Frankly speaking, there is no so much to talk about this threat. You had some valuable electronic data and then they disappeared. What to do in the case of loss is often a philosophical question. In December 1914 a fire completely destroyed the laboratory of the American inventor Thomas Edinson, all his manuscripts and drawings burned down. When his son, Thomas Alva Edison, Jr., discovered about the fire, he started looking for his father in horror, worrying that he could have had a heart attack.
What was his astonishment when he found his father standing at a safe distance calmly and watching the fire. Thomas asked to call his wife and said “Look, we have never seen anything like that in our whole life. The catastrophe is very useful, as all our mistakes burned down! Thank God, we can start from the very beginning! ”
If you do not find this approach acceptable, I recommend to take care of creating backup copies of valuable data in advance. We have a separate section of the course on the issue of backups with detailed instructions for different operating systems, here we will talk about the typical mistakes made when creating backups and the common causes of digital data loss.
But before starting, I would like to clarify one linguistic point. Backup stands for reserve, standby, and it is actively used by the Russian-speaking professional IT-community.
The reasons for information destruction
The first reason is software errors. Do not think that the threat is mythical or is an invention of the author. Some time ago an error was detected in the most popular Steam software, which led to the deletion of all data in the user's folder, there was even an official recommendation not to install Steam in the root of C drive (or any other drive). Otherwise, when deleting Steam, all documents, files and folders were deleted as well, except for files and system folders that it did not have an authorization to delete.
Steam as a whole is quite a problematic application, once it showed up vulnerabilities that could lead to remote code execution, in other words, a malefactor could run whatever they wanted on your computer. Therefore, I have a tip, to play games on a separate computer, but not on a work one.
Tip
For security purpose separate the gaming and work computers.As a rule, the data deleted by the program method are well restored with the help of special software, if the deletion was not intentionally performed using a special program with multilevel deletion like Panic Button.
The second reason is hardware destruction. My friend had a similar problem when his USB flash drive just stopped working. Fortunately, he was able to recover the lost information in a special data recovery company. A lot of stories can be found on the web, as people have their hard drives broken or burnt out, so there are too many such stories to consider this risk as insignificant.
There is one enlightening moment in the data recovery story of my friend. Despite the value of the data contained, his USB flash drive was not encrypted, so by giving it to repair service he just shared his data with third parties and possibly with the special services. Do not be surprised that the special services work closely with the repair centers, I have cited examples from life of arrests after putting the equipment into repair in this chapter of the course.
Don’t be like my friend, encrypt all your external storage, here's a guide for you.
The third reason is the physical destruction or complete loss of a device with data. You could have a laptop stolen or a fire could happen at home, anything can happen in life and such risks cannot be excluded.
Sometimes a laptop is stolen intentionally, hunting for valuable information. Several years ago in Russia there was a trial for the owners of a popular chain of stores selling phones and components Euroset. Some burglars broke into the office of the lawyer of the vice-president of Euroset and stole a working laptop with case materials, according to the victim, out of 5 offices nothing was taken except a working laptop with data on the criminal case.
To be protected against such situations you need to have an integrated hard drive encryption, additional use of cryptocontainers for especially valuable information and obviouly a reliable system of regular automatic backup of valuable data, including secret places for backups. Passwords should be created with these recommendations taken into consideration, if there is a risk that they might be overlooked, an emergency data destruction system should be configured.
If it is possible to physically access encrypted information, we have alsready described such examples in the chapter on methods of hacking cryptocontainers, you should consider using concealment of cryptocontainers.
The fourth reason is wipers. Wipers are malicious programs that destroy data on victims' computers, we will work with them in terms of the course. This could be a classic wiper that removes information or even worse it could be a malware encryption programmer by mistake of developers or deliberately leaving no way to get the key and decrypt the data.
If in the case of a wiper deleting data there are theoretical chances to get it back (depending on the type of your disk and the deletion algorithm used), then in the case of a cryptographer this is possible only in the case of significant errors of the developers of malicious software.
The fifth reason is the human factor. It might be strange, but more often we delete our valuable data by mistake on our own rather than it happes as a result of emergencies, software or hardware failures.
The sixth reason is intentional deletion by a third party having access to your device. This may be a colleague or a wife, as part of the course we will teach you to restore the picture of events, i.e. who used your computer or mobile phone, when it was deleted and what was removed on it, as well as how to recover deleted information.
Errors during creating backup
Do not think only that careless users who have not heard about backup copies are facing the problem of data loss. Firstly, many people do not back up data at the same time of making changes to the data, but after a day or even a week. As a result, valuable data may be lost, since they will not be in the last backup.
Secondly, some people store backups in one place, usually in the cloud, without taking into account that many similar services delete the data after 30 days in case of late payment. Thirdly, many people do not even protect the cloud properly, leaving any malefactor an opportunity to hack and gain access.
Fourthly, they forget about encryption and in some countries cloud services are required by law to provide all data stored in the cloud upon request. Fifthly, those who encrypt data do not conduct regular checks. This often leads to unsolvable problems when they are trying to restore encrypted backups.
By the way, a part of malicious ransomware penetrating into the corporate infrastructure first of all damage the creation of backup copies, while the damage is done in such a way that visually backups are done as before, but it is not possible to recover working data from them. This is done to prevent the system administrator from recovering the infrastructure from backups.
Protection against data loss
You will need to develop your backup policy. Backups can be manual or automatic, companies mainly use automatic one for backups creating and sending, while users can use manual one for its creation.
Manual backup involves the creation of a cryptocontainer and copying data into it. For automatic backup there are various tools, for example, from embedded systems like Time Capsule for macOS users to third-party software like Acronis.
We will talk about backup copies in the whole chapter and we will tell you in detail about all the tools. We will not consider various solutions like creating shadow copies of Windows in terms of saving data, this tool is more useful for rolling the system back to a previous state and its use is not very good for the integrated security of your device.
If you are working with software backup tools, periodically it is worth making a manual check. Although this advice is more relevant for companies, users also should not forget that an error can always be hidden in and backups will be “broken”, in other words with corrupted information.
It is recommended for companies to conduct the so-called training when the situation of the loss of the main servers is simulated and the infrastructure is completely restored from the latest backup.
Do not forget that the hosting can lose all the data stored on them. Some time ago the British hosting provider 123-reg, which at that time had more than 1.7 million customers, accidentally lost some sites of its customers. Sites were irretrievably removed as a result of running the script with a catastrophic error.
Our advice is about using backup storage in the cloud and on the external storage. Get yourself an external hard drive, encrypt and periodically copy backup data to it.
Tip
Store backups both in the cloud and on external storage.We will analyze in detail the creation of backups in a separate part of our course.