+27 (0) 11 704 7222 info@mrbackup.biz
Simple steps to secure your data and protect your business

Simple steps to secure your data and protect your business

Data protection legislation goes further than simply asking the IT department to implement “appropriate measures”, it also adds many new technical requirements to an organisations data and the systems that contain the data. It expects a commitment to invest time and money, it requires ‘board level’ focus to manage risk and a shift in culture. In truth, data protection is as much behavioural as it is technological. Expecting that systems, process and policies will provide enough security is simply put, naive.

Regardless of systems implemented no one is safe from an attack or data breach.

The first step to better security in the organisation is employee awareness. Employees are the greatest asset when it comes to data security, and, not surprisingly, the greatest liability.

Making employees think of cybersecurity and the role they play in the securing the data of the organisation is imperative.

Much like taking measures to secure your premises from intruders (burglars) with fences, bars, alarms and more; organisations are now expected to take similar measures to protect their digital assets; having an aware workforce puts more eyes and ears in the game. Emphasise data ethics, if it isn’t yours why take it?

Run awareness refresher sessions, make sure any and all changes to policy are well communicated and acknowledged. Call in guest speakers to chat with employees. Make awareness a key step when on boarding new staff.

The second key step is to draft data security policies. New systems, processes and procedures that are not under-pinned by solid policy-making, understood and supported by all concerned will remain weak, at best.

These policies must cover key issues such as:

Data Backup and Recovery

Setting up off-site storage
Document data management procedures
Test recovery frequently

Keep anti-virus, ransomware and malware protection software up-to-date

Run regular scans to confirm the validity of the protection software

Password management
Set down a password policy that combats:
Re-using passwords
Sharing passwords
Drive a minimum password length of eight (8) alpha-numeric with one ‘character’
Implement two-factor authentication wherever possible

Build a tightly secured network

Audit for default admin logins and passwords
Ensure, as minimum, SSL security is in place for web sites
Use strong encryption on all firewalls
Manage and monitor the use of external storage devices such as USB keys

Have a strong and clear approach to BYOD (bring your own device)

Keep operating systems and applications up-to-date

Never decline or postpone for too long an update from the OS or Application vendor.
Once an OS, Application or Browser has reached end of life make every effort to get it out of the organisation.
Limit the use of local admin rights.
Regularly audit laptops for obsolete, no longer used user accounts – get rid of them
Thirdly, engage with third-party specialist cybersecurity and data protection experts. Cybersecurity and counter measures a fast-moving target, expecting in-house IT shops to keep up is a nearly impossible ask. Larger companies may setup a dedicated team of experts organisational cybersecurity as their focus, it will still be a difficult job for them to keep up. Setting up strategic partnerships with experts.

Third party specialists can help with understanding legislation in the context of the organisation, carry out audits and vulnerability assessments, assist with simulations (specifically data recovery), construct communication campaigns in the event of a breach and lastly, give Board Members the comfort that the measures being taken to secure the company data are not just adequate but tried and tested.

Got a question or need help to secure your business?.

How no Data Protection or Cybersecurity can impact your business reputation

Acronis Backup Clould Banner_Social Media_1200x628

How no Data Protection and Cybersecurity plan can impact your business reputation.

Why does data need to be protected?  Before answering this question, we need to agree on what Data Protection and Cybersecurity are.

 

Data protection is a set of laws, regulations and best practices intended to secure digital information without limiting the use of the data for business purposes all the while not compromising the data in any way, thereby safeguarding the data from unstated or malicious use.

Cybersecurity is the measures and processes taken to protect a computer system or data against unauthorized access or attack.  Both set down minimum standards and reporting requirements for serious breaches.  There are essentially two reasons organisations should protect data, legislation and reputational damage.

 

Email1_Banner_Ransomware Forecast

Legislation

In the European Union, the expectation that data is protected is a right. As such, the General Data Protection Regulation (GDPR), since coming into force in May 2018, has provided a robust framework for ensuring that right.

Data Protection laws vary from country to country, but the principle of the laws are similar. Many countries have derived their legislation from GDPR.  A fiduciary obligation is the legal obligation of one party (a fiduciary) to act in the best interest of another. The fiduciary is someone (a person or persons – not an organisation) entrusted with the care of assets or property. The fiduciary, in most cases C-Level Executives, have the same obligations for data since it is considered as an asset, failure of these obligations may lead to personal liability and legal consequence.

Reputational Damage

The greatest harm a breach can cause is the loss of the customer’s trust. It can take years to build a company’s reputation and one breach, in a matter of hours, can destroy that. The actual breach is the tip of the iceberg, in most cases, a breach is closely followed by customer or shareholder lawsuits.

It is for these reasons that adopting sound data protection procedures to avoid any sort of cybercrime is no longer optional.

In general, data protection legislation distinguishes ‘personal data’ and ‘sensitive personal data’ (data pertaining to, for example, ethnic background, religious beliefs, health, etc.). Data protection frameworks provide suggestions and rules on how data is to be stored and used in business activities (e.g. for marketing).

