The IT Security Interview, with Chris Ratcliffe

Hanson Headlines - Malware and Security header

As the dust settles on the recent WannaCry ransomware attack, people will point fingers and excuses will be made, but an organization’s security comes down to whether or not it is compliant with best practices laid out by IT security professionals around the world. So to learn more about what "best practices" really are and what businesses can do, we spoke with Hanson Information Systems senior Systems Administrator Chris Ratcliffe.

 

Hanson Headlines: Hey Chris, thanks for taking the time to talk with me today about IT Security. When you or any other Systems Administrators sit down for an initial consultation, what is the most common question you raise to them about security?

Chris Ratcliffe: Are you trying to keep your computers and networks secure? Really protecting your IT systems? All too often individuals and companies are securing their IT equivalent of the Crown Jewels with the software version of a combination lock. And once your insecure computer or network is compromised, what have you done to ensure you can recover from any data loss?

As the dust settles on the recent WannaCry international Ransomware attack, hundreds of thousands of affected individuals and companies are recovering from a devastating loss of data. Some individuals will have lost everything from baby pictures to personal documents, financial documents to entire email histories; Companies in some cases have lost all their business documents, accounting files, and customer contact details.

HH: Do you think that is in response to anything specific? Or is it more of a case of ignoring the obvious?

CR: There is an almost never-ending list of websites and articles covering how to prevent the “bad guys” from getting in and compromising your PC, Laptop, or network, and they all boil down to more or less the same advice:

Ensure you have your operating system fully updated;

Ensure you have effective and fully updated Antivirus and Antimalware software (yes, preferably both);

Ensure you have effective filtering of your email for Spam, viruses, and malware;

Don’t open email from unknown senders;

Ensure you are using an effective, up-to-date firewall with intrusion and content protection options activated.

Human nature seems to dictate that this information will be partially, or largely in some cases, ignored. Prevention, as we are repeatedly reminded, is better than cure and in IT, more importantly it is much less expensive.

How much will your business lose if it can’t access the data needed to be able to function? How much would a lost day of business or production cost? What about multiple days? What happens when you can’t recover the data at all? Could your company survive in such circumstances? Think of these points the next time you are discussing network security.

There is an ongoing cost of antivirus software licenses but how much more expensive would losing all your data turn out to be? Paying for an alarm system can be a financial investment also, but it pays for itself if it prevents break-ins.

Think of an offsite backup service as insurance. If your home or business burns down, those fire insurance premiums mean you’ll be able to rebuild. Paying for an offsite backup service will allow you to recover your data in the same circumstances.

HH: Wow. I never really thought about it like that. So what if, for example, a business does happen to succumb to a malware infection? What happens then?

CR: Ransomware affected companies and individuals are divided into two main groups: those struggling to recover from a devastating loss of data, and those for whom the incident was a temporary inconvenience.

If you failed to prevent the ransomware or virus from encrypting or corrupting your data, what is your next step? Pay the ransom and hope the data is unencrypted or accept the loss are the options for the unprepared; Data recovery from backups is the option for the prepared.

Lack of prevention can be “penny wise, pound foolish,” but even the most effective attempts at protecting your network can be undermined, usually unintentionally, by a single individual. What to do when Bob in Shipping clicks on the fraudulent FedEx Delivery report email link, or John in the Mail Room clicks on the USPS version, and the chaos has already occurred? At this point, backups, and plenty of them are your best friend and defense against loss.

It was Peter Krogh in his book “The DAM Book: Digital Asset Management for Photographers” who introduced the concept of the 3-2-1 Rule for backing up data. In IT, all too often the rules change faster than we can keep up with them. However, some rules, like the 3-2-1 Rule, are still followed after many years because they are simple, sensible, and they work.

HH: We’ve touched on this before. Can you explain the “3-2-1 Rule” in a little more detail?

CR: The 3-2-1 Rule states that you should always have 3 copies of your critical data, stored on at least 2 different types of media, with 1 copy being stored offsite. The rule does not dictate the methods, media, or locations you should use. That is for the end user to decide and allows for solutions tailored to the needs of the user. As long as the solutions and methods you chose provide at minimum 3 copies, 2 types of media, and 1 backup offsite, you should be able to recover data effectively.

3 copies of the data refer to the original data and 2 copies. Remember, you can always have more backups; the more you have the safer you are.

2 types of media give you the chance to use any and all media types available to you now or in the future. Think USB Thumb drives, burning DVD/CDs, external and internal hard drives, and whatever technologies become available in the future.

At least 1 copy “offsite” means offsite: not in the same building, but a good distance away and securely stored. If the data is important enough to be backed up and taken offsite, treat it as if it is important and not just an afterthought. Using a cloud-based Offsite Backup Service is an effective way of automating the offsite aspect of your backup plan.

HH: Okay, that all makes sense. But this isn’t some sort of “do it yourself” idea is it?

CR: How you choose to carry out your backups in terms of the software and hardware you decide to use is a conversation you need to have with an external IT Support Company. If you don’t have an external IT Support Company, you should think about finding someone who can provide some support in setting up your backup plan.

The single most important part of your backup plan is ensuring the backups actually take place and that you can restore from them. Really. It sounds so simple but all my IT peers could terrify you with stories where this was ignored. There is the story of one office that had delegated the changing of the backup tapes to a receptionist who diligently changed the tapes every day and stored them in a safe. It was only when their server crashed they realized the backups hadn’t actually run in 5 years. No one had thought to check.

So, the rule here should be to check daily that your backups are actually running. Even better, tell your IT Company to automate your backups and send a notification to you stating whether the backups were successful or failed. Monthly maintenance ensures that you can recover data from your backups: after all, better safe than sorry.

Overall, it is better to effectively protect your network or computer from ever being compromised. My general rule of thumb is that in terms of network security, freeware is worth every penny you spent on it. Once your IT Company has secured your system, ensure you have plenty of backups against the probability that you may have a computer or system failure, or be hit by a virus or malware.

So, how hard are you going to try to keep your computers and networks secure?

HH: That was really insightful. Thanks for talking with me today, Chris.

CR: My pleasure.

 


Details on Hanson's IT Security and Backup Services can be found here and here. You can also contact Hanson directly at 1-888-245-8468 or info@hansoninfosys.com to speak with a systems administrator about Virtualization today. 
 

Tags

SecurityMalwareCyber SecurityRansomwareInterviewBackup3-2-1 Rule