Insights For Success

Strategy, Innovation, Leadership and Security

USB

OPSEC : Backup Strategy for the Security Conscious

GeneralEdward Kiledjian

RELATED: The best way to protect your data - images, music, documents

Even with all of the technological advancements we have made, backups are usually overlooked by the "average Joe" until something significant occurs (causing a massive shift in paradigm). 

Why backup

Traditionally we backed up our information in case the physical media we used (hard drive, DVD, ZIP Drive cartridge, Bernoulli Box, etc.) had a catastrophic incident. 

Modern headaches that we add to the justification list now include malware and cryptoware data modification, seizure at a border crossing or shutdown of a cloud service. 

When thinking about backups (as a security conscious individual), you are concerned about:

  • Recovering your files in their original format (not some compressed low-quality version of your precious originals)
  • Ensuring that only YOU can access your backed up information 

Know thyself

Before we can discuss how to protect your information, we need to know what and where that information is

Inventorying your information is not as simple as it first appears... Think of everywhere you have stored digital data. 

  • You have one or more email accounts possibly with various providers (Hotmail, Outlook, GMAIL, Yahoo Mail, your ISP, etc)
  • You could have contact information on Google, iCloud, Samsung Contacts, etc
  • You may have documents in Dropbox, Google Drive, Microsoft OneDrive, various 3rd party apps (diaries, note taking apps, etc)
  • You may have information (sometimes even forgotten) on USB keys, SD cards, CD/DVD disks, etc
  • This blog has information (articles) going back 7+ years

You get the picture. What first seems like a basic easy to answer question could quickly turn into a monstrous inventory activity. 

Once you know what you have, you then need to figure out which of these sources is the "master" copy. It is not uncommon for people to knowingly or unknowingly load duplicate information across multiple different storage mediums. This of the master as the version that you are likely to keep the most up to date. 

As an example, I recently did a photo duplicate cleanup and realized 15% of my total 1.5TB photo storage was duplicate files I had accumulated over the years. 

RELATED: OPSEC - How to securely delete files

It's time to strategize

In a previous article, I talked about the 3-2-1 backup strategy. The exact entry from my previous article was:

This is a simple way to remember the right way to backup and protect your data. 

  • You should always have 3 copies of your important data. This means one primary (aka the one you use on a daily basis) and 2 copies as backups.
  • You should always have your backups on 2 different types of media (one of your backups can be to an external hard disk while the other one should be to another type of media like DVD disk or to an online service).
  • You should always store 1 copy of your data to "somewhere else". This is to ensure recoverability in case your house or business experience a natural disaster. Now in most cases, this can be one of the popular online backup services or it can simply be you manually storing the media in another location like your office, a bank vault or leaving it in a friends house. To be extra careful, it is recommended to built-in some distance between you and the offsite backup in case a natural disaster eats a good part of your city. 

The reason we create the information inventory in the previous step is so that you can also backup your application datasets. As an example, if you use Google contacts, maybe export the file monthly in CSV format and make sure it is backed up (don't rely on the goodwill of the provider since they always cap their liability in the event of a catastrophic incident). If you use a journaling application, maybe export your entries in PDF and back that up. If you have pictures sitting on your smartphone, make sure a copy is taken and added to your backup strategy (Google Photos is good but it stored an "optimized" version which is not original). 

People often forget to back up basic information like their emails. To do this, you may need to install a "fat" email client on your computer and pull all the emails (or copies of them) from your mail provider then backup the local program database. Google isn't going away but there have been countless tales of users "losing" access to their accounts for months because Google made an arbitrary decision. Unless you are running your own infrastructure, assume the provider can stop your service and hijack your data at any time. 

A couple of years ago, I spent weeks scanning all my paper documents so that I could have digital easy to move, easy to backup versions. You will likely have to do the same.

Where to store your backups

Back to my 3-2-1 backup model, you should have 2 copies of the data you physically control and one up in the heavens we call "the cloud".

The size of your backup will dictate what kind of physical media you store it on. When backups were small, many users could get away with storing them on CD/DVD/Tape drives but these aren't practical for most modern users.

Most of you will likely store your local copies on some type of large local storage medium such as a USB key and/or hard-drive. If possible, store your local copies on 2 different mediums (USB key AND hard drive) or Spinning hard drive and SSD drives. 

