At Adaptive Office Solutions, we are HUGE advocates for the Cloud. As a backup tool, the Cloud is incredibly effective; with most platforms performing backups in real-time. You probably already use it in some form or another. For example, “anything Google” has real-time updates: Doc, Sheets, and Contacts for example save data as you’re entering it.
But, the need for Cloud solutions goes WAY beyond solutions that only automatically saves information that contains numbers, letters, and symbols. Consider, for example, cherished photographs, irreplaceable videos, and certified documents.
You may already be convinced that the Cloud is the way to go. You also may be using a cloud solution as we write this. But not all cloud backups are created equal. And, if you only have one cloud backup solution, what would happen if that solution got hacked?
We have said it time and time again… There is no single cyber security solution that can protect your data. Relying on antivirus protection and a firewall in the current cyber environment is like standing in a war zone in your underwear. At some point, you’re going to get hit. A multi-layer cyber security plan is the ONLY way to go in the current environment.
How layered? Realy, really layered.
As you may know, Adaptive is phasing out the stand-alone MSP business model that we used to offer. Now we’re combining the old model with new cyber measures. For example, take a look at the old MPS and the additional “Cyber Light” solutions.
Managed Services
- Routine Network Maintenance – Helps to ensure the overall network runs smoothly by optimizing operations and identifying potential problems in order to fix them.
- Help Desk Support – Our personalized supportquickly fixes problems and simplifies workflows and IT service management.
- Critical Monitoring – Gathers metrics about the status of hardware and software to ensure everything functions and supports applications and services.
- Software Patches – A set of changes to a computer program designed to update, fix, or improve it. Can be part of an application’s lifecycle or it can be in response to news of a security vulnerability, performance issue, or other defect.
- AntiVirus Updates – The latest files needed to combat new viruses and protect your computer.
- Spam Control – Designed to detect unsolicited, unwanted, and virus-infected emails, and prevent those messages from getting to a user’s inbox.
- Email Archiving – Backup of emails to an encrypted Cloud system for preserving communications. Added security and peace of mind to recover accidentally deleted emails.
Cyber Light Services
- Advanced EndPoint Virus Protection – Protects systems from file, fileless, script-based and zero-day threats by using machine-learning or behavioral analysis.
- Multi-Factor Authentication – An authentication method that requires users to provide two or more verification factors to gain access to online resources.
- Zero Day Endpoint Protection – Establishes a behavioral baseline and identifies suspicious anomalous behavior to identify an unknown strand of malware.
- Encrypted Backups – An advanced Cloud security measure that protects data in the event that it is stolen, misplaced, or compromised in some way.
- Keeper – Allows users to store online login credentials, documents, images, and other sensitive information in an encrypted digital web vault.
- Business Risk Reviews – Communicates an organization’s cybersecurity posture to internal teams, executives, and existing or potential third-party vendors.
- Staff Education – Helps team members Identify security risks, including social engineering, online fraud, phishing and web-browsing risks.
FULL CYBER ADDS…
But in some cases, even that isn’t enough protection. That’s why our FULL Cyber Plans also include:
- SOC
- SIEM
- Security Policies
- Centralized User Management
- C-Level Consulting
- Vendor Risk Management (VRM)
- 24/7 Backup Failure Monitoring
- Disaster Recovery Plans
- Redundant, Multi-Locational Backups (also known as Geo Redundancy)
- Testing, Verification and Reporting
- Employee Response Procedures and Practices
Yeah… THAT multi-layered!
And there’s still never a 100% guarantee that hackers can’t get through. But clearly, all of that information is too much to digest at one time, so let’s focus on one thing at a time.
As you know, today’s cyber topic is the Cloud. As cyber security experts, we are definitely MASSIVE advocates for cloud backups, but we would be remiss if we didn’t draw your attention to some potential threats when it comes to using the cloud. We would also be negligent if we didn’t suggest that you have redundant backups in other forms and locations.
