Backup Anytime

Happy Christmas from all at Backupanytime.

The holiday season for Backupanytime begins today Christmas eve. Premium support will be available as per the contact details given to signed clients. Public contact telephones will not be manned until Monday 29th of December.
We would like to take this opportunity to wish you and yours a very happy Christmas and a prosperous new year.

We would like to that all of our clients for their custom in 2008.

We suggest the following as a new years resolution to those of you who are not yet Backupanytime clients.
Apply rigorous data protection to your digital assets in 2009 by utilising the Backupanytime system. This will offer protection and compliance benefits to your business and allow conscientious people to sleep easier.

Backupanytime, for responsible people and their important data.

Data backup isn’t just for Christmas.

There is a tradition amongst some people of running significant manual data backup processes at Christmas. The thinking here is that Christmas is the run up to a new year, a major holiday period and an occasion in which most or all persons will be leaving the office for extended periods and that therefore it is an apt time to run significant data backups.

If you do this, it may be an indication that you are not taking adequate data protection measures generally. Why so?

First off, your data backup systems should be automated. If manual intervention is required to boost your confidence in you data backup system this may be a concession on your part that your automated systems are not rock solid.

Secondly, your data protection plans should be adequate all year round. Variances in protection levels on a seasonal basis quite simply point to out of season backups lacking in the level of protection which you apply on a holiday season.

Additionally, while it can be argued that increased measures at end of calendar (or financial) year are a positive measure, any objective merits of this must be looked at from the viewpoint of why this is so and how can the system be improved so this level of protection can be automated and applied throughout the year.

Also, variations in data backup types, volume and intended target data have implications for relevancy and indeed appropriateness of data stores. Unusual bulk backups bring new responsibilities from a data protection perspective and in particular need to be assessed from the viewpoint of the legitimacy, rights and responsibilities your organisation can and should apply to third party information.

In conclusion.
The days of the office manager doing bulk backups on a whim because if is Saturday or Christmas or because he is worried about data but has failed to organise formal data protection are over. Dumping large quantities of data on to a data key or removable drive simply because you fell you may need it is not a data backup. It is a transfer which increases risk of data breach. This is well known but those who don’t understand or respect it are at the greatest risk. Those who visit Irish blogs (or indeed blogs just about anywhere) will see examples of people approaching backup in the festive season with the latest bulk storage toys. This flippant and near recreational approach to data backup is oft the proximate cause of severe data outage and sanctionable data breach. If you want to do something positive about your office data systems this Christmas or in the new year, organise a formal online data backup policy.
If you want to know more, contact Backupanytime in absolute confidence and start backing up properly.

Backupanytime content being stolen.

I have “Backupanytime” set up as a Google alert term so I receive notifications about mention of Backupanytime on the web. Being a small business, many of these relate to content on our own site and I am familiar with them before Google alerts me. Some of them relate to our blog being added to someones blogroll (and this is appreciated) while others are as a consequence of a blog post somewhere by us or about us.

I received one today of a totally different type. I recognised the content. Indeed I wrote it. The location was not known to me. The location was http://onlinebackupsolutions.blogspot.com
I had a look at it. Realising that there were other incidents of our content on the site and that they in the main linked back to a competing online backup company I had a very close look indeed.
Here are some examples of what I found.
http://onlinebackupsolutions.blogspot.com/2008/12/features-and-limitations-of-backup.html
Supposedly Posted by Rachel Joseph at 3:24 PM

The above is not just like original content from our site but even has “Backupanytime” in the content! It comes from http://www.backupanytime.com/blog/2008/07/16/50-things-you-should-know-about-online-backup/

Here is another example.

http://onlinebackupsolutions.blogspot.com/2008/11/compression.html
Posted by Rachel Joseph on 21 November
This originally comes from http://www.backupanytime.com/blog/2008/07/16/50-things-you-should-know-about-online-backup/
They must like that post.
And here is another one
http://onlinebackupsolutions.blogspot.com/2008/11/encryption-and-its-importance_17.html
is also taken from our original content on
http://www.backupanytime.com/blog/2008/07/16/50-things-you-should-know-about-online-backup/
and again Posted by Rachel Joseph, this time November 17th.  She must know this original Backupanytime blog post off by heart. It is indeed a long but apt and interesting post which took considerable time to complete. Rachel has a much more efficient approach. She just steals my content and splits it up to make multiple posts. Content theft is despicable. It is so mean.
They all in the main lead back to http://sosonlinebackup.com/

I called that company and got an answering machine. I left a detailed message.
I will follow this up no matter what it takes.

I am also reporting this to blogger and I am reporting the adsense account. These reports involve snail mail. I assume this is to avoid misreporting. I expect therefore that these reports (especially since mine is detailed and undeniable) will be taken very seriously. Data protection is difficult to apply to data you want to make public througha website but which you want to be attributable to the correct  source. They are real costs in producing content. Why should someone else have reduced I.T. costs through plagiarism? There are no acceptable circumstances I am aware of. If someone wants to enlighten me, feel free.

