Backup Best Practices
Different Types of Eggs in Different Types of Baskets
A typical setup in smaller organizations is to have a singular backup solution in place to backup mission-critical data. This type of setup does tend to be cost-effective and protect core organizational data but has several flaws. For instance, is your singular backup method a full backup (image) or file-level? If you're running full backups only, what is your restoration plan? Full backups would require you to either restore the mission critical system in its entirety back to the state of the backup taken or bring in an additional endpoint to restore onto. If you're running file-level backups only, what is your restoration plan then? If the endpoint suffered a hardware failure or operating system corruption, are you going to spend time rebuilding that, reinstalling the applications, printers, etc. and then wait for the files to be downloaded again? In either case, is the backed up data stored on an external hard drive or tape drive on-premise or in the cloud? If on-premise what if the backup media gets damaged? And if in the cloud what if you're experiencing a severe network issue? This is why we want many different types of eggs in different types of baskets.
Recommended Backup Strategies
These recommendations are based on very common environments and recommendations for your environment may be different:
Disaster-Recovery-as-a-Service (DRaaS) is a relatively new backup strategy aimed for larger organizations who require maximum uptime and quick restoration times. DRaaS providers like Infrascale and Datto provide appliance devices that get physically installed in your environment. These appliances then take full backups of your servers and store them locally before also duplicating these backups to their cloud. Then in the event of a disaster like a ransomware attack, server hardware failure, operating system corruption, etc. the appliance can spin up a clone of the server in question in the same state as it was when backed up. As a result, this provides your organization access to mission-critical systems within minutes while IT steps in to begin the standard restoration process on the original host. At Kraken IT solutions we partner with Datto for smaller organizations and Infrascale for larger organizations.
Domain-Level Best Practices
Email threat protection is an aspect in IT that does require attention to the concept of defense in depth, or, implementing as many different safeguards along as many links among the chain of the system in question. For email, we can start at the fundamentals with your domain's DNS records. Many email providers support the use of SPF, DKIM, and DMARC records which all do different things to add credibility to your own domain and help protect against certain email attacks. Most commonly implementing these features don't introduce any new costs and just requires the IT labor to configure.
Email Filtering & Threat Detection
Microsoft 365 and Google Workspace natively have their own email threat protection mechanisms in place but are more on the rudimentary side of effectiveness. Choosing an email threat protection platform like Proofpoint, Mimecast, or AppRiver can help accomplish many needs when it comes to email security. To start, these providers act as a relay for your email, meaning before a message from an external sender hits your mailbox it gets scanned by them first. These providers scan emails to detect malicious links and attachments, signs of spoofing, or more simply spam and junk. With an inbound filter in-place less potentially malicious emails will ultimately land in your users' mailboxes, malicious attachments can be removed, and links evaluated and removed if malicious. Additionally, these providers also offer outbound relay services which is just as important as it means that if a user account was compromised or if a user goes rogue, these providers can scan outbound emails before being sent to customers, vendors, and partners to keep your domain and business' reputations in good standing. At Kraken IT Solutions we partner with Proofpoint for inbound and outbound email threat protection relay services.
Cybersecurity Awareness Training
Proofpoint, Webroot, and KnowBe4 offer customizable cybersecurity awareness campaigns that can be tailor-made for your organization. These campaigns can consist of short videos, slide decks, quizzes, and more and can be delivered monthly, quarterly, or annually to provide your userbase a refresher on good cyber hygiene practices. At Kraken IT Solutions we partner with Proofpoint to create, distribute, and lead cybersecurity awareness campaigns.
There are times where email is either ultimately the preferred method or only method for sending sensitive files externally. Sending such files over un-encrypted emails can have dire consequences if malicious hands were to intercept the email or access the recipient's computer/mailbox where the message will be delivered to. With tools offered by Proofpoint, Mimecast, and AppRiver you can give your workforce the tools necessary to securely send email, At Kraken IT Solutions we partner with Proofpoint to offer encrypted email services, send us an email at email@example.com and we'll send you an encrypted email as an example.
What is Google Workspace?
Google Workspace is Google's cloud Software-as-a-Service (SaaS) platform offering select à la carte tools and features at a monthly cost. This helps keep your IT budget predictable month-to-month and provides enough tools and features for smaller new organizations.
How do I get started?
Google Workspace tenants can be created at any time and can be created on a demo/trial basis at first. The standard trial period is 30 days and the amount of trial licenses is dependent on licensing type and size of your organization. Google also offers discounted pricing for non-profit organizations. Note that Google Workspace does not include the Microsoft Office desktop applications and while many tools in the Google Workspace ecosystem have apps for computers and mobile devices, leveraging any of these services will ultimately be cloud-based. If you conduct business in an online-only fashion, don't need full fledged word processing programs like Outlook, Word, and Excel, and don't have a considerable on-premise server ecosystem then Google Workspace is the SaaS solution for you.
What is Microsoft 365?
Microsoft 365 is Microsoft's cloud Software-as-a-Service (SaaS) platform offering à la carte tools and features at a monthly cost. This helps keep your IT budget predictable month-to-month and provides the productivity tools that fit most if not all needs of the majority of smaller organizations.
How do I get started?
You can create a Microsoft 365 tenant at any time and can even demo/begin service on no-questions-asked trial licensing. The trial period is one month and includes 25 licenses of whichever license type you're interested in. Adding and licensing user accounts is simple and quick, and after a typical provisioning period of 15 minutes new users will have full access to whatever they're licensed for. Microsoft also provides discounted pricing for non-profit organizations only requiring 501(c)(#) verification.
Many small businesses will start off using an email address given to them by their internet service provider such as firstname.lastname@example.org. These common beginnings are effective and typically suitable enough during the sunrise periods of business, but as a business grows having your own business email address such as email@example.com provides an additional layer of formality and as a more behind-the-scenes result introduces new features and possibilities all tied to your domain name.
The Problems with Registrar/Webhost Email
Some organizations will go a step further before launch or early on by utilizing email services from their domain name registrar or webhost and doing so makes sense in a lot of ways. Off the bat your company domain name will be used so you can create addresses such as firstname.lastname@example.org and many such providers provide a low downtime percentage of service year to year. However, when utilizing such providers you sacrifice a lot of control, customization, and potential workflow solutions for a more immediate use of business email.
What Solutions Are More Adequate?
There are two Software-as-a-Service (SaaS) suites that are well-tailored to organizations of any size and need being Microsoft 365 and Google Workspace. Many organizations will already be well-acquainted with Microsoft for access to the Microsoft Office desktop applications like Outlook, Word, and Excel but Microsoft offers an entire ecosystem of cloud solutions with à la carte licensing options. For instance, if you just need business email through Microsoft 365, they offer Business Standard licensing at $6/user/mo which tends to be a price well inline with options from your registrar or webhost. If you need access to the Microsoft Office desktop applications as well as business email, instead of paying for both separately and at a higher cost, they offer Business Standard licensing which includes both services. Google Workspace also offers business email at $6/user/mo and accounts setup in this ecosystem have access to the Google cloud family of tools like Gmail, Drive, and more. Both suites also offer a multitude of other features with no extra costs and we will make a separate post on both SaaS solutions.
Our owner Aaron periodically posts examples/explanations of common infrastructure configurations as well as pressing cybersecurity news.