security and backups (1 Viewer)

i am not an expert but have some experience and when i ran a computer store i saw many problems that impacted on people and business in various ways. some were quite devastating.

take heed of andy's warnings in the sticky at the top of the thread

do not be complacent, many hoaxes and spam out there which go nowhere or are designed to suck you in but also there are real attempts to hack or control various aspects of your digital life and not to your benefit.

first of all, all systems are vulnerable whether PC, using win, mac or linux or a smartphone. this is because although a particular operating system may be designed diferently and less at risk, your usage and storage of digital data varies and is out there in many forms, from emails, atachments, sign in or log in credentials, networking, website cookies and caching to backups and copies in many varieties.

another consideration is personal trust. as an example, of course you trust your wife or partner or children: however i have seen disaster arising from simply allowing access to a your system when the trust breaks down. the causes are not always the unfortunate breakdown of a marriage, i have seen and helped people regain control after a child got drug addicted, after a partner's laptop was left at work, after a spouse of a friend was terminally ill and got into severe financial trouble gambling to try and gain money for her children. so it is not always nasty hackers from foreign countries it can be misfortune.

we tend to assume trust, not just in our families and friends but also that manufacturers and software suppliers are not just diligent but perfect. of course they are not although most are ethical and sincere, they can and do make mistakes. there are people out there trying to get you, that is not paranoia, it is fact. many of the constant 'patches' and updates reflect this continuing battle.

antivirus covers far more today than just a bit of code designed to send your data to someone you dont want to have it. it is a broad continuum of research and security against many forms of exploitation. all users however limited should have an anti virus package continually running.

backups are essential but none are invulnerable. you need more than one kind and you need to think about what would happen not just if computer compromised but if a fire, roobbery, flood or simple hardware failure occurs.

i just want to open the discussion generally so that people can add their experiences and solutions. thank you.

another consideration is simple mistakes! i know what i am doing, sure i do. i had dropbox account simply disappear! no help from them to my surprise. details not important but believe me, free online backups are not perfect. this happened when i was cleaning all my machines and installing different operating systems. i have a routine of backing data such as writing (a lifetimes' work including some as a published author) to dvd and memory sticks, that saved me. however one dvd was unreadable for no apparent reason. it was fortunate that i copy my copies, i had a backup of my copies of backups - and i needed it.

memory sticks, hard drives and dvds etc fail. backup your backups twice, daily if possible and also keep copies securely away from usual premises. in Australia i found a lot of people lost everything in bushfires. few had copies elsewhere.

consider also such transient but important things as passwords, contacts, address books. paswords is a subject in itself but do look at your login accounts and your verification phone numbers and alternative email addresses and keep them up to date. again, i am clever. so why when i lost my contacts when outlook took over hotmail did i have a verification using a phone number i had given up? again, i had alternative verification so was able to rebuild. small things get us all.

i use the analogy of driving - most drive, few know how to fix a modern car but you should at least have a spare tyre, tools, torch and a raincoat in the boot or trunk.

backup your data. photos, passwords, correspondence. think about what you use every day and where you would be without it. back it up regularly, off site and in more than one place.

All good advice. But, and in my opinion its a big but, just how important/valuable is the vast majority of the "stuff" on most peoples' computers/devices?
I know I've got collection of cd's/dvd's/memory sticks that I've never looked at again. I think a less "paranoid" approach would be suitable for most people - backups of backups - why not a backup of that extra backup?

it is not just ordinary people get problems. i had a verified example last year of a multibillion dollar company that lost, over more than a year before i detected it, ALL of a number of important documents including templates and data filed under legal constraints for billion dollar licensing requirements with huge impact on legal operations and liability. and i didnt even work for them, just tried to stop a friend crying!

it turned out to be a combination, as it often is, of staff changing and making assumptions, other staff flagging data loss but reports not acted on, a hardware failure, a system change in software .... it took six weeks and many, many expensive man hours to fix from offsite backups. people (some innocent) got blamed and threatened before causes were identified. now they have new hardware and better staff - one hopes.

but it goes to show, these things happen. i noticed the anomalies when a friend was about to lose her job and in tears because of missing documents. the highly paid staff, contractors abroad, ignored the local staff, the ignorant users assumed it would be fixed and used later documents but in fact for a year highly sensitive and important local documents were overwritten and lost for ever. and, by good fortune, the yearly wipe of offsiite backups had been delayed simply because my friend found the courage, after threats to her hard won career, to keep trying for weeks to get contact with overseas directors over the head of her bosses! she finally got the deletions stopped with days only to spare ... got rewarded but lost friends.

that is a large example of what often gets us - complacency, trust, human nature.
unless you are in business, it is small potatoes. so you think.
i mentioned an example of a terminally ill wife of a friend. she cleared accounts gambling and ran into debt. you cannot, and he did not, blame her. for some reason when the docs told her she only had 3 months to live she decided not to tell family. she was on painkillers, hubby was away working, children off at uni. in days she lost their savings and after she passed away the family had to fix the mess. all because of a password she was trusted with, naturally. and the credit card companies did not have sympathy.

anecdotes, yes, but i have many. be logical and rational, look at your security, backups and, with cold regard for possibility, who has access.

