The rule of three
♫ One step forward
Two steps back
Three steps forward, Go!♫
- Music and Lyrics by M. Raw on, B Farara, R. Foss and M. Cox; recorded by: Coal Chamber.
There are three things that are assured in life: death, taxes and dealing with a hard drive crash. And, like the rule of three in life, the way that you protect your most valuable data is also known as the rule of three. Here it is advised that you have three backup copies of your data: a local copy, a remote copy and a third, protected copy. I know there are those out there who are shaking their heads at the suggestion that you need three copies. But, ask anyone who has been subject to a ransomware attack; they will personally verify the need for all three copies to assure you and your firm that you can shrug off such an attack.
The first copy is the one you maintain at the firm level. Here you have either a large hard drive, a Networked Attached Storage Device (“NAS”), or a set of Redundant Array Independent Disks (“RAID”) hard drives, depending on the size of the firm. The idea is to maintain one continuous copy of all of your firm data in one place that captures all data in real time. This local copy is for swift restores in the event of a failure or accidental deletion of an important file. However, since the copy is maintained as part of the network, it is vulnerable to any virus or malware that infests the system, such as ransomware.
The second, off-site copy is a duplicate of the copy at the firm level. But it is maintained at a different physical location to provide reasonable assurance that it will survive any disaster that strikes your main location. This way the physical copy can be retrieved and used to rebuild your network in the event of a flood, fire or other calamity. You can maintain a second backup in the cloud but recognize that restoring any reasonable amount of data from an online backup is slow and expensive. It is why most firms would rather backup to another NAS at a secondary physical location; it is cheaper, faster and easier to retrieve a NAS than to wait for a cloud-based restore.
The first two methods will guard against most data loss; the one that they may not protect against is the dreaded ransomware attack. In this situation, stealthy software enters your network and begins encrypting your data. Eventually a notice appears on your screen announcing that your data has been encrypted and demanding a ransom to obtain the decryption key. Worse yet there are defective ransomware variants that are not able to decrypt your data even if the ransom is paid.
This third copy should have certain attributes. One is that it is only backed up at a time when the network is least busy, say 2:00 a.m. A second is that it is disconnected when the backup is complete; maintaining an “air gap” from your network when it is not needed. The third is that this third backup should be fully encrypted, thereby adding another layer of protection between your data and any possible malware that is looking for it. There is software that will automate the generation of all three copies to ease the burden of doing all this.
By the way, this column was written on an iPad as the hard drive in my laptop crashed. My iPad is connected to cloud storage where I can retrieve my documents, write the column and submit it all while waiting for the laptop to be repaired or replaced. There is no better feeling than knowing that while a hard drive failure is as assured as taxes, this does not mean the death of all your data; oftentimes, it just means taking a step or two backwards, retrieving your data from your backup and then taking further steps forward.
The views expressed herein are strictly those of David Bilinsky and do not reflect the opinions of the Law Society of British Columbia, CBABC, or their respective members.
David J. Bilinsky is the Practice Management Advisor for the Law Society of British Columbia.