Tag Archives: data backup

How to Create a Folder Accessible to only a Specific User (Data Backup User)

Data backup is like taking an insurance on your data. Just as we cannot predict what will happen with our life and property the next moment, and take cover of a good insurance, the same is true for our data too. Our precious data may be lost due to various reasons – natural disasters (earth-quake, flood, storm, fire), man-made havoc (theft, arson, violence), equipment failure, hacker attack etc. Backup acts as a good insurance against all such incidents. So, let’s make sure to regularly backup data.

It’s most common take backups onto another storage device, such as an external USB drive or a network share. It’s definitely a good step, but such storage also can be targeted by malware and virus. For example, if you map a network share to a drive (such as map \\myserver\backupshare to the drive x:) or attach an external USB drive to your computer, malware can identify such a drive and do the same damage as it does to regular drives in a computer. To protect the backup drive from malware attack, take the following steps so that the drive / folder is accessible ONLY to your dedicated backup user account as explained in our other blog post “How to Handle Ransomware Threat: Be Cautious and Backup Data“.

NOTE: Though the following set of steps use the folder name “BackupShared” as an example, DO NOT use such an easy-to-guess account name. Choose something suitable for your case that does NOT include your name, username etc.

a) Right-click on the folder (in this case E:\BackupShared as an example), and from the context-menu click on ‘Properties’ option.

b) Click on ‘Security’ tab to select it. You will see the dialog below.
Create Secure Drive - Step B

c) Click on the ‘Advanced’ button. You will then see the dialog below.
Create Secure Drive - Step C

d) Click on the ‘Disable inheritance’ button, which will show the following dialog.
Create Secure Drive - Step D

e) Select the option ‘Remove all inherited permissions from this object’.

f) Remove all ‘Permission entries’ (if any) from the following dialog.
Create Secure Drive - Step F

g) Now click the ‘Add’ button in the above dialog, and you will see the following dialog.
Create Secure Drive - Step G

h) Click on ‘Select a principal’ and you will get the following dialog.
Create Secure Drive - Step H

i) Specify name of the backup-only user created in step (b) above and click on ‘OK’.
Create Secure Drive - Step I

j) You will next see the following dialog. In the ‘Basic permissions’ section, select ‘Full Control’. The other options within this dialog should be as shown below. Then click ‘OK’.
Create Secure Drive - Step J

k) Now click ‘Apply’ in the following dialog.
Create Secure Drive - Step K

l) Change the ‘Owner’ by clicking on the ‘Change’ link in the above dialog. This should be the same as the backup user.

m) Click ‘OK’ to close the dialog. You will come back to the following dialog.
Create Secure Drive - Step M

n) Open the ‘Sharing’ tab, and click ‘Share…’.
Create Secure Drive - Step N

o) Then you will see the following dialog.
Create Secure Drive - Step O

p) If the “backup username” does not appear in the box, click on the dropdown list and select ‘Find people…’. Specify the “backup username” in that dialog and click ‘OK’ to come back to the File Sharing dialog. Then click ‘Add’. Choose ‘Owner’ or ‘Read/Write’ as the ‘Permission Level’ for the user.

q) Click the ‘Share’ button to share the folder. Click ‘Done’ on the following dialog.
Create Secure Drive - Step Q

r) Click ‘Close’ in the following dialog to complete the security settings.
Create Secure Drive - Step R

Yes, you are really done! It took quite a number of steps to go through, but now you have secured a folder / drive from unapproved access by malware and hack attacks. This is a safe destination for your backup data. Go ahead, start the backup process now.

How to Handle Ransomware Threat: Be Cautious and Backup Data

Why spend money on a backup program or bother setting it up? I know my data is safe.

This commonly-held belief was shattered by the recent WannaCrypt / WannaCry ransomware. The attack started on Friday, May 12, 2017, and has been described as unprecedented in scale, infecting more than 300,000 computers in over 150 countries. Some of the people had to pay up hoping to get back their data, while others just lost it. It is estimated that more than US$80,000 has been paid in ransom so far, but the total loss due to this attack might be as high as US$4 billion (according to CBS News).