By “other forms” we mean redundant backups on hard drives and additional cloud platforms. “Locations” mean exactly that. For example, if you only use hard drives, and they are all stored in the same location, you could lose everything during a cyber attack or natural disaster. Additionally, if you only use one cloud storage backup, and that company is hacked all of your data could be wiped out.
According to excerpts from an article by the Canadian Centre for Cyber Security, they wrote, “Cloud-based computing is taking a bigger role in many organizations’ tech footprint every day. With more and more organizations big and small moving to a cloud-first strategy and work-from-home environment, the flexible, on-demand, scalable, and self-service components that cloud computing offers are an appealing option. But it is important to consider all aspects of what cloud computing means before jumping in.
The Cyber Centre developed guidelines to help secure cloud-based services. Each portion builds upon the last, to help get organizations to a safer and more secure cloud computing experience.
Guidance on the Security Categorization of Cloud-Based Services
Security categorization, which helps organizations identify the potential injuries that could result from compromises, is a fundamental step in protecting against the risks associated with the use of cloud computing. More protection is not always best, as it can lead to increased costs and wasted resources, but too little protection can put information and business processes at risk. Finding a solution that is just right for your organization is key, and this guidance will help you do just that.
This document also provides the recommended security control profiles for the low and medium security categories.
Guidance on defence in depth for cloud-based services
Cloud computing does not offer a simple one-size-fits-all solution to protect business assets. This is where a layered approach when implementing security controls comes in handy. Here, you will learn about defence in depth, and how this approach is used to protect against the risks associated with cloud computing.
Guidance on cloud security assessment and authorization
When it comes to moving to a cloud-based environment, organizations need to remember that it’s not just the cloud service providers who are responsible for securing different components: the organizations are too. This shared responsibility makes adopting the cloud even more complex, which is why it is important that organizations understand the overall effectiveness of their security controls and those implemented by the cloud service provider.
Guidance on cloud service cryptography
Cryptography is one of the main pillars enabling security and privacy in cloud computing, and this final document will help organizations understand how it factors in to help protect their information and privacy when moving to a cloud-based computing model. While the topic of cryptography can be quite overwhelming and complex, it is critical to understand it and pick the right solution for your purposes.
By following this guidance and implementing the layers of security necessary for your organization, cloud-based computing can safely become part of your organization’s tech toolbox.”
Adaptive strongly suggests that you click on the links in the article above. They are filled with incredible information, and for the most part, they are written in simple, straightforward language.
Benefits and risks of adopting cloud-based services
In excerpts from a separate article by the CCCS, They wrote, “Cloud service providers (CSPs) provide on-demand and scalable computing environments. Overall, cloud-based services offer your organization more flexibility than on-premises IT solutions. Cloud-based services can also provide your organization with a richer set of capabilities and free up your organization’s IT resources.
However, using cloud services does not automatically ensure that protections are applied to the assets that fall under these services. With cloud services, your organization’s senior decision makers are still accountable for protecting the confidentiality, integrity, and availability of IT services and information. Your organization should identify all business and security requirements and manage all associated risks.
Cloud service models
Software as a service (SaaS):
Your organization purchases the use of applications that are hosted by the CSP, with little to no visibility on the underlying infrastructure.
Platform as a service (PaaS):
Your organization creates and runs custom applications, but the CSP provides the facilities required to build, deliver, and support applications and services.
Infrastructure as a service (IaaS):
You can access fundamental computing resources (e.g. servers, data storage, networking equipment) and use the CSP’s equipment to deploy and run the software that your organization needs.
Benefits of cloud computing
Cloud-based services provide your organization with a richer set of capabilities and can free up your organization’s resources. Depending on the level of service you select, the CSP is responsible for hardware needs, internal labour, and maintenance costs.
Some benefits include the following examples:
- Services can be rapidly and automatically scaled up or down to meet your organization’s demand.
- Services are subscription-based so that you only pay for what you use.
- IT services are rolled out without having to go through time-consuming internal procurement, development, and implementation processes.
- Less of your organization’s IT budget is spent on developing and maintaining software and infrastructure.
- Valuable space associated with off-site servers is recovered and costs (e.g. maintenance, electricity, cooling, licensing) are reduced.
