Confessions of an IT Professional – Part 2 – Data Backups

By December 10, 2018 Security
Confessions of an IT Professional Series

Terry Allen, Technical Engineer, OXEN TechnologyThis week’s article is the second in a series by OXEN’s own Terry Allen, one of our technical engineers based in Joplin, MO. Part 1 is here.

This post originally appeared on Bloggin’ IT with Terry Allen and is reprinted with permission.


I’ll admit that I bang the security drum a lot. Those of you that know me will admit that I avoid risk. I look for it and work to manage and reduce it as much as reasonably possible. I don’t like risk. Life has taught me that our world is full of it. Often risks are ignored until the threat is realized and then we’re suddenly “awake” and sensitive to our newly realized vulnerability. We also live in a world where “FUD” (fear, uncertainty, and doubt) is used to manipulate our buying decisions. My motive is never to manipulate people for self-serving purposes. I am motivated to serve your interests through my years of experience and observation. I am awake to many risks that you may not be aware of because I observe this stuff daily. While I’m not yet a self-described security “expert”, I am experienced enough to share with you my lessons learned in part two of my Confessions of an IT Professional on data backups.

In part one I confessed that our traditional IT ingredients related to security are no longer sufficient to protect us from the threats of a modern-day Internet. A lot has changed to make our traditional security measures less effective.

Let’s talk about data backups. One of the first places we start as professional IT practitioners is to ensure the systems we’re working with have the right kind of data protection. Backups are not created equal. Backup products are VERY different in their capabilities and use cases. I’m talking about both local or cloud-based backup programs! Let’s review some important questions to consider about backing up our valuable data:

#1 – What does it backup and how does it do it?  Does it backup files, folders, installed programs, databases, or my Windows software? It will take many hours to rebuild a corrupted Windows system along with everything else. Most backup programs DO NOT enable this fully.

#2 – How easy is it to restore data from the backup? Can I restore a file, folder or the entire software system? How long does it take to restore? When is my most recent saved backup? I am currently using a cloud based backup program that is widely advertised on the radio. I needed to restore from it for the first time recently and was not able to complete the restore quickly enough to be able to use it which is why I am moving to another cloud backup solution. I didn’t do my own homework!

#3 – Is my backup data secure from ransomware or malicious software that can seek and destroy my backup data? Does my backup store data securely offsite in a cloud in case of a disaster or other loss? Some malicious software will seek and destroy backup data. Data backups need to be offline, redundant, have verifiable data integrity (not corrupt), and be separated from the data source being backed up.

#4 – Is my sensitive data encrypted or protected from unauthorized access if lost or stolen? (Think external hard drives or USB devices.) Encryption may or may not be a feature of your backup software and may not be enabled automatically! Assume that backed up data is accessible by a 3rd party unless you use encryption (based on a password) to make data unreadable by unauthorized parties.

#5 – Does my backup system have history to enable me to restore files from different points in time? You need flexibility depending on the kind of data needing restoration. When finance or the tax attorney calls needing a copy of “that file” from 6 months ago that you can’t find, does your backup have sufficient historical archives to enable going back in time to restore at a point on time?

Not only to we need to think about the right kind of data backup solutions (or disaster recovery) for our PCs, laptops, or servers, we also need to consider how to protect mobile and cloud data: social media accounts, smart phones, tablets, thumb drives (AKA USB or flash drives), and SD “memory” cards in our portable digital devices. Many of us use our phones exclusively (instead of a PC or Mac) and we’re storing more personal content than ever. Are we protecting and preserving our valuable memories for future generations?


Recent Posts / View All Posts

The Importance of Multi-Factor Authentication (MFA)

Security Lockdown: The Importance of Multi-Factor Authentication (MFA)

| Security | No Comments
You may have noticed that recently a lot of your accounts are now requiring multiple methods of verifying your identity when you login. No longer do you just enter your username and password to get into your email, your cloud apps, or your accounting system. You now also need to input a short code that is texted to you, generated by an app, or emailed. In some cases, you might be getting verification phone calls, using a smart card, or entering biometric data like a fingerprint. What is this? This is multi-factor authentication (MFA). MFA consist of three things that…
Tips for Outlook Calendar

Tips for using Outlook calendar

| Tech Tip | No Comments
Confession: I am not an Outlook Calendar junkie. But if one of my coworkers looks at my calendar, they’ll likely see a smattering of events, tasks, and outside work commitments on my calendar. I also have a very long list of “Shared Calendars” so I can check up on coworkers’ schedules – it’s not lurking if it’s business! Like most people at my company, I use Outlook Calendar to remind myself and everyone else (who cares to know) when I am and am not available. Outlook Calendar is an invaluable tool if you’re in the habit of checking if someone…
2020 Cybersecurity Update from OXEN Technology

2020 OXEN Update on Cybersecurity

| Consulting, Security | No Comments
Every day we read about another cybersecurity breach. Lost credit card information, hacked emails, corporate or national security information stolen by insider or external actors. Cyber espionage and security attacks have become sophisticated and big business. We have reluctantly learned a new language: ransomware, “phishing”, malware, HIPAA (in healthcare), PCI (for credit card protection), and PII (personally identifiable information) to name a few. The challenge grows even faster as more and more devices are attached to our networks. New devices like thermostats, smart lights, cell phones, watches, and smart monitors of all types connect to our networks to share information.…