“Ransomware” is a type of malicious software that blocks access to a user’s data generally by encrypting the files and displays a message demanding ransom payment. It won’t allow the user to get back the files until a “ransom” is paid (generally through untraceable ways of Bitcoin). Ransomware may also encrypt the computer’s Master File Table (MFT) or the entire Hard Drive. The WannaCry ransomware enters a network (an organization’s LAN) via an email attachment or from a compromised website. Once in the network, it uses a vulnerability in the Microsoft’s implementation of the Server Message Block (SMB) protocol to spread across the entire network. Back in March 2017 (i.e., nearly 2 months before the attack happened) Microsoft provided a fix for this security vulnerability for Windows Vista and higher. Recently Microsoft has released a patch for the outdated and out-of-support Windows XP Operating System too.
This ransomware encrypts the files in a computer and demands a payment of around US$300 in Bitcoin currency within 3 days or US$600 within 7 days. After 7 days, the files will become completely unrecoverable.

Wannacry Ransomware Screenshot
[By Source, Fair use, https://en.wikipedia.org/w/index.php?curid=54032765]

Ransomware attacks have happened before, and will happen again, and again. On May 19 another new ransomware, Xdata, has started spreading mainly in Ukraine.

So, how can we prepare to protect our valuable data from such attacks? There are two ways of handling this threat.

1. Prevent or minimize the chance of a malware attack.
2. Minimize the effect of being infected / hit by a malware.

The above two-prong proactive defense is important, because one of the possible ways of getting rid of the malware “industry” is to frustrate the players, who are not some intelligent-but-bored teenagers having fun, rather organized criminals are into this to make money. If they can’t break into enough computers, either to cause disruption (and thereby derive some perverse pleasure) or make money (which is the main goal), their interest will eventually fade. Let’s do our part to weaken, and over time hopefully get rid of, this menace.

1. Prevent or Minimize the Chance of a Malware Attack

There are some basic precautions all of us need to take to minimize (and hopefully eliminate) the threat of various malware.

a) Always use genuine software – Operating System (such as Windows) and applications (such as Office, Photoshop, browsers etc.) – from reputed companies and their suppliers. If you get pirated software (especially OS) from someone or download random software from the Internet, you are immediately vulnerable to different security threats.

b) Always keep your OS updated with the latest updates and service packs. Do not use an outdated OS.

c) Use a good up-to-date anti-virus to protect your system. Using an ineffective anti-virus is equivalent of using a door lock that anyone can open without the required key. Microsoft provides free download of its own anti-virus and anti-malware (Security Essentials and Defender). Also, regularly update the virus definitions.

d) Avoid using the computer by logging into an account with administrative privileges. It’s safer to do day-to-day work from a limited privilege user account.

e) Avoid visiting unknown or unreliable websites, and do not accept to run any script or application, if prompted by the websites. Also, use recent (preferably latest) version of one of the top browsers – Chrome, Firefox, Internet Explorer (11 only), Edge, Safari, Opera.

f) Avoid installing browser plug-ins or extensions from unknown providers. Keep vulnerable plug-ins or extensions disabled.

g) Do not open an email attachment from an unverified source, sometimes even from supposedly known sources such as friends or colleagues. Never run any attachment directly from the email client. Always download the attachment and run a virus scan on it before opening the attachment.

h) Do not insert any random media device (USB drive – flash or hard disc, SD-Card etc.) in your PC. Such media devices might been used on a compromised / infected computer. If need be, format it, or scan it using an up-to-date anti-virus before plugging it into your PC.

2. Minimize the Effect of Being Infected / Hit by Malware

In spite of all the precautions, it IS quite possible to still get infected / hit by some malware. For such scenarios, safeguard what the attacker is aiming for – your data.

NOTE: In such a case, you will need to re-setup the computer (such as reformat the hard drives, install OS and applications, reconfigure as per your needs), and then restore the data from existing backups.

First Rule of Safety – Take regular backups. Use a good backup tool to regularly backup your files and folders, preferably scheduled to run automatically. There are lots of backup tools at different price points for every OS. An application like SARANGSoft filexpertez for individual PC backup costs just US$19.95 (one-time license fee). More advanced network backup tool like SARANGSoft WinBackup Business starts at less than US$100 for 10 PCs. It’s a very small price compared to losing all your valuable data to ransomware as well as virus or hacker attack, natural disasters, equipment (such as hard disc) failure, or accidental deletion.

