Data protection strategies for your home office

data-protection-strategies-for-your-home-office

Don’t risk losing your personal or business data–employ a multi-level data protection and IT redundancy strategy.

Image: SasinParaksa, Getty Images/iStockphoto

On a stormy night in early July, a powerful lightning storm shot a bolt of pure energy through a closed living room window to the back of our 32-inch Sony Bravia television. I watched as the lightning bolt blasted an almost neon-like yellow and white flash onto the TV screen and sounded an ear-splitting crash in the room, causing my wife, our daughter, and me to jump up in disbelief.

The TV immediately died. Later we learned that the cable box and external sound bar system were also blown out by the powerful blast of energy. The next morning, I assessed the damage, filed an insurance claim, and checked on my two work PCs. One machine had no internet access. A bit of investigation found that an internal network card in that PC was fried by the storm. I plugged in a USB Ethernet dongle and got the machine back online in just a few minutes.

SEE: Backup Solutions glossary (TechRepublic Premium)

As I breathed a sigh of relief that the lightning damage to my computer wasn’t worse, I recalled an experience seven years ago that didn’t end as well. It was 2013, and I was in the middle of my workday as a technology journalist. With no warning, my homebuilt work PC silently consumed its last watt of power and died as I was writing a story on deadline. Diagnosis – major system component failure. I started up my laptop to finish my story, then ordered the parts needed to rebuild my work PC.

Be redundant

When that PC stopped running, I gained a new respect for how a dead or dying computer can immediately affect your work and livelihood. I realized that one PC in my office wasn’t enough and that every critical office function should be redundant.

When the new motherboard and central processing unit arrived to rebuild that machine, I replaced the dead parts, reloaded Windows and my applications, and went back to work. But I knew I was at the mercy of the next PC hardware or software issue that would happen. So I ordered all the parts to build a second PC that would sit on the floor next to my main PC as an emergency backup.  This way, in the event of a future computer problem, I could be assured that another PC with everything I needed to get back to work instantly would be available.

SEE: Cloud data storage policy (TechRepublic Premium)

Enlist a secure cloud-backup service

For even deeper redundancy, I signed up for an account with a secure, encrypted cloud backup vendor, Budapest, Hungary-based Tresorit, which backs up my data and synchronizes it almost instantly with every PC or laptop registered on my account. That means no matter where I am, my data is available and safe for my use. Another great feature of the service is that I can access past versions of my files in case I delete something accidentally. Using my secure account, I can also access my files using any computer in any location.  If one PC in my office dies while working, all I need to do is log into my other machine, and my files are available. Tresorit is a subscription service that costs $12.50 a month billed monthly, or $125 for a 12-month subscription billed annually. That includes up to 500GB of data from up to five devices.  

I am also signed up with the online cloud company, BackBlaze, to backup both of my PCs. BackBlaze constantly backs up all drives and files that I designate. With this complete backup of the data on my PCs, my data redundancy is even more robust. I can access it file by file or obtain a complete backup via a loaner drive that is shipped to me to transfer files back to my PC. BackBlaze automatic backup service is available at $6 monthly per PC or $60 per machine annually for unlimited data backup. 

Tresorit backs up and synchronizes files across multiple machines in real-time, making it useful for work that needs to be accessed immediately. BackBlaze backs up designated files for long term storage in the event of a hard drive crash or other disaster, such as a complete or partial data restore.  

SEE: Hardware inventory policy (TechRepublic Premium)

Use a backup drive

In addition to a second trusty PC, my online synchronized work file services, and my complete cloud backups, I also use a 10TB external Western Digital EasyStore backup drive on my main PC to constantly back up the contents of its hard drives. 

And lastly, I regularly email backups of important stories I am writing to my own Gmail account in real-time as I compose them just to be safe. 

Gleaned from that original 2013 office computer that failed me during a workday, these hard-earned lessons and backup and redundancy routines may sound cumbersome. But that recent lightning strike gave me a fresh reminder of what’s at stake if disaster comes barreling into my living room window. 

I’ve learned that I won’t willingly lose the data that sustains my business or personal life. And you shouldn’t be willing to lose your personal or business data either. Take the time to put your own multi-level data protection and IT redundancy strategies into place. 