I would appreciate any assistance on this.

In addition I want to track Rachel Joseph. Firstly to see if she actually exists and secondly to see if she has posted our content anywhere else.

Any comments, advice or opinions welcome.

John

Interview with David Whitlegg of itsecurityexpert.co.uk

This has got to be one of the most enjoyable interviews we have conducted yet. To say that David Whitelegg is a data security expert is an understatement of significance and a clear example of stating the obvious. Davids’ answers range  from short and witty to detailed and fascinating. Here is a man who can and will tell you how to best protect your data. Ask him about his family or car and he may consider you a bot seeking personally identifiable information. A riveting and educational read. Dave plans to write a book. Sold!

General info

Name: Dave Whitelegg

Company: ITSecurityExpert Limited

Website: http://itsecurityexpert.co.uk

Family Status: Posting family details helps identity thieves!

Personal Blog: http://blog.itsecurityexpert.co.uk

Favourite Movie: Trains, Planes and Automobiles

Currently listening to on the iPod: REM - Accelerate

Favourite Tipple: Jack Daniels & Ice

Likes: Manchester City FC, gadgets and a decent curry!

Dislikes: Needless data breaches and “script kiddies” (IT illiterate kids pretending to be hackers)

Main interview

JON: What advice would you give to on the move laptop users who connect at public access points in Airports, Hotels, McDonalds etc?

DW: Using public WiFi access points, especially free access ones, can have considerable security risks, and users should certainly be weary. Hackers have even been known to have setup fake free WiFi hotspots, usually near airports, for the purpose of stealing personal and financial information of those unfortunate to connect. It is important to regard and treat any public wireless network as a non-trusted connection into the laptop. So firstly before connecting, ensure your laptop operating system has it’s firewall enabled (i.e. Windows Firewall), ensure the Operating Systems Service Pack and Patches are up-to-date, and make sure your Anti-Virus or Security suite is operating. Again ensure it has also been updated, at least in the last 7 days. Make sure you switch off any shared network folders and always try to ensure the WiFi network you are connecting to a legitimate one, look around for the official signage. Unless you are using public WiFi to “VPN” (encrypted connection) into your office network, consider everything you send over the wireless Internet connection to be readable by a third party, especially if the wireless network is not using any form of encryption. A third party (aka the bad guy) doesn’t have to access your laptop to steal information, but merely “listens in” to the data being sent by you through the wireless network to the Internet. If you are using web mail for example, it is a good idea to force the encryption, which can be enabled in most web mail providers, to enforce the encryption from the start you need to type an “https://” instead of “http://” before the Internet address of web mail provider in your web browsers. This will protect your web mail user-name and password from being readable by any third party listening in. As well as taking these sorts of pre-cautions, be sensible regarding what you do on public WiFi, by all means check the latest news reports and sports results, but you may want to avoid conducting your online banking until you get home. If you find you have a requirement to use public WiFi networks considerably, I would recommend going with a 3G Internet USB device, not only does it provide your own dedicated Internet connection and is much safer, but it may even work out cheaper.

JON: Do you recommend any specific hardware or software devices to any particular business sector?

DW: The Security Industry is moving towards offering a single device or application to deal with multiple security protection disciplines. The “one stop shop for all” security solution approach is ideal and works well for small business. However this is not my recommended approach for larger enterprises, where the business process and technical systems are highly more complex. In the enterprise the correct approach is to ”cherry pick” the best products for specific the business requirements, processes and system requirements. I find on some occasions security vendors are guilty of dictating the business requirement and the solution, rather than their customers, which can lead to little security benefit for a high financial and security trade off cost.

JON: What advice would you give to non technical owner / managers in small business regarding data security?

DW: I would encourage business owners and managers to initially take a step back, and map out data flow throughout their business, i.e. how data is collected, how information is used by the business, how it is stored and backed up. Once these processes are mapped out, highlight which areas are vital to the business operation and which require protection for the business survival. On the later consider the “what ifs”, so what if the data was lost or had been stolen, will there be regulatory and legal costs and consequences? Will there be a breach of contract? Will there be a loss of customer confidence in the business brand leading to losses in revenues? All data has a value associated with it, you need to take stock of this value, treat the data value in the same way as the business balance sheet. Once you understand the value, the next step is all about risk analysis and perhaps delivering risk migration solutions and processes, especially where the business is running needless and unnecessary risks right through to security risk v security trade-off decisions.

JON: What advice would you give to business owners who are concerned that the implementation of advanced security measures (which they want and understand they need) may limit their scope with regarding changing methodologies and reacting to market changes? 

DW: Sometimes security measures can be seen as obstructive, especially within small business, however this is often not the case. A security process or solution can actually enhance the overall business processes. Lets take “Backupanytime” for instance, not only is this a far more secure solution to backing up data to CD-Rs, but it is a more reliable and efficient solution.

JON: Are there any circumstances in which you believe a data breach may be unavoidable?

