Backups

[WildWestDesigns]

While I'm one for multiple backups, I firmly believe in them being all in my control. I certainly wouldn't make a single backup being under the control of a 3rd party.

Now, why with them pushing their data collection on everyone(MS), they need to get that handled with only automated responses. But I digress.

Although this is originally from reddit, so take that for what it's worth.

Article

 

[Graphic Extremes]

I have two cloud and two one site backups, It is a pain to keep everything synced up thought

 

[netsol]

While I'm one for multiple backups, I firmly believe in them being all in my control. I certainly wouldn't make a single backup being under the control of a 3rd party.

Now, why with them pushing their data collection on everyone(MS), they need to get that handled with only automated responses. But I digress.

Although this is originally from reddit, so take that for what it's worth.

Article

in 2017 a major client had a ransomware incident.
we recovered everything over a weekend.
THE LAST THING we worried about was the onedrive stuff.
microsoft had it all backed up.
THEY DIDN'T MAKE IT AVAILABLE TO MY CLIENT until 34 days later
i was moving towards retirement so another MSP was our MICROSOFT CHANNEL PARTNER so it was never clear to us whether microsoft deliberately took that long or if the s**tty channel partner
never bothered to raise hell. microsoft repeatedly told me as IT manager i had no standing to request access to our files the request had to come from our channel partner

it seems it is kind of like when someone hit my wife's car, and although we had 5 letters from law firms the next morning,we had to wait 30 days to get OUR COPY of the accident report

 

[ikarasu]

I backup my home stuff to workmm, and my work stuff to home... Daily syncs, with file versioning - work stuff is backed up read only to my home.

Also use wasabi backup with versioning and write lock ... So if someone gets access, they won't be able to delete anything (even we can't delete anything for 30 days ..)

Also have it running a check on home and wasabi bi-weekly to make sure everything isn't changed.


We've been ransomwared twice in the past 5 years.... Just yesterday one of our users got her email hacked and she sent an email to everyone.... And 3 other people opened the pdf from her and also got hacked.

2fa, and the user's don't even know their own passwords ... We do semi monthly training where we send phishing emails out... But the sales rep saw a "RFQ" email, we t and downloaders a PDF and had her email session stolen.... Which then allowed them to email 600 people.... Got so many phone calls, first half of the day was wasted. Why outlook allows you to cc 500+ people at once is beyond me... Went and swapped it to 5 people at once.

Not related to backing up I suppose, but just pointing out no matter how safe you are and try to be... You're only as strong as your weakest link(s). It'll always be a cat and mouse game! But yes, never trust your data in one place.

At the very least, if you can't / don't know how to backup data offsite, go buy a $200 external hard drive you bring into work every Friday and backup all your files.... Takes a few minutes after the initial backup, And then bring it home with you at the end of the day.

It's only a waste of money until something happens and you've saved hundreds of hours of work....

 

[WildWestDesigns]

We've been ransomwared twice in the past 5 years.... Just yesterday one of our users got her email hacked and she sent an email to everyone.... And 3 other people opened the pdf from her and also got hacked.

2fa, and the user's don't even know their own passwords ... We do semi monthly training where we send phishing emails out... But the sales rep saw a "RFQ" email, we t and downloaders a PDF and had her email session stolen.... Which then allowed them to email 600 people.... Got so many phone calls, first half of the day was wasted. Why outlook allows you to cc 500+ people at once is beyond me... Went and swapped it to 5 people at once.

Always try to keep things compartmentalized. Those that deal with outside communications do not have access to anything internal such as working files etc. If things get transferred to the internal LAN, it's done so manually. It does add some time on the front end, until everyone is used to it, but it certainly saves having to deal with human error. Why I do not like SaaS programs that deal with work files and have to have a constant internet connection and why I do not use any of them. There needs to be that separation.

Not related to backing up I suppose, but just pointing out no matter how safe you are and try to be... You're only as strong as your weakest link(s). It'll always be a cat and mouse game! But yes, never trust your data in one place.