Gordon said:

All good advice. But, and in my opinion its a big but, just how important/valuable is the vast majority of the "stuff" on most peoples' computers/devices?
I know I've got collection of cd's/dvd's/memory sticks that I've never looked at again. I think a less "paranoid" approach would be suitable for most people - backups of backups - why not a backup of that extra backup?

Click to expand...

im not doing this to argue with the opinions of others. it is your call what is worthy of storage and protection. but your great grandkids might want to see your holiday pics.

why not take a day once a year to spring clean those files? keep the worthy stuff, consider posterity and others. i rarely look at the pics i took of my children when they dumped food on their head at 18 months or were dressed up for first day at school or for uni graduation. but i am glad i have them. they are part of my legacy and in my will. who knows, grandkids might be interested in how i looked thirty years ago now in shorts and hardhat building the family home? it should still be standing, i worked hard on it. or the old dog as a puppy that is now a rock marker and an apple tree in the yard.

My thoughts on the matter without divulging too much a public audience:

BACKUPS:
I use a NAS to aggregate my storage at home and have a second, identical unit stored offsite for a hard backup. I bring it home quarterly to do the backups.

Cloud storage is at the mercy of the provider; today's free can be tomorrow's paid. Or at least know they are looking through your stuff to mine data (nothing is really free). Downloading off the cloud is really, really, really slow for massive amounts of data.

EMAIL:
I use two levels of throw-away Gmail accounts and then a self-managed ISP account using a non-standard email client.

I plan to set-up my own email server at some point so I can get off Gmail.

SHARING:
My girlfriend and I keep our digital lives mostly separate. Even though we share a computer, she has her own login profile and is locked out of mine. Granted, I'm the admin so I could see her side, but I don't.

If everything went to sh*t then she could make a mess of my Netflix account and my PS3's settings, that's about it.

COMPUTERS:
Desktops are Macs, phones and tablets are a mix of iOS and Android.

CONNECTIONS:
ADSL via a independent ISP; fixed IP. Man I could never stand cable internet or internet from the major providers. *eeeew*

PROTECTION:
Mac has Carbon Black because of work, otherwise I went decades without using any virus protection.

I had an XP-based gaming machine I used for nearly a decade with no virus protection. I have numerous virtual machines (XP, Windows 7, etc.); no virus protection.

(To be fair, would I recommend to most people to go without virus protection? No, probably not. That's a long discussion of it's own.)

Network used to have a Mac-based, dedicated, MacOS 9-based firewall. That was fun to watch Russian and Chinese IPs bang themselves against; LOL. But I turned that off when I realized my ISP was doing such a good job doing it for me!

But...I do plan to get a SOHO-class firewall appliance with a management subscription.

Network is 1000baseT ethernet home-run to a dedicated cabinet, soon to be upgraded to support Link Aggregation (since the Macs and NAS support it). WiFi is strictly managed for the mobile devices. We have no laptops (we both need more horsepower and flexibility than that).

Currently I have no services inside my network exposed outside of it, despite alot of toys we want to turn-on on the NAS (email, photo sharing, security cam, etc.). Once I get around to sitting down, doing the research, getting the SSL certificate, etc. then I will turn some of this on.

FACEBOOK:
Don't, just don't. Please. The latest fiascos that made news were not a "surprise" to anyone at Facebook; any smart FB developer saw it coming. I sure did and all I did was web quality assurance.

TECHNIQUES:
Obfuscation is my primary technique; not doing anything the way most hackers assume most people are doing it. Non-standard on most everything. Be prepared to restore data or throw-away accounts.

The second technique is being quite paranoid when web surfing, installing things, and backing things up. Being a computer geek almost as long as they have existed helps too. This relies alot on self-monitoring and self control.

Don't turn-on cool "see what's going on at home when you're away." Most are unsecure. Very, very unsecure. Especially if that connection is WiFi-based. Especially, especially if it's a security/monitoring camera that you didn't pay hundreds of dollars for.

Granted, and sometimes to the consternation of my girlfriend, this causes certain inconveniences. But I think it has been worth it in terms of balancing abject paranoia vs. being as lax as most people are.