Take the following steps for a secure backup arrangement.

a) Dedicate an administrative user account for backup only: Create a user account for backup only and assign administrative privileges to it. Avoid logging into this account other than backup purposes. Choose a strong password for this account, e.g., use 10 or more characters, with a mix of upper and lower case, numbers, and special characters, and avoid your own name date of birth etc. Do not store / save the password anywhere in the PC.

NOTE: Do NOT use names like “backupuser” or “mybackup” or “backupadmin” etc. for the backup user account, which can be guessed by hackers. Pick something different and uncommon, but definitely NOT using your name, username etc.

b) Create a backup destination accessible only to the dedicated backup user: Create a backup destination folder, either in an attached external USB drive or in the drive of another computer within your network. Assign full access of this folder to the backup user account created in step 2(a) above. Do NOT provide access to any other user for this folder, not even to ‘SYSTEM’ account. If this folder is in a different computer of your network, share it only to the dedicated backup user account of step 2(a). Follow the detailed set of steps shown in our other blog post “Steps to Create Backup Destination Accessible only to a Specific User”.

c) Use cloud storage as backup destination: You can also choose to store the backup archives in a cloud storage such as Amazon AWS S3, Microsoft Azure or one of your choice. For example, SARANGSoft filexpertez enables direct backup to AWS-S3 and Azure as part of the backup definition process. Using local storage for backup is fast and convenient. Backup to cloud involves a little more work and recurring cost, but it also provides additional safety.

d) Schedule Automatic Backup: Schedule a backup to run periodically (e.g., every night) on the computer. Identify all your important documents and folders to be backed up and include those in your backup. Ideally, a full backup should be scheduled to run once a month or quarter and an incremental backup should be done every day. You can choose depending on your own / organization’s needs.

e) Run the backup manually once and also schedule to run it using the dedicated backup user account created in step 2(a) above. Avoid logging into this account for anything other than backup purposes. Chose the “Backup Destination” folder created in step 2(b) above to store the backup data (archives).

Now even if you lose your the data in your computer for any reason, including virus or ransomware attack, you are protected because you still have a backup copy of the required data saved in another location — in local or cloud storage.

Preventing data loss on your computers

Introduction
Data have become intrinsic part of modern human life. We are constantly searching for data, right from the time we wake up every morning. While some of the data are live and online, a lot of data are collected, processed, organized, and stored for quick and easy access at any time. These data (stored in files and folders) are valuable for our personal needs. Those can be photos, videos, music, research outcomes, write-ups, important documents and so on. If those are lost for any reason, it would significantly affect our lives, professionally and/or personally (often emotionally). That’s why it’s easily understandable why we often fear of losing such data due to some unexpected problem.

Types of data loss and some precautionary steps
Though we often think about “data protection”, which includes guarding it against preying eyes and hands of hackers and such, “data backup” is intricately involved in the process. The term ‘data backup’ means to copy data files to another medium (such as a disk or tape) as a precaution, in case the original storage medium (generally the hard disk built into the computer) fails. Data backup is crucial for businesses as well as individuals.

There are many ways that your data can be lost. The common reasons are hardware failure, corrupted files, virus / malware, accidental deletions, and of course natural disasters (storm, earthquake, flood etc.) or man-made disasters (vandalism, theft, terrorist attack, arson etc.). Let’s look at few safekeeping approaches to prevent data loss as part of a comprehensive data protection plan.

a) Create a standardized file / folder organization
It helps to develop a standard way of organizing and storing your files, so that you (and your users) will know where a particular kind of file are expected to be. Once this first step is done, backing up data files will be more accurate and precise, and it will save time and hassle while retrieving any lost data to its original location.

Organizing files and folders is the key to a data protection and restoration plan.

b) Identify which (kind of) files need to be preserved
Once you have organized your files and folders, determine which are important for you. Though you are the best judge deciding what are your important files, here are some ideas for your convenience.

The following types of files are important:
  • The files you can’t do without
  • The files you will need in the future
  • The files related to products & services you sell (for businesses)
  • Files that you cannot re-create
  • Files that you can re-create but don’t want to
  • Files you regularly use and/or refer to and/or update

On the other hand, the following types of files are less important:
  • Files you have not used (not viewed or edited) for a few years.

