Category: Security

I already have a backup, why do I need another?

.Reading time 3 minutes.

A common question, and I’m glad you’re aware you have backup and its importance!

With so many backup systems and options, it can be easy to get overwhelmed. So I’m going to break it down to the basics in order for you to make an informed decision!

The general rule of backups is to have at least 2 backups, one on-premise, and one offsite.
I won’t get into the details of best practices in this post, this more of a general understanding, we’ll dig in to the dirt later.

The main purpose of an on-premise backup system is for what is called a “rapid recovery”.
It’s cheap, relatively easy, and once the upfront costs are done, that’s it, no further investment, barring storage failure or upgrades.
These type of systems tend to store a lot of data, and can be very fast to restore a little, a lot, or all your data relatively quickly!
Relative to what? That will make sense shortly.

Now why wouldn’t you just want to go with the on-premise backup which is usually a “set it and forget it” type of system?
It’s the physical nature of it, it’s just as susceptible to risks mentioned below as your main systems.

The second kind of backup you’ll need is an off-site backup for the most dreaded type of restore, “disaster recovery”.
In the event of the worst happening to your equipment, let’s say a fire or natural disaster, your on-premise system went out along with it.
This has also helped out when the office is offline for an extended period, let’s say a week or more of power loss, but with just a little data you can keep afloat from home.

So why bother with on-premise, why not an off-site only option?
Sure it’ll cost more but now I don’t have to worry about losing my data anymore, right?
Eh, not exactly.
In the event of a large data loss that will require a lot of it to be restored, this can take a VERY long time depending on your setup.
Instead of the few hours an on-premise can have it done, it could take days to restore from off-site.

There’s also one other reason to have multiple backups.
No single solution is perfect.
Either system could experience a failure of some kind, or worse, become corrupted/infected.
Having different systems in place can negate that risk.

I’ll be creating posts in the future going over on-site and off-site backup systems, best practices, and other details.
Stay tuned!

Setting up a shared email account? Don’t build a house when you need a shed

.Reading time 2 minutes.

So my spam folder is flooded with a bunch of junk coming from various “info@whatever” email accounts.

Most likely, these are full blown email mailboxes set up for some kind of easy handling or processing, but not actively monitored or secured and were compromised.
If you’re looking to create an email address that’s just going to be used to re-direct messages, or for incoming only, don’t bother setting up a full blown account.

Services like Office 365 give you ability to create email addresses called “distribution lists”.
This email address will handle incoming mail and forward it to the appropriate persons in your organization.
You can also use a “shared mailbox” that can allow you to not only monitor it like a second account, but also store the emails, as a distribution list will only forward, not store.

There are some other features each can do, but the key is to restrict them.
If no one will be sending as “info@”, don’t give anyone the right to.
For shared mailboxes, disable their ability to sign in, since you’re not supposed to be signing in directly to it anyway.

Using those 2 types of email accounts gives you some incredible control and accountability.
Handling things like “info”, “sales”, etc., like this helps not only organize your communication flow, it helps keep your business secure.
The icing on the cake, those types of email accounts are free in Office 365!

Other emails services can offer similar features, some don’t offer anything except basic email accounts.
Talk to your IT provider/person or email provider and ask if they can help set those kinds of things up for you.

Just because you don’t know, doesn’t make you an idiot

.Reading time 2 minutes.

A wise friend of mine told me a while back he does not like the word “idiot”, and I can understand why.
It’s used so frequently sometimes it’s almost immediately disregarded, but at the same time can be used in such a harsh manner it cuts us deep.

In my field I encounter many people that other techs would consider to be “idiots”.
I prefer to reserve that name as shorthand for “willfully ignorant”, not the uninformed.

People feel ashamed when they get compromised by a well crafted phishing scam, or get a virus while behaving online.
They feel like idiots.

Very few actually are though. Read More

So long, and thanks for all the Flash

.Reading time 1 minute.

I remember going to Newgrounds.com back in the late 90s and watching those amazing videos and playing games that were made with Adobe Flash.

I’ll always have those great memories, and that’s what Flash is slowly turning into, a memory.

Browsers are starting to downplay and I imagine soon outright disabling Flash plugins.

It’s become a burden to system resources and security alike.

So if you’re using a service that requires Flash, I would inquire what their short term goals are to phase it out. If they don’t a plan, I would look elsewhere for services.

If you have a website that uses, or heaven forbid, is designed exclusively in Flash, talk to your designer(s) immediately. Did you know that iOS and modern versions of Android don’t even have native Flash capabilities? That’s a large chunk of views you’re missing out on.

XP has officially retired

.Reading time less than 1 minute.

So the day many have both dreaded and dreamed of (count me in the latter), has arrived.

As of today, Windows XP is out of support, no more updates, no more security fixes.

It was great in its day, but must concede to newer OS’s that can take advantage of today’s hardware and be more secure by design.

It was a good ride, but like other OS’s before it, it must end (*sniff* I still miss 98SE)

“I’m always careful, I’ll never get infected”

.Reading time less than 1 minute.

I hear that all the time from my customers who refuse to get good antivirus or run without any at all.

Well, no matter how careful you are, servers DO get hacked.

A post from ESET shows that yet again you cannot say you’ll never get a virus.