Data Situational Awareness: It’s About the Data, NOT the Device
Data Situational Awareness: It’s About the Data, NOT the Device
Every day you exercise situational awareness. I’d like to suggest you apply that common sense situational awareness strategy you apply to other areas of your life to protecting your, your families, and your business data.
Maybe your son is about to do yard work. You remind him it is critical, as a red head, to put on and reapply sunscreen to avoid pain and skin cancer. As skin cancer, can be prevented by wearing sun screen, wearing sunscreen is an excellent way, or strategy, for preventing skin cancer.
The same applies to your data. Like applying sunscreen to prevent skin cancer, you can apply a variety of measures to prevent your data from being stolen or compromised.
Hackers are like the sun. They are out there 24/7 probing, locating data they can steal, and stealing it. Like the sun, they are a reality and you must deal with them. Like the sun, they are not going away.
Your situational awareness is to know that hackers are always probing your device (tablet, laptop, desktop computer, cell phone, etc.) but what they want is your data. Therefore, you must have a multi-layered strategy to protect your data.
I know what is below is basic for cybersecurity professionals, but I write it for the other 99.99% of Americans who do not know what cybersecurity entails.
Ransomware: WanaCry Example
One of the greatest threats to your date is ransomware that can:
Prevent you from accessing Windows
Encrypt files so you can't use them
Stop certain apps from running (like your web browser)
All ransomware will infect your device and demand that you pay a ransom to get access to your computer or data.
Thousands of American businesses, educational institutions, country governments, state government agencies, and others have paid out large sums of ransomware to ransom hackers.
One of the most recent hacking probes occurred on Friday, May 12, 2017. It was known as WannaCry. It attacked computer system data for more than 350,000 computers in more than 150 countries within the span of 48 hours.
And things have only gotten worse since 2017.
WannaCry is a unique ransomware strain that exploits a critical Microsoft Windows Server Message Block (SMB) vulnerability to spread like a worm, lending to its rapid propagation after just a few hours of initial detection. The exploit spread across network shares, encrypted data on the shares and left users unable to access their data unless they paid a ransom in the form of untraceable Bitcoin currency.
Thousands of users turned on their computers that day to see the following message:
“This massive ransomware attack was less successful than it would have been had they not sought their ransom payment in bitcoin. As criminals who use bitcoin to hide their activity to avoid being discovered, arrested and prosecuted, they assumed everyone knows how to obtain and pay them in bitcoins. Bad strategy on their part. For all the computers they attacked, the best estimate is that they only collected approximately $40,000 in bitcoin ransomware payments.”
Although this attack eventually fizzled, we may not be so fortunate the next time. Hackers continuously analyze where they went wrong, redo their code, and send out a variation on the original ransomware several times after the original ones. Maybe you can take the steps suggested here before the follow up WannaCry code or other ransomware strikes again.
You need a strategy to prevent data loss from ransomware and other attacks. Here are a few suggestions for how to get started.
Simple Ways to Prevent Loss of Data
Protect all your devices with strong passwords
Change your passwords frequently
Activate your update alerts immediately, don’t click “remind me later”
Keep all your software up to date
Add the most recent software patches
Double check every email to confirm it is safe
Verify that you know the email sender before opening it
Verify any link in the email is safe before you click it
Back up your data (more below)
Back Up your Data
A basic strategy is to keep device, offline, or cloud backups of your data. To be able to use your data, you will also want to back up your software programs at least once.
For ransomware attacks like this one, having backed up your data prior to the attack enables you to ignore it. If you have all your data backed up, you cannot be fleeced out of your money.
Adopting a strategy of redundant backup is a good practice. Here are tools that will help you ensure that you can back up your data so it is available when you need it.
Tools
Description
Cloud Computing
Cloud computing is taking services, including backup services, and moving to shared systems. Applications and services are accessed via the Web, instead of your hard drive. The services are delivered and used over the Internet. The cloud infrastructure is maintained by the cloud provider (such as https://aws.amazon.com/). This is a strategy that particularly applies for those who use their device and data outside their office.
Online Data Backup as a Company Service
There are many companies that will store your data at their data center on their servers, for a fee (such as Carbonite, Rackspace, etc.) and many other companies will backup and protect your data daily, for a fee. online backup service that will automatically backup and synchronize your data across multiple devices.
An online backup service makes it easy to access data from a mobile office. Even if you have just one computer, this is a great way to ensure consistent backup and accessibility of your data after a system crash, ransomware attack, natural disaster, or other threats to your data.
External Hard Drive
An external hard drive is a storage device located outside of a computer that is connected through a USB cable or wireless connection. An external hard drive is usually used to store media that a user needs to be portable, for backups, and when the internal drive of the computer is already at its full memory capacity.
These devices have a high storage capacity compared to flash drives and are mostly used for backing up numerous computer files or serving as a network drive to store shared content. External hard drives are also known as removable hard drives. Available online or in retail stores such as Best Buy, Wal Mart, or Staples.
USB Flash (Stick. Jump, Thumb) Drive
Insert to your device USB port. They are removable and rewritable. They are storage capacity has risen and their price has dropped. It is a good practice to keep one with your keys so you always have it available to copy files, especially in an emergency. USB sticks are constantly increasing in capacity and are highly useful for quick data backups. They are highly portable. Available online or in retail stores.
Backup Ghost Computer
If you have valuable business or family data, you can invest in a backup computer or device. Keep all your data on two devices and if one goes down you will have another one with all your vital data. Computer prices have fallen so much in the past few years this is an option.
Do not risk losing your data. Create a backup system that includes archiving and routinely backing it up.
Auto Install or Manually Install Patches
Those who applied readily-available Microsoft Windows patches on a regular basis before the WannaCry attack were protected. Install the patches via auto install or manually but ensure that they are kept updated.
Anti-Virus, Anti-Malware, and Other Data Protection
There are many excellent antivirus, antimalware and other data protection software packages available. Prices and features vary. Many free ones are available online. Here is a link to a few: http://www.pcmag.com/article2/0,2817,2388652,00.asp
Be Wary when Downloading Apps
When you download and install mobile apps, and especially free apps, you may also download pre-infected malware, which might be instructed by hackers' command and control servers to steal information from the mobile device without alerting the users
Don’t Fall for Phishing Scams
Phishing is a leading way that cybercriminals steal data. You receive an email that has an urgency to it. Inside the mail is a link that the sender urges the recipient to click. The link takes the user to a fake website and your data can be compromised. NEVER open a phishing email.
Power On
Tip: Date depends on devices (computers, tablets, laptops, etc.). To make sure you can access your data, make sure you always have electric power by maintaining extra that transmit power to your devices by remembering to have these items working and available.
Mouse batteries
Computer batteries
Power cords
Surge protectors
Laptop batteries
Also, make sure you have cell phone solar chargers. When power is out, you will need solar backup.
Please go to the American Civil Defense Association website for details, especially for a few vetted products in our Survival Store like waterproof, electromagnetic pulse hardened USB drives to back up your data.
https://tacda.org/product-category/emp-resistant-waterproof-usb/