- CSPs are responsible for the security of the cloud.
Risks
When your organization adopts cloud services, you give up direct control over many aspects of security and privacy. Despite this lack of control, your organization is still accountable for protecting the confidentiality, integrity, and availability of its IT services and information based on legal, regulatory, and business requirements.
Although the implementation of security protections may be facilitated by moving to the cloud, your organization’s senior decision makers remain accountable for managing risks associated with these services.
Before using cloud services, you should take the following considerations into account:
- Potential violations of or non-compliance with legal and regulatory restrictions and requirements (e.g. Canada’s Privacy Act, Personal Information Protection and Electronic Documents Act, and Direction for Electronic Data Residency, the European Union’s General Data Protection Regulations).
- Impact to the resources associated with moving, consolidating, or standardizing your organization’s on-premises IT services so that you can use cloud-based services.
- Loss of direct control and visibility of cloud components.
- Lack of security personnel in your organization who are familiar with cloud-based deployments.
- Possible confusion related to roles and responsibilities, if not clearly defined, when responding to incidents.
- Potential of being locked into a cloud service, including your financial obligations and your ability to move to another service provider.
Tips for implementing cloud services
Organizations need to adopt a structured approach to managing risks. This approach should account for the use of cloud services to support your organization’s goals and outcomes.
Before committing to a cloud-based service, your organization should consider the following tips:
- Review all the existing investments that you have in software, the costs associated with operating on-premises services (e.g. data centers, hardware, networks, talent), and the value that can be gained from having access to new features and functionalities provided by cloud services.
- Identify the value and the level of sensitivity of your information; this exercise will help you identify the information that you can store in the cloud (e.g. low sensitivity information) and will ensure you are adequately protecting sensitive business information and personal information.
- Review the security work that we have already conducted, such as our summary reports on CSPs to find out more about a specific CSP’s security controls and processes.
- Ask a CSP to provide security certifications and attestations from third-party auditors so that you have evidence that the provider has a security posture that meets your organization’s requirements.
- Use service level agreements to define roles and responsibilities, document requirements for a CSP’s performance, and outline financial penalties for underperformance.
- Review and manage security controls that protect the assets that you have in a cloud service, such as web application gateways, network security groups, and security control baselines.”
As we mentioned before, Adaptive recommends multiple backups. Let’s take a deeper dive…
According to excerpts from an article by g2, they wrote, “Backup software offers protection for business data by copying data from servers, databases, desktops, laptops, and other devices in case of user error, corrupt files, or a physical disaster that renders critical data inaccessible. It can also protect sensitive business data in the event of a hardware malfunction, hacker penetration, and many other threats posed to digitally stored information by running a risk analysis.
There is a wide range of backup programs that support data protection sources, from corporate servers to personal computers. You can store your data on an external hard drive, but more and more people are choosing cloud backups.
Nothing lasts forever. This is especially true when it comes to pieces of hardware such as computers and external hard drives. There will eventually come a day when your laptop wears out and puts you at risk of losing all of the data kept on it. You can try to take it to a repair shop or to the retailer you bought it from, but there’s no guarantee they can retrieve lost data from the device. This is why backing up your data regularly is so important.
It’s also important to be aware that data can become corrupted at any given moment, not just when your hardware wears out. Any files that you deem important should be backed up on a regular basis. Additionally, backing up your data on the same disk as your original data will not reduce risk.
A truly secure backup solution will include a remote backup, storing your data off-site or off-server so you can recover it if corruption occurs.
The constant threat of data risk
Nearly everything lives somewhere online, so your data being stolen, hacked, or corrupted isn’t completely out of the question. The increasing reports of hackers, spear phishing, and harmful malware are a major threat to businesses of every size, but they’re certainly not the only risks you should be wary of.
Viruses and hackers
While hackers and ransomware outbreaks are more prevalent at the moment, old-school tried and true techniques like dangerous malware, spyware, and viruses continue to be among the leading causes of data loss and system breaches.
Your business will remain exposed to the threat of hackers if nothing is done. It’s not a question of if your business will be attacked, it’s a question of when and how.
