{"id":30221,"date":"2020-08-04T06:00:08","date_gmt":"2020-08-04T12:00:08","guid":{"rendered":"https://www.webroot.com/blog/?p=30221"},"modified":"2020-07-29T09:23:30","modified_gmt":"2020-07-29T15:23:30","slug":"hack-crash-storm-spill-pick-your-poison","status":"publish","type":"post","link":"https://www.webroot.com/blog/2020\/08\/04\/hack-crash-storm-spill-pick-your-poison\/","title":{"rendered":"Hack, Crash, Storm, Spill: Pick Your Poison"},"content":{"rendered":"\n<p>Don\u2019t expect cybercriminals\nto go easy during a hurricane. Quite the opposite, in fact. Just like they\u2019ve used\nthe coronavirus pandemic to launch COVID-related malware scams, hackers will\ncapitalize on the names and news coverage of hurricanes to disguise attacks. That\u2019s\nwhy now is a good time to review your cyber security posture and your overall\ncyber resilience strategy. We talked with <a href=\"https:\/\/www.carbonite.com\/\">Carbonite<\/a> VP of Product Management Jamie Zajac about how to\nanticipate the types of adverse events that catch a lot of people and\nbusinesses off guard. With the right protection in place, you can maintain\naccess to data during a hurricane \u2013 and all year round. You can start by\nknowing what to expect.<\/p>\n\n\n\n<h2>Get woke to data loss<\/h2>\n\n\n\n<p>When most people think of data\nloss, they think major disasters, like headline-generating storms and floods.\nOf course, it\u2019s important to anticipate highly impactful outages. But these are\nfar more rare than other causes of data loss. \u201cIt\u2019s everyday scenarios that are\nreally common. Like leaving a laptop on an airplane, dropping a phone in the\nriver, or accidentally deleting a folder and having the recycle bin policies\nexpire,\u201d Zajac says.<\/p>\n\n\n\n<p>Another cause of data loss is\nhardware failure. \u201cHardware has become more reliable,\u201d Zajac says, \u201cbut you\nnever know when a hard drive will fail, a computer will be dropped or a\nmotherboard will crash.\u201d<\/p>\n\n\n\n<p>Since hardware has a finite\nlifespan, failure is inevitable. When you\u2019re considering how to protect devices\nthat store important data, Zajac recommends looking for a few key features:<\/p>\n\n\n\n<ul><li>Continuous backup (so you\u2019re capturing changes as you\nmake them)<\/li><li>Online file recovery (so you don\u2019t have to wait to buy\na new computer)<\/li><li>Cloud failover for critical servers or <a href=\"https:\/\/www.carbonite.com\/products\/carbonite-recover\">disaster recovery as a service<\/a> (DRaaS)<\/li><\/ul>\n\n\n\n<h2>An ounce of prevention<\/h2>\n\n\n\n<p>Whether it\u2019s a lack of\nawareness, the complexity of systems or the perceived difficulty of deploying protection,\ntoo many people and businesses fail to protect themselves ahead of time. \u201cWe\noften don\u2019t think to make cyber security and data protection a priority until\nit\u2019s too late,\u201d Zajac says. \u201cFor consumers and business alike, we see a ton of\ninquiries about how to get data off a hard drive that wasn\u2019t backed up. That is\nway more time-consuming, expensive, error-prone and ineffective than having a\nfull cyber resilience and protection plan in place.\u201d<\/p>\n\n\n\n<p>\u201cIt\u2019s never worth the risk of\nbeing hacked,\u201d Zajac says. \u201cI\u2019ve seen businesses struggle and even close when\nthey lose data, or their brands suffer because hackers have stolen their data.\nAs compliance requirements and privacy requirements evolve, more and more small\nbusinesses face these risks.\u201d<\/p>\n\n\n\n<h2>Hurricane checklist<\/h2>\n\n\n\n<p>Hurricane season is prime\ntime for system outages. But it\u2019s also a useful reminder to prepare for the\nunexpected. Here are three key steps you can take to form a strategy for\ndealing with annually occurring threats, according to Zajac.<\/p>\n\n\n\n<ol><li><em>Anticipate your\noffice being unavailable<\/em> \u2013 Like the physical\ndisruptions we\u2019ve experienced with the COVID-19 pandemic, anticipate IT\ninfrastructure becoming unavailable. Can you run systems in the cloud? Can you\naccess a cloud backup quickly? DRaaS is a great solution for businesses susceptible\nto hurricanes.<\/li><li><em>Back up\neverything, not just some things<\/em> \u2013 Many\npeople realize too late that they only chose to back up critical systems, and that\none of those \u201csecond-tier\u201d systems is also necessary to run the business. It\u2019s\nbetter to have everything backed up than to be missing something. You can often\nsave costs by tiering your backups or having different <a href=\"https:\/\/www.carbonite.com\/blog\/article\/2018\/10\/rto-rpo-and-the-cost-of-downtime\/?_t_id=D185dFOZugTkc9vONKlLwA%3d%3d&amp;_t_uuid=OId_eeTaScuey0g5N0z5ZQ&amp;_t_q=RTO+RPO&amp;_t_tags=language:en,siteid:2b7ea699-6127-40c2-a137-36076a55ca93,andquerymatch&amp;_t_hit.id=Carbonite_UberCarb_Web_Models_PageTypes_BlogNews_BlogPostPage\/_4220fb9c-5cc1-463e-b35b-3297c0469371_en&amp;_t_hit.pos=2\">recovery objectives<\/a> for different systems. But don\u2019t skip backing up some systems.<\/li><li><em>Test your\nbackups<\/em> \u2013 Know whether you can\nrecover systems within the time required.