Category Archives: Data Security

Backup Your Data – Tips for keeping your information secure

Backing up your data is one of those information security chores that we know is important but we often neglect to do, it is basically the cleaning your gutters of information security. Just as failing to clean gutters can lead to eventual roof leaks, failing to back up your data can lead to big problems should a natural or unnatural disaster occur. Disaster’s come in many forms varying from flood, theft, and electrical surges to malicious insiders or outsiders with a grudge against your business seeking to do harm.

Now that you are convinced that backing up your data is one of the most important steps you can take to ensure your business or personal files are protected how do you get started? Two items to consider are what are your Recovery Point and Recovery Time Objectives? Simply put a Recovery Point Objective guides you to frequency of backups while RecoveryTime Objectives determine a business risk based target for when the system must be operational again.

Examples

RPO – If your business Recovery Point Objective (RPO) is to lose at most a day’s worth of data you are fine performing daily backups that can recover you to the desired time. Likewise if it is a personal computer contains information that is only updated with photos and key documents on a weekly basis you are fine setting an RPO of one week.

RTO – If you perform a risk assessment and determine your Recovery Time Objective (RTO) is 3 days that means you must craft your backup and recovery program to allow system recovery within this time frame.

Data Backup Tips

  • Backup frequency should be determined by your Recovery Point Objective (RPO) and the importance of the data.
  • Automate your backups using scheduling software to ensure they happen regularly and to minimize the likelihood of human error
  • Store the backup sufficient distance away from the primary source of the data. This helps ensure that both copies of the data are not lost if you experience a fire, flood, or theft. Good ways to do this include using a secure online backup service, a professional physical backup service, or by storing physical drives or media in a bank safety deposit box
  • Verify that your technical support people are monitoring backup failure reports. Backups can fail for a wide variety of reasons so it is important to regularly monitor the success of backups.
  • The ultimate proof that your data can be recovered is to perform a restoration test. This will validate the backup is of good quality and that you are truly protected. It is recommended backups be tested annually at a minimum

Ways to backup your data:

1. Online Backup Services – Online backup is both cost effective and a convenient way to ensure the information is far enough away from your primary data source. For a business I recommend sticking with large reputable providers and avoiding free services that may not be there tomorrow. I will review online backup services in a future post but for now you can consider highly rated providers Mozy, IDrive or Amazon S3 storage services

2. External Hard drives – An external hard drive is a great way to conveniently store backups that are smaller in nature and then storing it in an off site location. I would consider getting 2 2 TB external hard drives that would enable you to set up a small off site rotation plan.

3. Recordable Cds/Dvds – A recordable DVD drive is a great way to make a portable backup that can be stored off-site in a bank safety deposit box or other secure location.

4. Magnetic Tape – Is cost effective for larger corporations with large volumes of data but for smaller businesses I recommend one of the options recommended above.

Information Security – Who Needs It? Restaurants Do!

Tino’s Greek Cafe located in Austin, Texas learned the hard way that negative information security exposure can get your business featured in unwanted headlines. Hacker’s compromised customer credit card data and fraudulent charges were noticed by multiple customer’s that had recently eaten at the restaurant. That correlation allowed investigators to determine the commonalities involved and point to Tino’s as the probable link.

What can you do to avoid suffering information security ruin like the Greek Cafe? Review our information security top 10 list and help ensure your company is protected.

Data Security – Tips to Keep your Data Secure

Securely wipe data off of hard drive devices prior to redeployment

As mentioned in Top 10 Information Security Items Your Business Needs to Do Now, when you plan to get rid of old computers, servers, network devices, portable storage (like USB drives) and printers your job is not yet done. These devices will walk out the door with sensitive company information on them if you do not put in place proper measures to sanitize them prior to removing them.

When you are eliminating an electronic device and wish to secure sensitive data, simply deleting files or formatting the drive is not sufficient to secure your sensitive data. Short of physical destruction of the disk itself, which is often not a viable option if you lease or wish to donate it to charity, utilizing disk wiping technology is the preferred method for safely removing data. Listed below are several disk wiping technologies with recommended products to assist with this important security process.

Recommended commercially available hard drive / disk wiping software:

#1 – WipeDrive PRO

This industry leading software is trusted and used by the Department of Defense who literally wrote the book on disk wiping requirements. In addition WipeDrive PRO is an approved compliance wipe disk tool for regulations such as HIPAA, Gramm-Leach-Bliley Act, Sarbanes-Oxley Act, The Patriot Act, Identity Theft and the Assumption Deterrence Act. Supports all PC and Mac Computers and can also wipe external hard drives, thumb drives, memory cards, iPods & other external media.

#2 – Acronis Drive Cleanser

Is compliant with DoD standards and supports the majority of Windows and Unix Operating Systems that your small business is operating. Friendly menu driven software is easy to install and operate and comes pre-loaded with all of the standard algorithims you may wish to use.

Recommended free hard drive / disk wiping software for personal or business use:

Disk Wipe – Tool is free of annoying adware and is a fully functional disk wiping utility that also works on portable drives and other media like SD cards. My favorite of the freebies.

Eraser – Works with any Windows based drive and suports most of the common wiping methods described already.

DBAN – Last of the big 3 no cost solutions is another strong option for handling disk wiping needs on a budget.

All of the above product recommendations are for Windows based devices. If you are utilizing Apple Mac’s I recommend utilizing  WhiteCanyon’s WipeDrive for Mac

Hard Drive wiping tips:

  1. Configure the setting for number of disk wiping passes for a minimum of 3X to ensure the data is sufficiently overwritten. The setting could be set much higher but any greater then 7X does not add much to security and will add a lot of time to the process.
  2. Disk Wiping can take a lot of time depending on your configuration option so usage of a concurrent license option is recommended if you are dealing with large volumes of devices.
  3. Review the completion log to ensure the wiping completed 100% successfully
  4. If you choose to use one of the free options I recommend using a “stable” vs. “beta/preview” builds to minimize your likelihood of encountering errors.
  5. If your business must comply with a certain regulations like HIPAA it is safer to go with commercial products that have certified their products to comply with a particular standard vs. freely available products that often do not.

Leased Equipment Tips

  1. Ensure your lease agreement covers the vendor securely wiping your device whether it is a pc, server, printer, or network device. This will likely come with an extra fee associated with it but unless you are certain disclosure of the data would not cause you harm it is worth the piece of mind.
  2. The typical cost per device for a lease company to wipe the drive ranges from $20-50$ depending on the company.
  3. It is not wise to attempt to cleanse a leased device yourself without discussing with the vendor ahead of time and making sure it will not potentially violate your lease agreement.