The downside that is tangentially related, is that no one is going to care about "your" files except "you". Now if "you" don't care about them, well, that's bad. However, 3rd party providers don't care, after all of the attacks on vendors that back up for others over some stupid stuff that the vendors didn't do or did do that wasn't good and rarely have to deal with a total fallout for their ineptitude.

in 2017 a major client had a ransomware incident.
we recovered everything over a weekend.
THE LAST THING we worried about was the onedrive stuff.
microsoft had it all backed up.
THEY DIDN'T MAKE IT AVAILABLE TO MY CLIENT until 34 days later
i was moving towards retirement so another MSP was our MICROSOFT CHANNEL PARTNER so it was never clear to us whether microsoft deliberately took that long or if the s**tty channel partner
never bothered to raise hell. microsoft repeatedly told me as IT manager i had no standing to request access to our files the request had to come from our channel partner

it seems it is kind of like when someone hit my wife's car, and although we had 5 letters from law firms the next morning,we had to wait 30 days to get OUR COPY of the accident report

I don't think that's the first that I have heard about there being a delay from backup providers such as that. Now, having to hear from a specific subset and only that subset otherwise it's no dice, that would irritate me to no end.

However, that was all probably spelled out in the EULA that most don't read. If one is going to do it, in my estimation, do it right and do it where "you" have total control over everything. Yea, it's more expensive on the front end, but depending on what that was delayed 34 days could have probably paid that difference of handling it internally.

It's been a few yrs, but I'm remembering a company that specialized in dental record backups and their backup software was actually used as a vector to infect the customers of that backup company. How is that for irony.

 

[Stacey K]

I have everything saved on an external hard drive...I should probably be syncing that to the cloud also just to be safe, correct?

 

[netsol]

I have everything saved on an external hard drive...I should probably be syncing that to the cloud also just to be safe, correct?

external hard drives DO fail, ESPECIALLY since they tend to get bounced around...

 

[balstestrat]

Best would be a backup and off-site backup so even if your building burns you can still get the data.

Other than that I personally think you are pretty good with offline backup as you still have your original data even if the external drive fails.

(There's more scenarios like encryption malware but lets not go that deep, do 3 2 1 backup if you want to be safe)

 

[Stacey K]

OK thanks guys!

 

[ikarasu]

I have everything saved on an external hard drive...I should probably be syncing that to the cloud also just to be safe, correct?

You should yes. Look into blackblaze, easy to setup and install. Set it up once and it auto backs up.

Also keep your external hard drive not in the same building, otherwise if you have a small fire in the one room everything's still lost.

 

[WildWestDesigns]

I have everything saved on an external hard drive...I should probably be syncing that to the cloud also just to be safe, correct?

Myself personally, I prefer my own "cloud" (the meme is that the "cloud" is really just someone else's computer and they really don't care much about your information as you would thought to be). Have a local TrueNAS setup at the office and 2 others at other locations. Are setup to periodically sync amongst themselves, but when that isn't happening, those ports are closed.

 

[ikarasu]

Truenas can real-time sync pretty good. I have it at my work / home both syncing files to eachother so we both have a secondary off-site.

 

[victor bogdanov]

I have 2 synology NAS set up. one at the shop and one at home. I Manually sync them once per week. (no auto sync or any kind of link between them for security redundancy)

Each has about 60TB of storage and I have them about half way filled up. I can lose 2 hard drives in each NAS without any data loss

Cloud solutions for 30TB of data gets pricey plus alot of the files I need instant access to for reorders etc.

 

[netsol]

Best would be a backup and off-site backup so even if your building burns you can still get the data.

Other than that I personally think you are pretty good with offline backup as you still have your original data even if the external drive fails.

(There's more scenarios like encryption malware but lets not go that deep, do 3 2 1 backup if you want to be safe)

As long as data is in 2places you are pretty safe.
but, I have had 2different clients over the years DROP the external drive on the way to hook it up to copy files from it.

both times DATA RECOVERY cost around $750.

it is worth mentioning, if you backup your data. UNPLUG THE DRIVE AND PUT IN A SAFE PLACE, you are good.

