by Paul Ducklin, Principal Research Scientist, Sophos.
- Don’t treat backing up simply as “something you do in case of ransomware”
In the early days of personal computers, the main reason people made backups, even if it was just a few important files saved on a special floppy disk, was the sheer unreliability of hardware and software. If you ever used DOS, you’ll remember very clearly how one buggy program usually crashed everything, and that any crash could leave the hard disk corrupted so badly that you couldn’t reboot at all. Malware was also a serious concern, not least because the crooks hadn’t yet figured out how to make money out of viruses, but nevertheless often used them to wipe out all your data for no clear reason at all. Fast forward to 2020 and we have a lot less to worry about on the reliability front, but we still face a clear and present danger from data loss due to malware, notably ransomware. For that reason, backups are a hot topic again, especially during the coronavirus pandemic, where IT can’t go round the office and give hands-on attention to afflicted computers. Nevertheless, even though backups are a fantastic defensive tool against ransomware, we’re wary of IT procedures that are driven specifically by individual fears rather than by general good practice.A regular and reliable backup process will protect you from unexpected data loss of any sort, including cases – as many people will have experienced when coronavirus lockdowns started and they couldn’t get back into the office – where your data isn’t lost, but you can’t get at it anyway. Condensed into a easily-remembered saying: Backups are a job worth doing, and a job worth doing is worth doing well.
- Don’t leave backups where crooks can find them
Even though we’ve just urged you to do backups for general reasons that go above and beyond the specific risk of ransomware, there are important risks posed by contemporary cybercriminals that you need to keep in mind. In many recent attacks we’ve investigated, the crooks have had days or even weeks to poke around the victim’s network before initiating their final actions – such as firing up ransomware on hundreds of computers at the same time. Therefore you need to assume, if your backups are accessible online, that the crooks will find them and wipe them out (or steal them and then wipe them out) as part of their attack. If ransomware strikes your entire network, or a power surge takes out your laptop where you keep your backup drive plugged in all the time, then you no longer have a backup. So, think of live snapshots and real-time backups that you keep online as secondary copies, and make sure you also keep true backup copies offline. Whether you’re at home or at work, you can often do that simply by unplugging backup devices or explicitly logging out from cloud backup accounts. We also recommend that you add 2FA (two-factor authentication) to your cloud backup accounts for two important reasons. Firstly, it helps to keeps the crooks out, so they can’t use your cloud backup to breach your data; secondly, it means you can’t log in accidentally using cached passwords when you didn’t mean to.
- Don’t make backups that everyone can read
As you probably know, most backup advice includes something about keeping “offsite” backups so that they’re not just offline, they’re stored in a different physical location to the master copy. A removable drive stored in a safe-deposit box at your bank is an excellent way to protect your most vital backups, but that’s impossible if you’re in coronavirus lockdown. Therefore you are almost certainly going to have to rely on cloud storage – where your data travels offsite via the internet rather than in your backpack. However, we often hear people asking if they really need offsite backups, because they are understandably concerned that storing their data in two different ways in two different places simply doubles down on their risk of a data breach. Even high-security safe deposits can get burgled, and cloud storage services could suffer an intrusion that isn’t your fault and you couldn’t have prevented. Fortunately, there’s an reliable way to protect your offsite data, whether it’s in the cloud or on a removable device, and that’s to encrypt it before it leaves your own laptop or network. To help you out, Windows has BitLocker, Macs have FileVault, and Linux has LUKS and cryptsetup, which can be used to create encrypted drives and partitions. (You can create a disk partition out of a file, and then use cryptsetup on that, if you want.) There are also numerous free and open source encryption tools that aren’t part of any operating system. You can use one of these to encrypt both devices and folders on all your computers, if that’s what you prefer – remember that BitLocker and FileVault are proprietary and aren’t officially supported on other operating systems.
- Don’t neglect the “restore” part of the process
Remember that you haven’t really backed anything up unless you can restore it. We’ve helped numerous people over the years who made backups regularly and carefully, but weren’t able to get back the files they wanted when they needed to. Ironically, perhaps, none of these cases happened because the user forgot or lost their decryption password – they simply weren’t well-practised enough in using the restore process to do it reliably, or even at all. We also know of ransomware victims who ended up paying the ransom, even though they had working backups, because the restore process they’d created for themselves was just too slow and cumbersome for them to recover in time. Treat restoring backups like a fire drill: you’re going down the fire escape, out into the street and getting clear of the building when there isn’t an actual fire so that if the real thing ever happens, you aren’t fighting against both fear and unfamiliarity at the same time.
Test yourself: work out how long it takes to get the backup ready for restoring, how long it takes extract everything, and how reliably and quickly you can restore just a single file without restoring everything else, which you might not want.
- Don’t put it off until tomorrow
The only backup you will ever regret…
…is the one you didn’t make.