Organisations are to ensure data is:

  • Used in ways that are stated up-front with the owner of that data
  • Stored only for the period of time it is needed
  • Stored safely and securely
  • Recoverable for data forensic usage if ever required, in line with local legislation (for example financial transactional data must be stored for 7 years in many countries)

Organisations have two sets of data – that belonging to the customer and that of the employees – all of which need to be protected, to prevent misuse by unauthorized third parties for purposes of fraud.

For a free consultation please contact Sales@mrbackup.biz

Subscribe to our newsletter https://mrbackup.biz/subscribe/

 

Avira Anti Virus

Why do backups fail

Backup Software alone is not enough!

Dont trust your backup software to protect your business

We belive you must check your backup jobs everyday to ensure you stay on top of issues causing backup software to skip files, or stop working altogher. This could leave your backups useless when you need them most.

7 Reasons why data backup and resotres fail

The data below was created from a sample of 200 customers looking at common failures due to external forces causing backups to fail which Mr Backup Support desk resolve for cusotmers on a daily basis

“60% of Backup jobs are incomplete”

“50% of data restore attempts fail”

30%

CONNECTIVITY 

Backup jobs fail due to external networking, security settings, ISP connectivity, cyber-attacks and bandwidth to the internet causing backup jobs to fail.

26%

CHANGE

Backup jobs fail due to infrastructure change from passwords, network settings, security updates, machines replaced, moved folders. The list is endless and anything you change in your system could affect your data backup system and stop jobs completing or skipping files.

26%

SPACE

Often overlooked is free space to store backup data. Backup drives can become full very quickly if not monitored and backup jobs will fail. Our support desk find that 20% of support tickets are generated to make more space for backup by freeing up space, archiving, deleting temp files or adding more backup storage space.

10%

OFFLINE

10% of backup job failures are caused by services going offline. This can be hardware being offline, software services stopped or paused caused by updates or system restarts.

5%

CORRUPT

Software and file corruption often occur when applications crash or machines lock up causing 5% of backup jobs to fail.

5%

LAN ISSUES

Maintaining a high-quality of service LAN is vital to protecting your data. Backup jobs can handle minor network delays but 5% fail due to network availability between the data being protected and the backup target.

4%

USERS

4% of backups fail due to user intervention. Mainly caused by manually stopping backup jobs that are running during critical times to free up system or network resources. Or users have changed and edited jobs and have failed.

Your Cloud is Fragile Handle with Care

How to protect your data in the cloud Does Google, Microsoft, Amazon, Dropbox backup my data?

If you are using Google Drive, Microsoft OneDrive, Dropbox or any other Free cloud storage provider they all use file synchronisation technology to create a copy of your data.

While these cloud systems state they Backup your data and provide data protection and recovery it is very limited in what they can recover and comes with a hidden risk you may not know about.

Like every other storage media whether it is your PC hard drive, USB Storage Disk, NAS it still needs to be protected with a separate backup tool that follows the 3-2-1 Backup Rule that is independent of the storage system you use to store your files.

For example, Dropbox duplicates your files onto every computer you own, it also keeps its own set of backups – so you can roll back to an earlier version of a file, or recover deleted items. This feature can be a real life-saver: to recover a deleted file, you can just log in through the browser, click Files, then click Deleted files in the sidebar. Find the file you want to resurrect and click restore.

The catch is that changes and deleted files are only stored for 30 days, after which they’re purged. So while Dropbox can rescue you from short-term problems, it’s no use when you need to restore a document that was changed or deleted a few months ago. You can extend the window to 120 days by upgrading to a Dropbox professional account £199 annually, or £19.99 per month.

With all these systems, Google Drive, Microsoft OneDrive, Dropbox and others your files are dispersed to all your devices.  Each one of your devices is a week point and are open to ransomware encryption, corruption from Malware, infection of viruses and open to theft by using your mobile devices on public WiFi networks.

Anyone of these threats can affect the files on your device and synchronise the affected file to your cloud storage. Once in the cloud, it will wreak havoc on the rest of your files and will infect others when you share files with infection.

We recommend you protect and secure your cloud storage. Have a separate backup system for your cloud storage and install antivirus and malware protection software on your PCs and Mobile devices.  See below for some recommend product from Mr Backup

Office Backup System

Backup all your PC and Mobile data to one central point in your office with a network attached backup storage device. 

Features include:

  • Simple user-friendly setup
  • Data Encryption, backup and restore 
  • Scalable solutions for home user up to enterprise businesses 
  • Synchronise to cloud backup for additional protection 
  • Setup and support from Mr Backup Service Desk

Theft Proof Data Storage

Mr Backup’s unique Stealth Replicator is installed in over 1000’s of customer premises backing up PCs, Servers to one central point with archive backups stored in our datacentres. 