The following types of files might be good candidates to not be included in backup (or should even be deleted from your computer to keep it clean):
  • Files you cannot remember why those are there.
  • Files you know are not useful for you any more or are known be outdated.

c) Avoid storing documents on the same drive where Operating System is installed
On Windows, most document editing applications save the document file in the ‘My Document’ folder, which is very well known. As a result, malwares and virus often target the files there, making the files vulnerable.

Whether it is a virus or software failure, the majority of computer problems affect the Operating System. Quite often the solution is to reinstall Windows, and at times after reformatting that drive. In such an instance, you must make sure to copy / backup all of your own files (not the system or application files) from the drive, including the ‘My Documents’ folder; otherwise everything on the drive will be lost. You can create a separate drive on the same physical hard disk, and store all your own files and folders on the second drive. If the OS drive needs to be reset, your data drive will still be unaffected.

It is also possible for the hard disk itself to go bad (disk crash), in which case all drives on that disk will be lost. You can replace the hard disk and reinstall Windows and the applications to get it back to working condition, but in this case your files and folders on the data drive has also been lost. To handle such cases, you can use an external hard disk to store your data files. Or you can just use regular backup from your data drive to an external disk.

d) Backup regularly
You can alert yourself to take a set of security measures to protect data loss, but if your data is not backed up, it’s very likely that you WILL LOSE IT. So, ensure that your data is backed up regularly, and test the backup to ensure that your data can be recovered when you need it.

How often should you back up? That depends on how much data you can allow to lose if your system crashes completely. A week’s work? A day’s work? An hour’s work? Depending on that you have to schedule your backups.
There are numerous backup programs with varieties of features. You can easily try out
  • SARANGSoft filexpertez (file-expert-ease) for backing up a Windows PC. It’s a comprehensive file and folder management tool for home, office, school / college, everywhere.
  • SARANGSoft WinBackup Business for backing up all PCs and servers in a Windows network (domain or workgroup) through a centrally managed arrangement.

Both the products are feature-rich and flexible, yet easy to understand and use. These do not cost much, and there is a no-obligation 30-day free trial available.

e) Automate your backup procedures
All of us are busy. There are too many things to do every day, and too little time! Even though you might be very sincere about regular data backup, it’s quite possible that you forget to run backup at times, and that leads to an inconsistent data backup arrangement. Ideally, backup should be arranged to run in a consistent manner without any manual intervention. Depending on the importance of your data, you may schedule the backup operation to run it automatically. The only thing you should bother about is to check that the backup are really happening. It helps if the backup program can send you a notification when it backup is done, either successfully or ending in failure (in which case you can look into the issue and fix it).

f) Encrypt your data while backing up
Using encryption during backup of your data is another layer of protection for the data.
Encryption changes the backed up data in a way to making it unreadable by anyone, except who has the password “key”, which allows him/her to decrypt the data back to its original usable form.
There are various types of encryption mechanism available, and some programs use it.

g) Create a local backup arrangement
All the important files should be backed up locally first. Make sure that the backed up files are available at your office / home. That ensures for easy access and recovery, as well as control of the data.

h) Create an off-site backup arrangement
It’s a great idea to arrange for a different location than your office / home to keep a copy of the backed up files. It provides “redundancy” as well as prepares for “disasters”.
If the local backup is damaged or lost for any reason, the off-site backup copy will save your day.

i) Use of “cloud” as remote storage for backed up data
Nowadays, it’s increasingly common to use cloud as the remote data storage. There are many benefits to using cloud storage, most notable being the virtual indestructibility of cloud storage and its accessibility. Files stored in the cloud are assured beyond any other level for reliability and those can be accessed at any time from any place with Internet access and your own user credentials. As far as the disaster recovery is concerned, data from cloud can be restored without any hassle. Also, the cost of cloud data storage and restoration is significantly lower than traditional data storage and restoration.
SARANGSoft CloudScape is a unique cloud storage browser for the Windows platform to seamlessly integrate cloud storage (AWS-S3 and Azure) with local storage (PC’s hard drive). Its Windows Explorer-like user interface enables easy transfer (including drag & drop) of files and folders to and from cloud, thereby making cloud storage an extension of your local PC storage. It maintains full folder hierarchy between a PC and cloud storage, which is not very common for such tools.

Ending Note
Making plans and implementing those takes time, effort, resources, and costs money. That’s why many of us defer doing it. However, the cost of not backing up data can be so severe, the upfront effort for the backup process is worth everything you put into it.