DCIG focuses its research primarily on enterprise storage and data protection. This article is, and is not, a departure from that focus. With so many businesses now urging or requiring employees to work from home, cyber resilience at home has become an important consideration for businesses of all sizes. I routinely work from home and recently experienced the failure of my primary work computer. This article reflects what I learned about cyber resilience at home from that experience.
Taking Our Own Cyber Resilience Advice
Two weeks ago, Jerome Wendt published a gripping article called An Anatomy of Responding to and Surviving a Ransomware Attack. He based the article on an interview of the COO at a large professional services firm that believed it was well-prepared to respond to any natural disaster or attack; yet discovered it was still vulnerable. Jerome closed the article with this statement, “It is the collective hope of DCIG, HYCU, and the firm that readers of this content will become more aware of the threat that ransomware poses and take the appropriate actions to protect themselves from it.”
After discussing the article with Jerome, I decided to take a fresh look at my own level of cyber resilience at home. I am glad that I did.
An Ounce of Cyber Resilience Prevention
As an analyst for DCIG, I routinely work from home. My technology setup includes a home firewall appliance that sits between my Internet router and the networked devices in my home. I run a well-regarded Internet security suite on all the computers in my home. I use one of the popular services that keeps a copy of my documents in the cloud.
Nevertheless, in light of the ransomware threat, I decided to add another layer of protection. After reviewing multiple alternatives and trying out the two most promising packages, I selected Acronis True Image for its anti-ransomware, on-site and off-site backups, and full-image backup and restore capabilities.
The motherboard of my primary work computer failed a week after I began using True Image. The computer was under warranty, and I had purchased an extended “next-business-day on-site after remote diagnosis” support agreement, so I was covered. After several hours on the phone with the technical support department, we determined that in the process of failing, the motherboard had killed both the boot SSD and the data HDD in the computer. Rats!
At this point, I was very glad that I had created an Acronis Survival Kit backup of the entire computer just a few days prior to the failure.
Discovery – NBD On-site Does Not Mean Tomorrow
The computer failed on a Saturday. The support technician told me that the parts I needed would ship on Monday, and a tech would be on-site on Tuesday. I did not receive a shipment notification Monday morning, so I checked in with support. I learned that the vendor did not have the boot SSD in stock. They expected to receive the part the following Tuesday. I could expect to see a technician Wednesday or Thursday of that week–ten days out!
The on-site technician told me that they had started seeing delays in January, shortly after the news about the novel coronavirus began to spread. She indicated that these delays were increasingly common. She also mentioned that her husband had recently been required to begin working from home. He had found it challenging to locate the furnishings and supplies he needed in order to set up a functional office at home.
A Bird in the Hand – The Value of On-site Spares
As a former IT director, I knew the value of on-site spares in accelerating recovery from failure. I keep two older, but still functional, computers on hand and routinely boot them up so that they receive operating system and other software updates. I also run the file synchronization service on these computers, so they have local copies of my work documents. Thus, after my primary work computer failed, I switched over to using a spare computer with minimal disruption.
Speeding up Recovery
The onsite technician repaired the computer and installed a base Windows image. The computer booted but did not yet have my software or documents. I used the Acronis Survival Kit to rapidly rebuild the data disk. However, restoring the boot disk was going to require extra steps due to the motherboard having been replaced. After several chat sessions with the system vendor and Acronis technical support, I determined it would be quicker to start from the base Windows image and then re-install my software.
Several items I had on hand helped to speed up the recovery process. I recommend these for everyone’s cyber resiliency kit. These include:
- Windows boot media
- A System Recovery Disk (created when the computer was new).
- An external HDD to hold a local copy of backups. This enables faster transfer of files to the repaired computer than can probably be achieved across the Internet.
- A “software downloads” folder on the external HDD with copies of all the software that you installed on the computer.
- A password manager that securely stores passwords for all the software and services that you use.
Cyber Resilience at Home
Businesses that have had work-from-home options in place for a long time also have policies and guidance for establishing a functional and cyber-resilient home office. For those businesses that are new to work-from-home due to the COVID-19 pandemic, I hope that my recent experience will suggest some steps you can take even now to increase the cyber resilience of your home office.
Update 03-27-2020 2:00 pm: Now that my primary work computer is fully functional again, I have put both of my spare computers to work folding@home. I am part of a wave of new community participants who are donating spare CPU and GPU cycles to accelerate COVID-19 medical research. In the last 5 days, folding@home capacity increased from 470 petaflops to more than an exaFLOP, making it ~10x faster than the IBM Summit!