Letter from the CISO, Vol 1 Issue 5
Washington University Community:
Many years ago, a respected colleague told me that for her, the ultimate security was knowing that she could get her data back if something bad happened. This was a bit of a shock to me, as I was young and inexperienced enough to be enamored with cool technologies for encryption, authentication, and intrusion detection. But as I considered her point, I realized she was at least mostly correct.
Over the years, I’ve seen many a sad situation—one professor lost two years of files, another lost a chapter of a book he was writing, a PhD candidate lost 10 months of work on his dissertation, a small organization lost an entire set of financial records, and so on. In the past, these disasters typically happened because the disk-storage hardware failed, people accidentally deleted files or folders, or people misconfigured their backup systems.
Today, the primary threat is ransomware, but human error and hardware failure are still significant concerns.
Picking up on the idea of Keeping Information Security Simple, I encourage you to make sure your files are getting backed up.
Backups are easy via synchronization
One way to do this is to use the University’s Box.com or Microsoft OneDrive subscriptions to synchronize your computer’s files and directories to one of these services. Because they both maintain historical versions of files, you can restore not only a deleted file but previous versions of files in case you accidentally overwrite or corrupt a file. It is important to note that only these two services – Box and OneDrive – are appropriate for the storage of confidential University information such as Protected Health Information (PHI), student data, or employee information. Yes, there are other services such as Google Drive and Dropbox that have the same functionality, but the University doesn’t have contracts with them to ensure proper protection of information.
Don’t forget to test
While you’re setting up synchronization to Box or OneDrive, pay special attention to make sure all of your important files are included. This is especially true if you decide some are not worth synchronizing and you exclude them, or if you routinely store files on your desktop, which you might forget to include in your synchronization.
Bottom line, after you set up synchronization, do a little test.
- Create a file,
- Save it where it should synchronize to Box or OneDrive,
- Check Box or OneDrive to make sure it actually synced,
- Delete or overwrite the file on your computer, and
- Restore the file from Box or OneDrive, making sure you get back what you expected.
It is fairly easy, and you could wait until you need it to figure this out. But if you practice it at least once before you need it, you’ll be much calmer and more confident when you’ve lost something critical and are on the edge of panic.
Remember, the value of data often (far) exceeds the value of the computer it’s on! Hardware can be replaced quickly and easily (except during pandemic-induced chip shortages), but data can’t unless it is backed up!
Synchronize your files and backup today!
-Chris Shull, CISO