You need one copy in the cloud. Local copies are great because you can restore access almost instantly, but if a major incident occurs, you may lose both of your physical copies. That is when your backup of last resort comes in (aka cloud backup). Remember to protect your cloud backups. You can do this by pre-encrypting the information before uploading it (which works if your backup is small and you are uploading to a service like Google Drive, Microsoft OneDrive or Dropbox). The other option is to use a backup service that lets you hold on to the encryption/decryption keys like Carbonite and Backblaze.

Make sure your backup provider has version control enabled. This means they store multiple versions of files. This is useful if you are infected with cryptolocker like malware that encrypts your files, you can go back to a version pre-encryption. This is also useful if you delete a file by mistake and want to go back in time and bring it back.

It's a process

Once you figure out what your backup strategy will be, you need to ensure it is "run" regularly. Nothing is worse than having a plan and then losing six months of data because you forgot to backup. Most cloud services offer near-line backups which is a nice set it and forget it model. 

You will have to ensure your local copies are regularly updated also. On my mac, I use the built-in and free RSYNC command in the terminal to synchronize via a scheduled task. There are also a tone of reasonably priced on device backup apps (if you don't want to fiddle with the terminal). These are examples but not endorsements:

Native Union USB Lightning EDC & Travel Belt Cable Review

GeneralEdward Kiledjian

USB Cables are a dime a dozen. Lightning cables are more expensive but come in all shapes, sizes and quality. Most cables are perfectly acceptable sitting on your nightstand at home but if you carry it with you (EDC) or travel with it, then you need to make sure you pickup something that can withstand the torture it will endure.

Native Union is a boutique accessory maker that seems to put some thought in their designs and charges accordingly. No $2.99 cables here. The question is :

Can the Native Union Belt cable stand up to the rigors of everyday carry and travel?

A colleague was nice enough to lend me his cables for testing. He had bought them from Amazon.com for $25US a piece.

Specifications

Let's get the basic specifications out of the way. 

  • comes in 1.2M (belt) and 3M (belt XL) variants
  • It is a tangle free braided cable
  • has a leather cable tidy
  • is apple MFI certified so you won't get an accessory not supported message (on Apple products) like many cheap Amazon copies.

Cables are cables, don't expect anything revolutionary. One side connects to a USB power brick (or computer) and the other to your device. The difference between a good cable and bad one is the quality of the material and workmanship.

Native Union seems to have used to shelve high quality materials which makes the cable feel sturdy. The "belt" leather strap is functional but nothing to write home about. It works by keeping your cable organized.

Using the Native Union Belt USB & Lightning Cables

First I tested the power output of the Native Union lightning cable connected to an Anker brick capable of pushing 2.4A/5V with an iPad Air 2. The original Apple provided cables was able to transport 2.4A/5V (measured with a USB power meter.) The Native Union lightning cable performed exactly the same.

I then tested transferring files from a Moto X 2016 using the Motorola cable and then the Native Union cable and transfer times were similar. 

The cable is more stiff than the original Apple or Motorola cable so using the device while connection will need some getting use to but nothing too dramatic.

After use, wrapping the cable and tidying it with the belt is simple. The ultimate durability test was throwing it in my main laptop bad accessory pocket (a RedOxx CPA bag) and using it day in day out. While most cables break after a couple of weeks, the Native Union Belt actually looked as good on day 20 as it did on day 1. 

Conclusion

I'll be the first to admit $25 is a lot to spend on a cable but it is worth it for the business user or traveler that relied on his gadgets being charged regardless of where he/she goes. Obviously Native Union chose premium materials (except the belt felt a bit cheap) to design a cable that will last many many years soI wouldn't be gun shy to recommend buying these. Unfortunately there isn't a USB-C option yet but I have to believe one is on the way.

So my closing remark is buy it if you can find it. I know the USB version is out of stock on the Native Union website and is selling at a premium on Amazon ($30). The Lightning version seems available everywhere.

 

Would you like some malware with your dental cleaning?

GeneralEdward Kiledjian
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a law that was created to protect millions of working Americans and their family members with medical problems.
— American Cancer Society

Most working professionals have an association they can call their own. Dentists have the American Dental Association. The ADA represents 159,000 dentists across the USA and most received a "gift" recently in the form of a USB key with new dental codes.