Features include:

  • Covert Design fools would be thieves 
  • Securely screwed to a wall or hidden out of sight
  • Data Encryption, backup and restore 
  • Scalable solutions for home user up to enterprise businesses 
  • Synchronise to cloud backup for additional protection 
  • Setup and support from Mr Backup Service Desk
  • Daily monitoring and backup report 
Cyber Security 101

Cyber Security 101

8 Tips to keep your data safe

Protect yourself and your business from the 13,842 attempted cyber attacks happening in South Africa every day.

PASSWORDS


Set Memorable Passwords. Forget using characters or numbers in place of letters trying to make secure passwords.  Use memorable passwords made up of at least 3 random words you will remember.  Don’t use the same password for all systems.  Instead, have a strong password set for differing groups of systems to help you remember.  For example, social media group passwords, financial banking applications group, Online shopping, machine, and work password groups. 


FREE SOFTWARE

Beware of using free software. Especially free antivirus software and any software key hacks. Many of them contain Malware to track your life through the internet


SECURITY UPDATES

Always update your PC and Mobile devices with the latest security patches from the source vendor.


USB Devices

Never use free USB sticks from an event or that someone has given to you. Unless you have up to date antivirus software installed you are running a big risk of being infected.


PHISHING EMAIL

Always be aware when opening any email even from people you know. 

  • Don’t trust anything you haven’t expected. Always be suspicious of emails you haven’t expected, even from people you know. Especially if it asks you to open an attachment, click on a link or divulge any information.
  • Verify the sender address by clicking reply, you will see that an alleged internal email is really going somewhere else.
  • Requests for money should raise alarm bells. Always treat requests for money or sensitive information with a high degree of skepticism.
  • Look but don’t click. Hover your mouse over any links embedded in the body of the email. If the link address looks suspicious, don’t click on it
  • Verify with the sender.If the tone or the purpose of the email is slightly out of the ordinary, like a request for payment from the CEO to you, rather call or text the sender before actioning anything.

We recommend getting your staff trained on how to spot phishing email attacks.  Contact your Mr Backup representative today for further information and training available.  


RECOVERY PLAN

Get a Recovery Plan…  As well keeping yourself secure with education, antivirus and security software the ultimate recovery solution should you become a target always falls back to having a reliable and automated backup and recovery solution.

Your Backup and Recovery plan must include the 3-2-1 Rule.

Have 3 copies of your data.  Use 2 separate storage systems.  1 copy of your data in a separate location.

EDUCATE YOURSELF

Increase your knowledge of online security threats.  Learn about the different types of attacks cybercriminals will use to access your data.

Malware can be defined as any programme or file intended to damage or disable computers and computer systems without the user’s knowledge.  Malware can include computer viruses, worms and Trojan horses.

A “worm” is a standalone malware computer programme that replicates itself in order to spread to other computers.

A Trojan horse is a type of malware that is often disguised as legitimate software.

Spyware is software that collects a person’s personal information such as credit card numbers, without the person knowing it is happening.  The information is sent to criminals without the consumer’s consent where it can be used to commit fraud.

Key loggers are devices which will record every keystroke a user makes. Keystroke logging is malicious spyware that is used to capture sensitive information like passwords or financial information. Sensitive information is sent to third parties for exploitation by criminals.


MONITOR & REPORT

Make staff education, system updates, recovery processes, monitoring and reporting part of your day to day business.  Security is not a one-off project.  Ask your Mr Backup contact how to improve your security to help you discuss and guide you on the best solutions for your business.

Mr Backup Offers the following services:

NEW SERVICES from South Africa’s leading data protection experts

Mr Backup has been busy enhancing services to support the needs of our customers by expanding our Cloud Backup, support monitoring, security, and consultancy services.

Cloud Backup Services

  • Cloud Backup for Windows, Linux, Apple
  • Backup for Office 365 Mail, OneDrive, SharePoint
  • Offsite Server replication and hosting
  • Disaster Recovery as a Service 

Onsite storage and backup solutions

  • Synology
  • NetApp
  • Stealth Replicators  

Monitoring – Security – Support

  • Daily backup reports 
  • System health monitoring
  • Enhanced anti-virus tools
  • Web based backup management tools

Security, Disaster Recovery, and Compliance Consultancy

  • Stay ahead of the new government and financial regulations
  • Threat Protection and best security practices
  • Disaster recovery planning
  • Staff data security training

How to backup to the Cloud

Every backup system should include an offsite backup copy to protect your data from every eventuality. Veeam Cloud Connect enables you to connect existing backup servers to Mr Backup’s Veeam Cloud Service backup storage in minutes. Segment a single backup repository into one or more cloud repositories, each with its own specified tenant. Manage resource allocations and expiration dates for each tenant. Cloud repositories are completely isolated from one another. Customers can also encrypt their backups – this is done at the source, before data leaves the customer’s network and without increasing bandwidth consumption. Because unlike a general purpose WAN accelerator, Veeam’s Built-in WAN Acceleration maintains data reduction ratios even with encrypted data streams.
How to backup to the Cloud