DW: No, there are never ever any guarantees in security; information security is about reducing the risk of a data breach. The “human factor” in any organisation is nearly always the biggest risk, it is impossible to completely mitigate the security risk brought about by the interaction of human beings!

JON: What advice would you give to business regarding the procedures to adopt in the event of a data breach?

DW: It is essential to have a Security Incident Response plan and procedures in place ready for dealing with data breaches and security incidents. These days most businesses will have a disaster recovery plan, the exact same approach is required for dealing with data breaches. Businesses management should consider a data breach a matter of “When” rather than “If”.  Once you have a Security Incident Response plan in place, it is important to test it is actually fit for purpose.

JON: What are your hobbies and passions?

DW: In recent years I have come to the realisation that I am a complete “Information Security Geek” outside business hours, my blog (itsecurityexpert.co.uk) is evidence of this. I mean last week I met up with Moscow Security Guru Eugene Kaspersky, the founder and CEO of Kaspersky Lab (Security Software), I guess most people would be happy to exchange business cards, but not me, I had to ask for the “fans” picture!

JON: From where do you get your inspiration?

I have been very fortunate to rub shoulders with some of the greatest global minds in the world of information security. One of the most inspiring would have to be Bruce Schneier. Bruce’s “stand back” approach to information security and philosophy is extremely refreshing in an industry which tends to be lead by vendor marketing buzz phrases. I recommend anyone, even with the slightly interest or knowledge in security, to read any of Bruce Schneier’s recent books.

JON: What’s the last book you read?

DW: High Noon: The Inside Story of Scott McNealy and the Rise of Sun Microsystems.

JON: What type of car do you drive?

As a security professional, I tend be careful what I publish about myself on the Internet, but I’m afraid my car is just a practical one rather than anything flashy at the moment.

JON: Where do you see yourself in five years time?

DW: If there is one thing I would like to accomplish in the next five years, it is to actually find the time to finish writing and published a security related book. I have a couple of irons in the fire at the moment, but it’s finding the time to finish them which is proving to be difficult. If any publishers are reading this, I need a month off on an exotic pacific island, 1,000s of miles away from civilisation.

Given the confidential and contentious nature of data security we recommend that if you have concerns about the data security of your organisation and would like Davids advice, you should contact him directly. Thanks again David. Great job.

The backupanytime team

Visitors, want to see more who’s who in data? Then watch next weeks who’s who in data.

Regular readers who read our posts from RSS, actual URL address or link may not be aware but Backupanytime.com are currently suffering great difficulty with Google positioning. For some considerable time we enjoyed number 1 position in Google for our favoured search terms. Indeed we were in positions 1 and 2 for many. Additionally, many similar appropriate search terms listed us on the first page in Google. More recently Google sitelinks were added to our website.

Last week we noticed that a new post on our blog was taking considerable time to become indexed. This drew our attention as we had become used to blog posts being indexed in Google within fifteen minutes. We took no action and put it down to crawl speeds. We do not need 15 minute indexing anyway.

Time passed and the situation worsened. Today, backupanytime.com is more or less off the Google radar. A search for site: www.backupanytime.com does show two results for us in positions one and two. None of the other pages shown are from our site. A search for “backupanytime.com” does show the very presentable sitelinks results. Other than a few other highly appropriate searches, we just are not in Google to the extent we were up to last week.

We are still trying to make sense of this. Remember, backupanytime is a small site. The static site only undergoes a couple of changes a week. The blog only receives an average of one new post per day. We have never bought a link. We have never joined a link referral program. We have never hosted illegal content. All of our content is original. We do not use email as a marketing tool. We have never sent spam. A check of our Google webmaster tools shows no difficulty bar a small number of long or short meta descriptions. We address these ongoingly and our web people tell us this is common among well managed sites and is not the issue.

Add to all of this that we have not received any complaint from any source and our site has not been hacked and you can see that this problem is not just a great concern but also very difficult to figure out. We posted a re-inclusion request with Google. We had never had to do this before and therefore did not know what was likely to happen. We got back a message explaining that the request would be looked at and this could take a number of weeks. Does this mean that Google thinks we have breached behaviour guidelines or is this a generic response to a re-inclusion request? We don’t know.

The reason I am focusing on Google here is that we are still represented favourably by the other major search engines. About half of our traffic comes from search engines. The remainder is split fairly evenly between direct search and referrals. Most of our search engine traffic comes from Google.

In the interim our traffic is down about 30%

Remember we are talking here about a small, well managed site which focuses on the niche market of online backup and has enjoyed success in search engines for online data backup over a long period of time. This isn’t complicated, has worked and there has been no significant change in approach in the recent past.

If this is to be resolved in the coming weeks then there is no long term difficulty. The problem with this best case scenario is that we will have learned no lessons.

The worst case scenario would be unthinkable only we absolutely have to consider and prepare for it.

Have you had an experience like this? Do  you know the cause or the solution?

All genuine responses appreciated.