What’s Your Backup and Recovery Strategy?

/, ICS Design and Implementation, Jim Gilsinn/What’s Your Backup and Recovery Strategy?

While reading the Wired article, titled The Untold Story of NotPetya, the Most Devastating Cyberattack in History, I thought a lot about backups. Backing up your data and systems in order to maintain critical services is a cornerstone of any disaster recovery program (DRP). I hadn’t realized how fast NotPetya spread through some organizations. From the Wired article, reports were minutes to tens of seconds for the malware to spread to every connected computer within some of the affected organizations. Unless an organization is looking for malicious activity at very high frequency and has active defense mechanisms in place, it is doubtful that an incident like this would be mitigated in real-time. Organizations would need to wipe the affected systems and rebuild them from the ground up in most cases. Without validated backups of the data and systems, an organization may not be able to fully recover in an acceptable amount of time.

It Can Happen to Anyone

I also started thinking about my own issues with backups over the years. I’ve had three main incidents in my life where I’ve personally lost a significant amount of data and/or time, and my family has had a couple more. I looked back at those incidents and think about what I lost and how the simple act of backing up my data properly would have saved me significant heartache.

I’ve had a computer in my life since 1983, when my dad got his first IBM PC. I went through more than 25 years without any real problems, so I got pretty confident that backups weren’t that necessary. Sure, I had backed up files to floppies or even a spare hard disk, but I’d never really considered having a full backup of my system necessary. Then, I had a hard disk failure on my computer. I’d made a backup of my system a few months before by copying all of my pictures and files to a hard disk, so I didn’t lose everything. I did lose all of the family pictures that I’d taken since my last backup, however, including some of my daughter when she was little that I won’t ever be able to replace.

After that, I got a network attached storage (NAS) system for my home network and convinced everyone in my family to use that to store files instead of keeping them on the PC. The system used a redundant array of independent disks (RAID) system, so I thought I’d be safe from a hard drive failure. I connected the NAS system to an uninterruptable power system (UPS) and tucked it away in a corner of my home office.

When I left the National Institute of Standards & Technology (NIST) and joined Kenexis in 2012, I wanted to backup some of my personal emails and files from my time there. I’d worked there for over 20 years and had collected a number of things during that time that I wanted to have after leaving. None of it was proprietary or secret in any way. Most of it was personal emails to my wife, humor with colleagues, or other things that weren’t related to my work at NIST. In order to backup all this data, I brought in a drive from home and copied them to the drive. I figured that what I had copied would be safe, so I didn’t check it before I left on my last day. I put the drive in my home office and didn’t think about it for a few months, since I was just getting settled in my new job. Unfortunately, when I did get around to checking the drive, I found that some of the files were corrupted including the email archive file. I never found out what happened to corrupt them, but it meant that I wasn’t able to recover them at all from the drive. I tried asking the NIST IT personnel if they could recover the files, but they only kept previous employees files and emails for a limited time, and it turns out that I was a couple weeks outside that window. Even thought I thought my backups were safe, the files weren’t recoverable.

The last major incident in my personal life was a flood in my home. The water dispenser in our refrigerator broke and leaked all over our kitchen. It also leaked all over my work computer and some equipment, since my home office is right under the kitchen in my house. Since I’d learn from previous experience, I was very good about backing up my work files to our server, so I didn’t lose any of those. But, I did start to think about what would happen if my home NAS was damaged. Could I recover the files? Would I lose everything?

3-2-1 Backup Strategy

I regularly watch an online YouTube series on computers called TekThing (https://www.tekthing.com/). One thing that Patrick Norton (@patricknorton) and Shannon Morse (@snubs) talk about regularly is having a 3-2-1 backup strategy. When I first heard them talk about it, I wasn’t quite sure what they meant. I had my NAS drive running RAID, wasn’t I good enough?

If you are unfamiliar with the 3-2-1 backup strategy, the company BackBlaze has a good blog article describing it (https://www.backblaze.com/blog/the-3-2-1-backup-strategy/). From the article, “A 3-2-1 strategy means having at least 3 total copies of your data, 2 of which are local but on different mediums (read: devices), and at least 1 copy offsite.” After really thinking about my own personal backup strategy, I realized that I needed to do better.

I now employ multiple levels of backups. Not only do I have my NAS at home, I also use an online backup service to backup my NAS to an encrypted cloud storage. I have copies of the encryption keys stored where I could get them if I needed to recover things from my cloud storage. As an additional precaution, I also take periodic backups of my NAS and put it in a secure off-site storage.

I still have room to do better. I don’t have 2 local copies of my data, since I have everything on my NAS. While I do check the integrity logs of my NAS, I could probably do a better job of checking how well I could restore my files, if necessary. Also, I’m not as consistent about my off-site backups as I probably should be. With all things considered, though, I feel reasonably confident that I could recover all my files if I had to in the event of a total disaster, like having another flood at my house or a fire.

Now that we live our lives with so much digital information, how well is your data protected? Do you feel confident that, in the event of a major disaster, you could rebuild it?

Lastly, backups are only the first step in rebuilding your digital life. It is important to consider some of the things presented in the article from Lifewire, titled Do You Have a Disaster Recovery Plan (DRP)? Life doesn’t always go as planned, but the more you can do prior to something going really wrong, the better off you’ll be when you start to recover.

By | 2018-08-22T17:28:36+00:00 August 22nd, 2018|ICS Cybersecurity, ICS Design and Implementation, Jim Gilsinn|Comments Off on What’s Your Backup and Recovery Strategy?