I’ve talked about these in a previous post, but essentially backups are copies of your data or computer which you can use to replace files which are inadvertently deleted, or as an alternative to paying the ransom in a ransomware attack.
You should make backups on a regular basis, whether by simply copying your important files to another hard drive or perhaps a USB stick, or using specific software for backups. The really important bit is this though: once your backup is complete, disconnect the backup media from your computer. If your computer is encrypted in a ransomware attack and your backup media is still attached, your backup likely to be encrypted too.
When trying to decide what to backup, think about what files at most important to you, about those which you really can’t do without. That’ll probably be financial information, including mortgage and insurance, but think about your photos and videos too. Put another way, if your house was on fire what would you save first, once family and pets were safe?
Biometrics are used as a form of authentication. They sound really technical, but all they really mean is a physical part of your body which is unique to you. That means fingerprints, palm prints, scans of your retinas and other unique factors which you’ve probably seen in spy movies etc, like ear prints. Some mobile devices eg the latest iPhones already use fingerprint recognition, so it’s not entirely all Hollywood make believe!
Probably the best known cryptocurrency, the value of Bitcoin soared towards the end of 2017, but many financial experts believe that this is a bubble which will burst soon. Created by someone called Satoshi Nakamoto – no-one knows who that really is – there can only ever be 21 million Bitcoins. Each Bitcoin can be split into 100 million units, known as a satoshi. The process of creating bitcoins is based on cryptography and maths, and is called mining.
Black Hat hacker
Taken from the old western movies, a black hat hacker is one of the bad guys. They’re the ones trying to break into systems without permission, probably either to steal data or to cause damage to the organisation. They’re the ones you are most likely to hear about in the news, often with a White Hat hacker talking about what they’ve done. (White Hats are the good guys, and there are also Grey Hats which we’ll cover later in the year.)
Blockchain is the technology used to create cryptocurrency, but in future it will be used for much more. If you think of blockchain as a sort of bank account where every transaction is visible to everyone in the world, where it is possible to track the origin and path of every piece of currency since the currency began, but without knowing who owns each account, that’s pretty much the principle behind it.
The first ever transaction contained details of how much was spent and what account number (technically, which wallet) it went to, as well as the date and time, along with some other information. All the details were encrypted into one block.
The second transaction did much the same, but also which wallet the transaction originated in and where it ended up. When encrypted it also included the details from the first block.
The third transaction was the same, but on encryption it included the first and second block.
And so on – that’s how the blockchain was born.
One of the benefits of blockchain is that each transaction is validated by all other participants, so it is pretty much impossible to falsify a record: fraud is therefore unlikely, and provenance has an unbroken chain.
This is useful in cryptocurrency, but has many other uses too. For example:
- When buying a house, wouldn’t it be great to have a complete list of every transaction ever carried out from land purchase to addition of a conservatory or work to fix a problem with rot, which could not be falsified.
- When new drugs are created to treat specific illnesses and diseases, think about how beneficial it would be to hold details of all tests and their results as part of the proof that they work, and which cannot be tampered with.
When a device has been compromised, it may be used to attack other computers over the Internet. When this is the case, it is said to be running as a bot (like a robot). When multiple bots are used to carry out a simultaneous attack, or to run in a similar way, this is called a botnet ie a network of robots.
Often used almost synonymously with Disaster Recovery (DR), Business Continuity is all about making sure that your business can carry on working in the event of an issue eg power cut, loss of data, flooding. It’s not all about cyber, though cyber is a constituent part.
Most commonly people talk about Business Continuity Planning (BCP) which is all about determining, documenting and testing how you will react to something that affects your business. For example, you may have an alternate site for people to work from, or they may be able to work from home, but how do you tell people that’s what they need to do? How do you know that they will be able to access systems from the alternate location? How do you know they will have access to all the software and data they need from that alternate location?
A key part of BCP is understanding who your key assets are, and what they need to do their job. You also need to understand the impact to your business if various components are unavailable, and how long you can afford to not be working. For example, if your business only provides services through the internet, having no internet access for several days could kill your business: your BCP will set out what you will do to get back online quickly.
It’s not uncommon for businesses to run tabletop exercises to work out who would do what in the event of a problem, but it’s also a good idea to actually test that the plan works. For example, if your BC plan is to have 20 people up and running within 4 hours at the alternate site, but it takes more than 4 hours to travel to the site, then your plan will fail.
It’s important to note that when testing your plan, things not working are good things to find. It’s better to find that out during a test than when you actually need it.