Column: Protecting yourself online requires proper backups

Select an option below to continue reading this premium story.

Already a Honolulu Star-Advertiser subscriber? Log in now to continue reading.

Get unlimited access

From as low as $12.95 /mo.

Subscribe Now

A couple of weeks ago, it was discovered that data stolen from Facebook was available on the dark web. While the data was stolen in 2019, it can still be effectively used by bad actors today. Individuals and organizations should see this as a wake-up call to take care of their data themselves instead of assuming that everyone else will keep them safe.

Three techniques of which everyone should take advantage include multifactor authentication, password management and proper backups.

We’ve written about multifactor authentication before, and many are already familiar with it. Simply put, MFA requires a secondary form of authentication before allowing login. This secondary form is typically an app on a cellphone.

One thing to be aware of in the Facebook breach is that phone numbers were stolen. So if at all possible, one should avoid using plain old SMS texting and use an authentication app. Microsoft Authenticator, Google Authenticator and Authy are the most common authentication apps. Many financial services firms have taken to using their own apps to provide this authentication.

Take advantage of MFA wherever possible when signing in. Organizations should also ensure that their apps are MFA-enabled.

While passwords were not exposed in the Facebook incident, they are still a highly prized target and something the bad guys go after quite a bit. Gone are the days of using one’s birthday and a special character after it for all your passwords.

Don't miss out on what's happening!

Stay in touch with top news, as it happens, conveniently in your email inbox. It's FREE!

By clicking to sign up, you agree to Star-Advertiser's and Google's Terms of Service and Privacy Policy. This form is protected by reCAPTCHA.

You must use a different password for every site. And to keep track of all of these different passwords, you need a password manager. LastPass, DashLane and KeePass all have very good low-cost if not free offerings. Institutionally, adopting a password management solution improves the overall security of the organization.

The last line of defense is ensuring you have a proper backup of your data. This will mitigate your exposure to ransomware. It should be clear, however, that backups are the last line of defense, not the first.

A common strategy for backups is the 3-2-1 method. Under this approach, you have three copies of the data. One is your live data and two are backups. Two different storage media are used for the backup, and one copy is kept off-site.

Back in the day, the off-site requirement was kind of a pain. Sometimes this meant the business owner took it home and put it in the safe, if the owner had one, but often it ended up sitting in their car, which still was better than leaving it in the office. But the advent of the cloud made this a lot easier. In fact, a cloud-based backup knocks out two of the requirements, since it is both a different storage media and off-site.

While cloud-based backups used to be impervious to ransomware, there have been recent reports of cloud backups being compromised. So, while the on-site backup is primarily intended for quick restores, it is also another line of defense overall.

John Agsalud is an IT expert with more than 25 years of information technology experience in Hawaii and around the world. He can be reached at jagsalud@live.com.