We've been ransomwared twice in the past 5 years.... Just yesterday one of our users got her email hacked and she sent an email to everyone.... And 3 other people opened the pdf from her and also got hacked.
2fa, and the user's don't even know their own passwords ... We do semi monthly training where we send phishing emails out... But the sales rep saw a "RFQ" email, we t and downloaders a PDF and had her email session stolen.... Which then allowed them to email 600 people.... Got so many phone calls, first half of the day was wasted. Why outlook allows you to cc 500+ people at once is beyond me... Went and swapped it to 5 people at once.
Always try to keep things compartmentalized. Those that deal with outside communications do not have access to anything internal such as working files etc. If things get transferred to the internal LAN, it's done so manually. It does add some time on the front end, until everyone is used to it, but it certainly saves having to deal with human error. Why I do not like SaaS programs that deal with work files and have to have a constant internet connection and why I do not use any of them. There needs to be that separation.
Not related to backing up I suppose, but just pointing out no matter how safe you are and try to be... You're only as strong as your weakest link(s). It'll always be a cat and mouse game! But yes, never trust your data in one place.
The downside that is tangentially related, is that no one is going to care about "your" files except "you". Now if "you" don't care about them, well, that's bad. However, 3rd party providers don't care, after all of the attacks on vendors that back up for others over some stupid stuff that the vendors didn't do or did do that wasn't good and rarely have to deal with a total fallout for their ineptitude.
in 2017 a major client had a ransomware incident.
we recovered everything over a weekend.
THE LAST THING we worried about was the onedrive stuff.
microsoft had it all backed up.
THEY DIDN'T MAKE IT AVAILABLE TO MY CLIENT until 34 days later
i was moving towards retirement so another MSP was our MICROSOFT CHANNEL PARTNER so it was never clear to us whether microsoft deliberately took that long or if the s**tty channel partner
never bothered to raise hell. microsoft repeatedly told me as IT manager i had no standing to request access to our files the request had to come from our channel partner
it seems it is kind of like when someone hit my wife's car, and although we had 5 letters from law firms the next morning,we had to wait 30 days to get OUR COPY of the accident report
I don't think that's the first that I have heard about there being a delay from backup providers such as that. Now, having to hear from a specific subset and only that subset otherwise it's no dice, that would irritate me to no end.
However, that was all probably spelled out in the EULA that most don't read. If one is going to do it, in my estimation, do it right and do it where "you" have total control over everything. Yea, it's more expensive on the front end, but depending on what that was delayed 34 days could have probably paid that difference of handling it internally.
It's been a few yrs, but I'm remembering a company that specialized in dental record backups and their backup software was actually used as a vector to infect the customers of that backup company. How is that for irony.