<\/li><\/ol>\n\n\n\n<p>When it comes to hurricanes\nand weather-related risks, specific security-related concerns should also be\nconsidered. \u201cIt\u2019s important to <a href=\"https:\/\/www.webroot.com\/us\/en\/business\/security-awareness\">train people<\/a>\non the protocols for when they need to work remotely,\u201d Zajac says. \u201cGenerally\nspeaking, you should be training users on security best practices, whether they\nare remote or in the office. But people are more distracted and thus\nsusceptible to phishing and social engineering when they are remote.\u201d<\/p>\n\n\n\n<p>If people need to work from\ncloud workstations, personal devices or laptops, make sure they have a security\nsuite, such as <a href=\"https:\/\/www.webroot.com\/us\/en\/business\/smb\/endpoint-protection\">cloud-based anti-virus<\/a> and anti-phishing protection. Make sure you have\nsecurity software that doesn\u2019t require people to be in the office. For example,\nif you are relying on your firewall to block malicious websites, it won\u2019t help employees\nwho are off the network. Use <a href=\"https:\/\/www.webroot.com\/us\/en\/business\/dns-protection\">DNS protection<\/a>\nwith roaming device security for these scenarios.<\/p>\n\n\n\n<h2>An all-of-the-above approach<\/h2>\n\n\n\n<p>Murphy\u2019s Law dictates that\nyou\u2019ll probably experience the data breach you\u2019re not prepared for. Any form of\ndata loss can have bad effects. So, if you\u2019re too narrowly focused on just one\nthreat, consider all the potential adverse events you could experience.<\/p>\n\n\n\n<p>\u201cHackers are a constant\nthreat and can have really big impacts in terms of data loss, productivity\nloss, compliance requirements, regulatory fines, brand damage and more,\u201d Zajac\nsays. \u201cA coffee spill is a constant threat,\u201d she warns, \u201cbut the damage is\ntypically isolated. You still don\u2019t want to rely on someone re-creating all of\nyour work if a coffee spill or other localized damage even occurs, especially\nif it is the CEO\u2019s laptop.\u201d Zajac continues, \u201cA hurricane is a rare and often\nwell-predicted event, but the impact can be catastrophic. You can\u2019t wait for a\nhurricane to build a plan.\u201d<\/p>\n\n\n\n<p>The good news is that a competent\nIT consultant can help you build a strategy, and a good vendor can protect you\nagainst many of these adverse events in one fell swoop. <\/p>\n\n\n\n<h2>Setting expectations<\/h2>\n\n\n\n<p>There\u2019s no backup without\nrecovery. But how do you know if your recovery process is sufficient? It should\nalign with the objectives you establish before disaster strikes. <\/p>\n\n\n\n<p>\u201cOn an endpoint, you can\ntypically get very fast file backup and recovery so that you only lose minutes\nof data and all files are available online in a web interface for fast access,\u201d\nZajac says. \u201cFor servers, you need to tier systems into mission-critical\napplications and use a very low RPO solution, such as DRaaS. Non-mission\ncritical infrastructure can withstand a few hours or days to get running again.\u201d\nZajac suggests doing an impact analysis. If a given system is offline, how much\nwill it cost your business?<\/p>\n\n\n\n<h2>Cloud considerations<\/h2>\n\n\n\n<p>It\u2019s not just devices that\nare worth protecting. Today, both personal and business users leverage the public\ncloud, like Microsoft 365 and Azure, for much of their storage and computing\nneeds. A lot of people make the mistake of thinking cloud data is protected by the\nvendor. But this is not the case. <\/p>\n\n\n\n<p>\u201cMicrosoft cannot tell the\ndifference between accidental data loss and legitimate file deletions because\nthe content is no longer relevant. It\u2019s up to users and company admins to make\nthis determination,\u201d Zajac says. \u201cMicrosoft 365 credential attacks are on the\nrise. It\u2019s only a matter of time before someone creates or spreads ransomware to\nMicrosoft 365 native data. That won\u2019t be a good day for anyone who doesn\u2019t have\na backup in place.\u201d<\/p>\n\n\n\n<h2>Next steps<\/h2>\n\n\n\n<p>Never let a good catastrophe,\nor the threat of one, go to waste. Use this hurricane season to make sure you\nhave a robust cyber security and resilience plan. And not just for hurricanes,\nbut for all the ways you can lose access to data. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Don\u2019t expect cybercriminals to go easy during a hurricane. Quite the opposite, in fact. Just like they\u2019ve used the coronavirus pandemic to launch COVID-related malware scams, hackers will capitalize on the names and news coverage of hurricanes to disguise attacks. That\u2019s why now is a good time to review your cyber security posture and your [&hellip;]<\/p>\n","protected":false},"author":175,"featured_media":30223,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[],"yst_prominent_words":[],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/30221"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/175"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=30221"}],"version-history":[{"count":1,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/30221\/revisions"}],"predecessor-version":[{"id":30225,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/30221\/revisions\/30225"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/30223"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=30221"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=30221"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=30221"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=30221"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}