Don't leave your backups connected to servers

Tools

Hackers who broke into an Australian medical center managed to encrypt thousands of patient records, rendering them useless without the appropriate decryption key. For that, the cybercriminals are extorting the Miami Family Medical Centre for $4,000, an amount that the medical center was reportedly considering paying.

While the details of the break-in were sparse, quotes from David Wood, co-owner of the center, provided a vital clue as to why everything couldn't simply be restored from data backups. In his statements to ABC News, Wood said: "check your IT security and don't leave backups connected to servers".

My take is that the data backups were most likely stored on tape drive in the server, or on an external hard disk drive connected to the server. This would have allowed the hackers access to delete or damage the backups as well.

There are actually a number of compelling reasons for not keeping data backups "connected to servers" or even stored in a secure, offsite location. However, the latter does offer a business some protection from deliberate sabotage by a disgruntled employee, as well as from a local disaster such as a fire or flood. Keeping the data backup in a perpetually connected state also creates a buffer against some types of misconfiguration, such as the accidental overwriting of a valid backup.

Have you encountered situations where an offline backup saved the day or situations where you wished that it had been implemented? As usual, I would love to hear from you via email, a tweet, or a note in the comment section - Paul Mah  (Twitter @paulmah)