to involve expensive software or complicated scripts. One small business client of ours simply makes a copy of their key data (including QuickBooks, documents, etc.) onto an external hard drive a couple of times a week. They actually have two of those external drives and they rotate them weekly. (well, they're supposed to rotate them weekly but I have it on good authority that they forget occasionally and just back up to the same one two weeks in a row.)
Once a month they burn a copy of all of that data to a DVD and mail that DVD to a family member out of state. That's a pretty low-tech way to do it, but on the few times they've had to restore it's worked just fine.
There are also services like Carbonite, CrashPlan or Mozy that can do automatic, off-site backups over the Internet for you. Those plans are good, and sometimes not cheap, but I still recommend having a local copy in addition to the Internet copy. If you accidentally delete the sales report and need to restore it the Carbonite system can be great. If you have a massive system failure and need to restore 300GB of data you may be waiting a long time for that much data to stream back down to your computer from the cloud.
Whatever system you choose if you follow the guideline of having 3 copies and at least one of them off-site you should be fine.
Sit down and make a list of what digital content in your life you'd be in big trouble if you lost. Could be your accounting system, your sales proposals or even all those photos of Aunt Mildred at the family cabin. Then do a little inventory of how many copies of them you have NOW - if you lost your primary copy could you easily restore it? If not...you need to look at a way (external hard drive, online service, etc.) to get another copy of that data that you can easily restore.
Don't be shy about asking others (coworkers, staff, family members) what data THEY can't live without. It may be that you're overlooking something and it's better to back up too much data than not enough.
By the Way
Don't forget about paper documents. If you have only one copy of critical paper documents consider scanning them into digital format and keeping those digital copies with your other critical digital data...paper can get lost or destroyed too.
Test Your Backups
Just having backups is only half the job. You need to make sure that you occasionally (quarterly, semi-annually, annually...) test your backups to make sure they work. We got a call from a company once who had a major server meltdown. They felt confident in their ability to recover because they'd been doing nightly backups. When their replacement hardware arrived they installed it and went to restore the data from backups...only to discover that their nightly backups hadn't actually worked in over a year. It was a nightmare (an expensive nightmare) and fortunately we were able to recover most (but not all) of their lost data.
Testing backups doesn't have to be hard. Here's how I recommend beginners do it.
- Create a dummy file (a Word document is fine) and save it alongside your production data. You should even name it "Backup Test File" or something like that to make it clear what it is.
- Let your regular backup system back it up along with all of your other files.
- At some regular interval (Quarterly? Semi-annually?) go in and delete that file from your system.
- Go to your backups and try to restore that file. If you can restore it successfully then you know your backups are working AND that you know how to restore files. SUCCESS!...if you can't restore that file then either your backups aren't working properly or you just don't know how to restore from them. Either way, that should get fixed now, when all you've lost is a test file.
Test restoring database files is a little harder, but if you know your backups are fundamentally sound, the database files appear to be there and the backup logs show no problems you're probably o.k. It's a good idea to consult your database vendor for best practices on backup and restore to make sure you're doing it right.
I hope this was a helpful start. If you have any questions please feel free to contact us.
Stay tuned for Part 2....coming in the next few days.