To put up another barrier to possible viruses, hackers, and ransomware, you can enlist the help of antivirus software that prevents and/or detects the presence of malicious software within an endpoint device.
Physical disasters
Many think that their data is only at risk digitally, but it’s not the only way you can lose precious files and documents.
Physical disasters like floods, fires, earthquakes, or tornados have the power to completely wipe out all of your data and make the recovery process practically impossible.
Less drastic examples of you losing your data physically can include someone stealing your external hard drive or you forgetting your laptop somewhere without previously backing it up. Not to mention the very real and common possibility of your system’s hardware physically failing.
Why use backup software?
No matter if your data is personal or business-related, you should think about backing up your data. Anyone hoping for an additional level of data loss prevention should consider using backup software to prevent the loss rather than having to react to it without any backup available.
Although backing up your information onto a cloud storage area is the most common way to do so, on-premise servers and hard drives are just as capable. It’s also important to note that multiple copies of backups can be saved. This can be done by retaining multiple points at once, or by saving the same backup on multiple drives or clouds.
Additionally, backup software provides the ability to restore data if the original storage location is deleted. Some software tools may alert you when files have been lost or corrupted while others may simply update the data itself once information is lost. Even if the information isn’t lost, but data needs to be transferred to a new network or device, users can trigger a backup recovery and provide all of the information to brand-new devices.
If you’re looking to back up data of your own, browse the top backup software, read unbiased reviews, and find the perfect fit for your needs.
Types of backup
There are many different types of data backup and backup strategies that are each designed to tackle different issues, vulnerabilities, and storage needs. Continuous backup is essential to keeping your business safe, but it can be difficult to know which type of backup you need to perform.
You first have to assess how much data you have, the capabilities of your network, and what you want the backup to achieve. Only then will you be able to discover the right type of backup for you.
Full backup
A full backup is considered to be the most common type of backup. As its name implies, a full backup is when all selected files and folders are backed up. It’s the most comprehensive backup process, taking longer to complete and requiring more space than other types of backups.
In a full backup, all data is cloned and copied to another location, and if restoration is needed, retrieving it is faster than other backup processes.
Incremental backup
An incremental backup is a backup of all the changes to data since the last backup was performed. This last backup can be a full backup or the previous incremental backup.
With this type, the first backup will be a full one with repeating smaller backups (incremental) that replenish the data that has changed over time.
Differential backup
A differential backup falls between full backups and incremental backups. This is because an incremental backup records the changes to data since the last backup of any kind and a differential backup records all changes made to the data since its last full backup.
With differential backups, a full backup is completed first, and the following backups record the changes made since that full backup. This means that your backup time will be much quicker than running a full backup every time, and less storage space is used.
Mirror backup
As the name suggests, a mirror backup is when an exact copy is created from the source data. When a file in the source is deleted, the same file is also eventually deleted from the mirror backup.
Because they work in this way, running mirror backups should be used with caution. A file or folder that’s deleted by accident (or even by the hands of a virus) can fly under the radar, and if no one notices before another backup, it will be lost in both backups.
Many backup services offer a 30 day delete option. This means that when a file is deleted on your source, it’s kept on the storage server for a minimum of 30 days after deletion. This takes away some of the fear people may have when dealing with mirror backups.
Full PC backup (Full computer backup)
A full PC backup (or full computer backup) targets the computer as a whole. Rather than just copying the data on the computer, a full PC backup also records an image of the computer’s structure. This ‘image’ is like a snapshot of the entire drive and can be stored in a compressed or uncompressed version.
Other backup types only backup a user’s photos, videos, documents, and music files while the programs and operating system will still need to be reinstalled from its source download or a new software disc. However, with a full PC backup, you’re able to restore a hard drive to the exact state it was in when the backup was first done.
Full backups also have the ability to back up the “invisible” and protected files on a computer. What this means is that you can save files or configurations that you otherwise might miss that are important to standard computer functions.
Local backup
A local backup is any backup where the means of storage is kept close (usually in the same building or office) which is why they’re called ‘local’.
