Whenever a techie sets up a new computer network, they have to assume that files will unexpectedly disappear, and plan for it.
Maybe files will be deleted by mistake. Maybe they will be corrupted by bad sectors on a hard drive. Maybe a hard drive will totally fail. Maybe a power surge will get them. Maybe an unhappy employee will wreak havoc on purpose. Maybe mother nature will get them with a fire, flood or sun spots. The list of ways that files can be lost is as long as your imagination.
That said, when files are lost or corrupted to the point that it causes a serious business problem, it is a failure of planning. More specifically, its a failure of the file backup system. A robust scheme for backing up important files offers protection no matter what made the files inaccessible.
I say this to counter advice offered today by the New York Times to small businesses.
The Times article starts with the fact that some small businesses lost files due to ransomware, and then goes on and on about how and why companies should improve their computer security.
Sound reasonable? Not to me.
What's wrong here, is that small businesses that lose files due to ransomware do not suffer from bad computer security. They suffer from bad backups.
Improving computer security is a good thing, of course, but improving a backup scheme is a great thing.
Robust backups offer protection, not just from security failures, but also from the many other ways that files become inaccessible.
I fear that a small business, duped by the advice in the Times, will waste time, effort and money on improved computer security, just to be ruined by something else.
Actually, ransomware is among the better things that can go wrong, because its relatively easy to recover from. The hardware still functions, the operating system still boots, its mostly data files that are effected. Delete the maliciously encrypted files, restore from the latest backup, remove the malware with antivirus software (or restore from an image backup) and get on with life.
I would much rather deal with a ransomware attack than a failed hard drive or a power surge from a lightning strike. With good backups, ransomware should be an inconvenience, not a disaster.
Sadly, for every person that reads this blog, ten thousand will read the article in the Times. That doesn't make me wrong.
- - - - - - - - -
Update: January 15, 2016. Just as I was publishing this, Brian Krebs was publishing Ransomware a Threat to Cloud Services, Too. It is yet another story of a small business victimized by Windows based ransomware, with a twist - all the applications and files were in the cloud.
Krebs writes that "The best defense against ransomware is a good set of data backups that are made each day - preferably to a device that is not always connected to the network." But, he is a reporter, not a techie.
He is certainly right about backups being the best defense, but daily backups are a starting point rather than a rule. Certainly, some companies need more frequent backups. And, even within a company, different data is likely to have different backup requirements.
His point about backups not being always connected to the network is indeed important since ransomware attacks all visible files. But, he falls into the same trap as the New York Times. I get it, security is sexy and backups are boring. But backups protect from so many other things, that focusing on ransomware as a security issue is just wrong.
Most interestingly, in the case in question, the cloud application provider made daily backups but took a week to restore them. Krebs does not name the company. I wonder why.