William Shakespeare probably just turned over in his grave for the butchering of his opening phrase of the soliloquy in Hamlet, Act 3, Scene 1, “To be, or not to be, that is the question”. Not just because of the substitution of “backup” for “be” — rather because the answer is obvious. Yes, you have to backup. The actual question is how?
No one knows this more than the City of Lavaca, Texas. In February, The Port Lavaca Wave reported that the City was attacked by a very aggressive computer virus after hours when the City’s IT department was in the process of improving the security of the City’s network infrastructure. Although the attack was thwarted, the attacker was able to do significant damage to the City’s billing system. To the tune of approximately $50,000 in damages. City Manager William DiLibero stated, “The attack brought down our billing system. Our online and auto payment systems are out of service and we have gone back to our older collection and payment processes. Staff are collecting cash, check and credit card payments at City Hall. We will need to rebuild our database in order to get the payment system back to full operational status.” Source: Bria Woods. See also: City faces computer virus.
Port Lavaca’s network infrastructure at the time of the attack included a network with a computer in each department on the network, along with the main printer, copier and scanner. This is a typical network setup. Apparently the network was also segmented as the water, sewer and the police data systems were not affected by the virus. Network Segmentation involves splitting the larger network into smaller network segments through such tools as firewalls, virtual local area networks, and other separation techniques. This is a topic for another post. Credit: SAFE Secure Segmentation Operations Guide.
The City has since ordered a new server to be able to take secure files, check them for data, and put them on the new server and revolving options for data backup according to The Port Lavaca Wave.
The Cybersecurity and Infrastructure Security Agency (CISA), a branch of the Department of Homeland Security, advises that “all computer users, from home users to professional information security officers, should back up the critical data they have on their desktops, laptops, servers, and even mobile devices to protect it from loss or corruption.” CISA recommends the 3-2-1 rule which is as follows:
3 – Keep 3 copies of any important file: 1 primary and 2 backups.
2 – Keep the files on 2 different media types to protect against different types of hazards.
1 – Store 1 copy offsite (e.g., outside your home or business facility).
There are several options that Port Lavaca may be reviewing right now: Cloud Storage, Internal Hard Disk Drives, and Removable Storage Media. Which one(s) are utilized depends on the size of the organization and the sensitivity of the information stored. Another consideration is what vendors or third-parties link into the network infrastructure already in place. The security of any network infrastructure is as complex as any Shakespearean play to say the least. When done right it is a beautiful, living work of art.