It turns out of of the recipients is also technically competent and he decided to take a closer look at this "gift" (check out Mike's post on DSLReports.) Re-read that HIPAA description at the top of this post, it applied here.

He checked out the contents of this magical key and realized one of the files tries to open a bad bad webpage known for hosting malware (don't go here : http://ntkrnlpa.cn). Virustotal flags the site as bad. 12/67 detected it as badware day 1. When I asked VirusTotal to rescan the site for malware today, 13/67 detect it as bad. Symantec says the site contains threats. ScanURL recommends you not visit this site. So overall it is pretty safe (no pun intended) to assume this is a bad place and you shouldn't be wondering its streets alone.

The ADA says "some drives" contain malware and believes your antivirus should catch anything nasty on it or linked by it. Anyone involved in cybersecurity knows not to trust antivirus with their safety. Remember that out of 67 major antivirus vendors, only 13 today detect the site as malicious when it is known to be very bad. Antivirus is not a good replacement for good security hygiene. Obviously the ADA says if you haven't use this key, don't.

I don't want to be too harsh on the ADA. This isn't the first time "things" manufactured in China have been loaded as malware. In 2009, we had an outbreak of picture frames loaded with malware. 

Every time you add another step to a digital process, you add additional attack vectors and increase your risks. Instead of sending out USB keys, the ADA should have made the files available for download. By removing the USB key process:

  • sending files to the Chinese manufacturer
  • Infection is possible by the manufacturer of the USB keys
  • infection is possible by the company that turns the keys into promotional cards
  • infection is possible by the company that loads the content onto the keys using a duplication machines (which is likely how the ADA mailer was infected)

By making the files available for download, they reduce (but don't eliminate) the possible attack vectors. Additionally companies need to add much more stringent security controls around their digital product production process. I would also recommend that the ADA periodically sensitive its members on HIPAA, their obligations under HIPAA and provide guidance on good security hygiene. 

Infinite USB cables promise to add USB connectivity to your devices

technologyEdward Kiledjian

Regardless of how many USB ports your devices seem to have, you are always short a couple of ports. Now the creators of the Infinite USB cable believe they have solved the problem once and for all. 

The promise is that you can keep connecting their nesting USB cables (plugging one cable into another cable over and over). The idea sounds incredible at first but... Remember that most USB ports have limited power which means you will quickly make become unable to power the USB devices you are plugging into them. This means that you wouldn't be able to keep chaining cables to your hearts content. At most you would be able to plug 2 maybe 3 of them (if you are lucky).

$12 get's you a MicroUSB while $14 get's you an Apple Lightning cable. There is a USB Type C cable in the works which may be the best option.

See it on Kickstarter (link)

25% coupon code for all Nomad products

technologyEdward Kiledjian

There is a saying in photography

The Best Camera Is The One That’s With You
— Chase Jarvis

A $5,000 super sophisticated camera doesn't help you capture that special moment if it isn't with you. This is why smartphone photography has really taken the world by storm (since our smartphones are always with us).

I have the same issue with charging cables. Over the years I have bought hundreds of cables ranging from cheap chinese knockoffs to expensive high quality manufacturer sold ones. Regardless of the cable, they never seemed to be with me when I really needed them or were a hassle when travelling.

NOMAD HAS BOTH LIGHTNING AND MICRO-USB TIPS

That is until I met the ChargeKey (pictures above). This thing is always with me ready to charge my iPhone. You should read my review of the ChargeKey (link).

Nomad also has a ChargeCard which offers the same convenience in an easily walletable card format.

nomadcard.jpg
The Nomad ChargeKey has been on my keychain getting beaten up in my pocket for 4 months now and it works perfectly and looks like new.
— Edward Kiledjian

SAVE 25% off Any Hello NOMAD product this week

Order any product from helloNomad.com and use code "LIVESIMPLE" (without quotation marks) to save 25% off your order. It's a great time to stock up.

All Nomad Lightning cables are Apple MFI certified so they are guaranteed to perform.

Shipping is free for the US, Canada, United Kingdom and Australia. It's $5 anywhere else.