Tech News You Can Use Newsletter

We deliver the top business tech news stories about the companies, the people, and the products revolutionizing the planet.
Delivered Daily



Sign up today

Also see

Three IT strategies for navigating change

three-it-strategies-for-navigating-change

“Business continuity is no longer solely focused on maintaining IT services, but also successfully tailoring those services to achieve business goals. Google Cloud has identified three core

IT strategies that every organization needs to master to optimize their business continuity plan and be well-prepared to handle the inevitable changes up ahead. Read our whitepaper to

  1. Standardize skills
  2. Strengthen reliability
  3. Simplify operations

5 NSA-recommended strategies for improving your VPN security

5-nsa-recommended-strategies-for-improving-your-vpn-security

The US National Security Agency has noticed a surge in cyberattacks targeting VPNs since the COVID-19 pandemic has forced more people to work from home.

vpn.jpg

The United States National Security Agency is warning remote workers, whose numbers have skyrocketed due to the COVID-19 pandemic, that Virtual Private Networks (VPNs) are increasingly a target of cybercriminals.

A senior NSA official speaking to reporters last week said that telework infrastructure like VPNs have become a focus for malicious actors, which led the NSA to release a formal advisory on how to secure VPNs from cyberattacks

Security risks due to an increase in remote work have been well documented, and tips to counter those threats have also been covered by TechRepublic. 

SEE: SSL Certificate Best Practices Policy (TechRepublic Premium)

This latest set of five recommendations may look familiar to cybersecurity professionals and those familiar with securing remote connections, but the information bears repeating, especially with many more VPN connections being used and reports that cybersecurity isn’t keeping up with the work-from-home revolution that quarantines have forced on businesses. 

1. Reduce the attack surface of VPN gateways

“VPN gateways tend to be directly accessible from the internet and are prone to network scanning, brute force attacks, and zero-day vulnerabilities,” the NSA bulletin said. Mitigation efforts should include implementing strict traffic filtering rules to limit ports, protocols, and IP addresses that can transmit on VPNs, and using an intrusion prevention system in front of the VPN gateway that can inspect traffic.

2. Only use cryptographic algorithms that comply with CNSSP 15

The Committee on National Security Systems Policy 15 (PDF) specifies which encryption protocols can be used on secure government systems, and if it’s good enough for the NSA (at least until it swapped CNSSP 15 for CNSA in 2018), it’s probably good enough for your organization.

CNSSP 15-compliant encryption falls into two categories: Encryption sufficient to protect secret-level information (256-bit elliptic curve, SHA-256, and AES-128) and encryption sufficient to protect top secret information (384-bit elliptic curve, SHA-384, and AES-256). 

SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)

“As the computing environment evolves and new weaknesses in algorithms are identified, administrators should prepare for cryptographic agility: Periodically check CNSSP and NIST guidance for the latest cryptographic requirements, standards, and recommendations,” the NSA said.

3. Don’t use default VPN settings

Configuring a VPN deployment can be difficult, which leads many organizations to leave default settings in place, said the NSA. The NSA specifically states that administrators should avoid using auto config tools or GUI wizards because they can leave undesired cryptographic suites behind, giving a potential attacker more avenues to break in.

4. Remove any cryptography suites that aren’t in use or are non-compliant

The particular problem here comes in the form of Internet Security Association and Key Management Protocol (ISAKMP) and Internet Key Exchange (IKE) encryption policies, many of which fail to comply with CNSSP 15. As mentioned above, automated tools often leave residual crypto suites behind after setup, leaving VPNs vulnerable to encryption downgrade attacks. 

“Verifying that only compliant ISAKMP/IKE and IPsec policies are configured and all unused or non-compliant policies are explicitly removed from the configuration mitigates this risk,” the NSA said. 

5. Keep VPNs updated

“Over the past several years, multiple vulnerabilities have been released related to IPsec VPNs. Many of these vulnerabilities are only mitigated by routinely applying vendor-provided patches to VPN gateways and clients,” the NSA said.

Good patching habits are a standard part of any security best practices and the same goes for VPNs–keep them up to date and subscribe to security alert emails to be sure you know about any newly discovered threats.

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays



Sign up today

Also see