IF YOUNLEAVE IT PLUGGED IN AND SPINNING hard drives are like lightbulbs, they all go bad & YOU LOSE YOUR DATA

store in a safe place between backups & DO NOT GO ON THE CHEAP & store on a flash drive. they fail A LOT

 

[visual800]

Ive got several harddrives I backup to I absolutely refuse to back anything up to any cloud of server online. I dont like not being in conctrol of my files

 

[netsol]

Ive got several harddrives I backup to I absolutely refuse to back anything up to any cloud of server online. I dont like not being in conctrol of my files

a friend from a major law firm tellls me that when a gov't agency files an administrative subpoena asking for information, INSTEAD OF guarding your privacy many of the big players respond with
this is an inconvenience, why don't we just send your EVERYTHING this person has.

back up locally, your data will not be sold or turned over carelessly to an investigation

 

[WildWestDesigns]

a friend from a major law firm tellls me that when a gov't agency files an administrative subpoena asking for information, INSTEAD OF guarding your privacy many of the big players respond with
this is an inconvenience, why don't we just send your EVERYTHING this person has.

back up locally, your data will not be sold or turned over carelessly to an investigation

Bare in mind as well, if these online providers store or transmit files through other countries, they are subject to those rules as well (which is signed off by the customers("you") in the EULA that probably didn't read). Using some of MS' office suite means your sharing telemetry with I think over 800 "partners". I wonder how many "partners", info is shared with for those that use OneDrive that I think is baked into modern Windows now?

And while some on here (I don't think they have contributed to this thread, but they are still active) believe that they have nothing to worry about with what they store, so why bother worrying about this specifically, that misses the point of the issue. Can think that if one wants to, but not a good thing, regardless if one has something to hide or not.

I often wonder why people don't handle it themselves. It isn't that hard (3rd party vendors just don't have any reason to care like the owner of said files, or at least the owner should care, otherwise why be doing this in any capacity), relegating it to a 3rd party doesn't work out at all. They still have issues with malware, they still give up your info at the drop of the hat, they still forget to turn off known vulnerabilities after they change a setting (that is closed off by default for the same reason) and they can still get your computer infected using their own backup software (at least with regard to those dental offices that used a particular 3rd party backup solution).

 

[netsol]

Bare in mind as well, if these online providers store or transmit files through other countries, they are subject to those rules as well (which is signed off by the customers("you") in the EULA that probably didn't read). Using some of MS' office suite means your sharing telemetry with I think over 800 "partners". I wonder how many "partners", info is shared with for those that use OneDrive that I think is baked into modern Windows now?

And while some on here (I don't think they have contributed to this thread, but they are still active) believe that they have nothing to worry about with what they store, so why bother worrying about this specifically, that misses the point of the issue. Can think that if one wants to, but not a good thing, regardless if one has something to hide or not.

I often wonder why people don't handle it themselves. It isn't that hard (3rd party vendors just don't have any reason to care like the owner of said files, or at least the owner should care, otherwise why be doing this in any capacity), relegating it to a 3rd party doesn't work out at all. They still have issues with malware, they still give up your info at the drop of the hat, they still forget to turn off known vulnerabilities after they change a setting (that is closed off by default for the same reason) and they can still get your computer infected using their own backup software (at least with regard to those dental offices that used a particular 3rd party backup solution).

you never appreciate the troubles ransomware causes UNTIL you are hit
we had a client who narrowly missed having to pay a $350,000 ransom (they were in the process of buying the bitcoin...)

we had a "specialist" involved who did absolutely nothing other than offer to broker the bit coin purchase. (if he is telling this story he generally uses the word psychopath to describe my reaction to his offer

the statistic is still 70% of companies that have a major ransomware episode are either acquired for pennies on the dollar or simply go out of business.

 

[WildWestDesigns]

you never appreciate the troubles ransomware causes UNTIL you are hit
we had a client who narrowly missed having to pay a $350,000 ransom (they were in the process of buying the bitcoin...)

Most of the big companies, CC vendors etc are hit more compared to what we hear about and by the time that we hear about them being hit and having paid the ransomware, it's a year or so after the event. The key thing is that they don't have any respect for the data that they are holding, in fact, they will easily sell it to make more money.

I don't need to have been hit by ransomware to appreciate the devastation that it can be. Although, I do know that there are people out there that take the "it will never happen to me". I'm one of those that "hopes for the best, plans for the worst".

we had a "specialist" involved who did absolutely nothing other than offer to broker the bit coin purchase. (if he is telling this story he generally uses the word psychopath to describe my reaction to his offer

Yea, I can easily see that being their go to. Anything else they ruin their margins.

But again, if every so called "expert" 3rd party is this way, doesn't do much good to go through a 3rd party. Can't be any worse compared to try winging it yourself. At least "you" have control and it's not "you" did everything good, but it was some 3rd person "expert" that fell asleep at the "wheel".