I'm still thinking about this new threat to our data, and would appreciate any answers and further advice.
Obviously, prevention is the best policy, firewalls, anti-viral, anti-malware, and good practices of data protection in the office. But, that only minimizes the risk. We and the defensive software aren't perfect all the time. Our data can still be illegally copied or it can be lost- stolen, corrupted, encrypted, destroyed in a hardware problem or fire.
Strong encryption of the data is the best way to minimize risk to the patient and business if it is copied or stolen by criminals. What is the impact on the network performance with strong encryption of the data? Is there any reason not to encrypt the critical data? What program would you use for server encryption? 256 or more for medical data?
Back up is to prevent permanent loss of the data, and frequent backup is to minimize the work of recovery.
Online backup is great for physical damage and theft, but is a lot more expensive if you save a full copy every day to deal with corruption or encryption. I have four 300 GB drives in raid 10. I have no idea how long it would take to make a full back up of the 135 gigs of just critical files I have, much less making a clone of the whole server every day. Does anyone do full back ups online with hundred plus gigs. How many days should you have? I am only doing differential backups online.
I have NASs for full image back ups of my server array every week and a differential backup every night. But, I don't see how it could prevent encryption of the data, if cryptlocker can encrypt the whole NAS. Any way to prevent that? The defense of cryptolocker seems to be having detached back up drives.
So, it seems to me that I should improve on my external drive back up. Instead of 4 drives, each connected for a week while doing a differential back up every night, I would increase to 5 drives, M-F, and a daily differential back up during the day when I know the data is stable, with disconnect from the lan when done.
I am thinking of having another desktop at my desk to receive the server's clone differential every day over the lan that would be turned off as much as possible. I would start and hook it up to the lan at lunch time, use remote desktop to start the server's backup to the desktop,and hopefully it would be done before the afternoon shift got started so I can unhook it from the lan. I would connect the external drive to the detached desktop, and do a copy of the clone over the afternoon. Just cause I'm lazy enough to want to do everything from my workstation, instead of the server closet, while I eat lunch. Welcome to any advice.
I've heard of an old habit from before online back up where you have 3 drives. One for copying the computer at night, one for your bag, one for staying at home, and cycling through them every day. Probably the cheapest back up for anal people.
Unfortunately for this, but thankfully for almost every other part of my life, I am not an anal person. So what are the bottlenecks or other problems I'm not seeing?
