By now, I’m sure most of you have heard about a particular form of malware called ransomware, the horrible virus that gets into your computer, encrypts your data files, and then holds them hostage until you pay a hefty ransom via Bitcoin, due within just a few days. What you might not be aware of is that ransomware can encrypt data not only on your internal hard drive, but on attached external hard drives and networked file servers as well. It can also jump to other computers on your network.
This has serious ramifications for your backup strategy, since you could lose not only your primary files, but backup copies as well. The best way to mitigate this threat is to incorporate an offline backup into your backup strategy. Perhaps you are close to maintaining an offline backup by virtue of having implemented an offsite backup, but if your offsite backup is still online (such as with Dropbox or Google Drive), then you are still vulnerable.
The best approach to protect your backups from ransomware is to add an additional external hard drive for periodic backups, and then keep this hard drive disconnected from everything. Of course the data on this backup won’t be current, so you need to decide how often to update it, but slightly old data is certainly better than no data at all! You can either dedicate this additional hard drive solely for offline backup, or you can rotate it with another backup hard drive that is online. Even with rotating hard drives, the backups can be automated, which means all you have to do is to be diligent about swapping hard drives based on whatever frequency makes you comfortable. Some of my customers swap daily, some weekly, some monthly, some quarterly. Obviously the longer the swap period, the more dated the data on the offline drive becomes.
Ransomware has become such a problem, that Microsoft has incorporated protection in their latest version of Windows 10 (called Windows 10 Creators Update) which is starting to roll out now. This will be the topic of my blog next month.
This has serious ramifications for your backup strategy, since you could lose not only your primary files, but backup copies as well. The best way to mitigate this threat is to incorporate an offline backup into your backup strategy. Perhaps you are close to maintaining an offline backup by virtue of having implemented an offsite backup, but if your offsite backup is still online (such as with Dropbox or Google Drive), then you are still vulnerable.
The best approach to protect your backups from ransomware is to add an additional external hard drive for periodic backups, and then keep this hard drive disconnected from everything. Of course the data on this backup won’t be current, so you need to decide how often to update it, but slightly old data is certainly better than no data at all! You can either dedicate this additional hard drive solely for offline backup, or you can rotate it with another backup hard drive that is online. Even with rotating hard drives, the backups can be automated, which means all you have to do is to be diligent about swapping hard drives based on whatever frequency makes you comfortable. Some of my customers swap daily, some weekly, some monthly, some quarterly. Obviously the longer the swap period, the more dated the data on the offline drive becomes.
Ransomware has become such a problem, that Microsoft has incorporated protection in their latest version of Windows 10 (called Windows 10 Creators Update) which is starting to roll out now. This will be the topic of my blog next month.
RSS Feed