Data backup is like taking an insurance on your data. Just as we cannot predict what will happen with our life and property the next moment, and take cover of a good insurance, the same is true for our data too. Our precious data may be lost due to various reasons – natural disasters (earth-quake, flood, storm, fire), man-made havoc (theft, arson, violence), equipment failure, hacker attack etc. Backup acts as a good insurance against all such incidents. So, let’s make sure to regularly backup data.
It’s most common take backups onto another storage device, such as an external USB drive or a network share. It’s definitely a good step, but such storage also can be targeted by malware and virus. For example, if you map a network share to a drive (such as map \\myserver\backupshare to the drive x:) or attach an external USB drive to your computer, malware can identify such a drive and do the same damage as it does to regular drives in a computer. To protect the backup drive from malware attack, take the following steps so that the drive / folder is accessible ONLY to your dedicated backup user account as explained in our other blog post “How to Handle Ransomware Threat: Be Cautious and Backup Data“.
NOTE: Though the following set of steps use the folder name “BackupShared” as an example, DO NOT use such an easy-to-guess account name. Choose something suitable for your case that does NOT include your name, username etc.
a) Right-click on the folder (in this case E:\BackupShared as an example), and from the context-menu click on ‘Properties’ option.
b) Click on ‘Security’ tab to select it. You will see the dialog below.
c) Click on the ‘Advanced’ button. You will then see the dialog below.
d) Click on the ‘Disable inheritance’ button, which will show the following dialog.
e) Select the option ‘Remove all inherited permissions from this object’.
f) Remove all ‘Permission entries’ (if any) from the following dialog.
g) Now click the ‘Add’ button in the above dialog, and you will see the following dialog.
h) Click on ‘Select a principal’ and you will get the following dialog.
i) Specify name of the backup-only user created in step (b) above and click on ‘OK’.
j) You will next see the following dialog. In the ‘Basic permissions’ section, select ‘Full Control’. The other options within this dialog should be as shown below. Then click ‘OK’.
k) Now click ‘Apply’ in the following dialog.
l) Change the ‘Owner’ by clicking on the ‘Change’ link in the above dialog. This should be the same as the backup user.
m) Click ‘OK’ to close the dialog. You will come back to the following dialog.
n) Open the ‘Sharing’ tab, and click ‘Share…’.
o) Then you will see the following dialog.
p) If the “backup username” does not appear in the box, click on the dropdown list and select ‘Find people…’. Specify the “backup username” in that dialog and click ‘OK’ to come back to the File Sharing dialog. Then click ‘Add’. Choose ‘Owner’ or ‘Read/Write’ as the ‘Permission Level’ for the user.
q) Click the ‘Share’ button to share the folder. Click ‘Done’ on the following dialog.
r) Click ‘Close’ in the following dialog to complete the security settings.
Yes, you are really done! It took quite a number of steps to go through, but now you have secured a folder / drive from unapproved access by malware and hack attacks. This is a safe destination for your backup data. Go ahead, start the backup process now.