These backups are often stored in a dedicated internal or external hard drive that is directly plugged into the source computer being backed up. You can also perform a backup of your device by connecting to a local area network.
Offsite backup
Offsite backups are similar to and carry the same risks as local backups. However, these backups separate the data between locations. This is to prevent data from being affected by storing it in multiple places. The initial backup will be done locally but once the storage medium (ex: an external hard drive) is taken to another location (a manager’s home, a separate office building, a data center), that data becomes an ‘offsite’ backup.
Remote backup
A remote backup is a form of an offsite backup. The difference is that you have access to and can restore the backups while you’re located anywhere. This is why it’s called a remote backup. You will not need to physically be in the storage facility to have access to the backup.
Online backup (cloud backup)
An online backup (also known as a cloud backup) is a backup that is done on a recurring basis to a storage medium that’s constantly connected to the device being backed up.
This backup is ‘online’ because the storage medium is always connected or always online. The storage medium is usually located offsite and has a constant connection to the backup source via the internet. This backup method doesn’t require human intervention to plug in a drive or a cable for a backup to run.
Nowadays, online backup subscription services are available to consumers. This involves the user installing an application to their computer, identifying which files and folders they want backed up, and when they want the backups to run. Then, the data may be compressed and encrypted before it’s sent over the internet to the appropriate storage data center.
These storage data centers are located away from the source computer(s) and are built to protect the data inside them from being affected by fire and earthquakes. They even go as far as installing CCTV cameras and temperature controlling the rooms. Additionally, they have backup generators in case of grid power outages, and the data is replicated across several devices rather than just one.
What data should be backed up?
When it comes to backing up business data, a good rule of thumb is to back up the files and projects that cannot be easily replaced. These can be anything from spreadsheets, word processing documents, financial databases, confidential customer data, and even personal files like photos, emails, music, and videos.
Files and databases are probably the first things that come to mind when you ask yourself what you should back up, but you should cover more than just the basics. You should also save your operating systems (if specially or uniquely configured), applications, program installation discs, registration information, and configuration.
You should back up as much data as you can (within reasonable measures). And don’t forget about company-specific mobile devices. Your CMO’s phone or tablet could contain important data that may not be saved on any other company computer.
To increase protection, someone in the company can be assigned the task of managing the company’s backups. Their job is to understand what company data needs to be backed up as well as setting up a schedule that works.
Remember that every time your company changes services, software, or adds devices, you should revisit and tweak your backup plan if needed. It’s always better to be safe than sorry.
On the other hand, you don’t need to worry about backing up system folders or backup programs. System folders can be recovered from your operating system install disc, and any programs on your computer will need to be reinstalled before you can launch them again.
Better to be safe than sorry
Things happen. Phones break, computers crash, screens go black. If you own any data at all (you definitely do), you should be thinking about the best way to protect it from harm. There are dozens of reasons why you should backup data of any kind and taking extra measures like storing it in more than one place can save you in an emergency.
If you’re backing up business data, sit down with your team to determine what needs to be stored and how often the backups should occur.
Data backup is a better safe than sorry situation. Taking the time to plan a strategy is usually quick and affordable, but if you think your monthly subscription fee is too high, just think about how much you’ll lose if you don’t have anything backed up.
It’s always a good idea to be proactive before you’re forced to react to a data loss emergency. After all, the survival of your company depends on it.”
At Adaptive Office Solutions, cybersecurity is our specialty. We keep cybercrimes at bay by using analysis, forensics, and reverse engineering to prevent malware attempts and patch vulnerability issues. By making an investment in multilayered cybersecurity, you can leverage our expertise to boost your defenses, mitigate risks, and protect your data with next-gen IT security solutions.
When you know your technology is being looked after, you can forget about struggling with IT issues and concentrate on running your business. By making an upfront investment in your cybersecurity, you can lower your costs through systems that are running at their prime; creating greater efficiency and preventing data loss and costly downtime.
To schedule your Cyber Security Risk Review, call the Adaptive Office Solution service hotline at 506-624-9480 or email us at helpdesk@adaptiveoffice.ca