Make sure your laptop backups can handle ransomware

There’s more than one way to backup laptop data, but not all of them can defeat the tricks attackers have designed into ransomware.

ransomware attack
Andrey Popov / Getty Images

With increasingly mobile workforces, it’s important to effectively backup corporate data that resides on laptops, which requires a unique set of features not found in traditional backup systems used for desktops attached to corporate LANs.

Laptops have all the functionality of desktops, but are readily lost or stolen, have limited bandwidth for connectivity to corporate resources, and can spend unpredictable spans of time disconnected or turned off. So it’s important to find backup options that meet these challenges, which can also include ransomware attacks.

Backing up laptops properly also makes upgrading them much easier, especially in the world of remote work. A good backup system can restore a user’s profile and data, and makes replacing a laptop much simpler for both the IT department and the person whose laptop is being replaced. With the right system in place, all you have to do is ship them a new laptop.  They can restore their own profile and data without IT intervention, saving time, effort, and a lot of money.

Shortcomings of portable hard drives

It is possible to backup laptops on portable hard drives, but it’s not a good option for enterprises.

First, it violates the 3-2-1 rule that states there should be at least three copies or versions of data stored on two different pieces of media, one of which is off-site. Backing up one copy to one medium located right next to the laptop fails all three requirements.

This method is also really bad from a corporate IT perspective. There is no centralized control or reporting over the backup process, making it unwieldly and untrustworthy. It allows the risk of hundreds or thousands of unencrypted copies of corporate data sitting on the portable hard drives, making physical security a concern; it’s super easy to mount a portable hard drive to another laptop and read all its data.

Limits of traditional backup software

Another option is using traditional backup software that backs up data at the file level. This will work well for desktops on a LAN, but not for laptops. First there is the fact that laptops are not always connected, and traditional backup software assumes that they are. The traditional system’s backup server kicks off nightly backup on a configured schedule. If a laptop is powered off or disconnected from the network at the time, the backup will fail.

Full-file file incremental backups used by these traditional systems use far too much bandwidth to be practical for laptops that typically operate over lower bandwidth connections, and they tend not to encrypt backup in transit, exposing them to potential interception.

Sync-and-share limitations

Some people use services like Dropbox or OneDrive to sync laptops to a cloud that stores a copy of their data. One advantage to this approach is that these products are often included in larger products like Microsoft 365 or Google Workspace, allowing budget-conscious companies to have something that’s similar to backups without having to pay for it. It’s important to note, however, that it will not have the same functionality as a backup product designed for backing up laptops reliably.

One difference between sync-and-share products and backup products is how they handle ransomware attacks.

Once a laptop is infected with ransomware, the malware starts encrypting files silently in the background. This process may take weeks or months before the malware has encrypted enough files to demand the ransom. This means that while the attack is in stealth mode, the ransomware-encrypted files will be synced via the sync-and-share program. Some sync-and-share products store only one version of each file in the cloud, while others store many. But every sync-and-share setup has a limited number of versions it stores.

Ransomware developers know this and have tweaked the stealth phase of their attacks to address it. They repeatedly encrypt a given file, causing it to be synced to the cloud multiple times, so at some point, every version of that file that is stored in the cloud is an encrypted one; there are no unencrypted versions that can be used to restore machines encrypted by the ransomware.

Backup products designed with laptops in mind, on the other hand, don’t have this limitation. Most have unlimited retention and therefore will always have the version of a file as it existed before being encrypted by ransomware.

The final concern with sync-and-share is that there is no centralized control or reporting that IT can use to ensure that copies of data are being saved. A user can accidentally or maliciously disable the sync process, causing their backups to stop, and IT will have no idea it happened. Any true backup system will have such management and reporting in the base product.

Laptop-friendly backup

There are backup systems designed with backing up laptops in mind that can address these problems. They provide the centralized control, scheduling, and monitoring that are essential to corporate IT.

They can also be made invisible to the end user, meaning backups just happen, don’t slow down the laptop, and the typical user won’t have to know or care about them. They are configured by an admin who can monitor them.

Because laptops typically have connections with limited bandwidth, it’s desirable to have block-level incremental or source-side-deduplication backups to reduce the amount of data that needs to be sent to the backup-storage system and so reduce the time the transfer takes. These are features true backup products and services can provide.

End-to-end encryption is also a plus to protect the data in transit.

Specific ransomware protection is another attractive option that can detect an attack, and in the event that an attack succeeds, some backup products and services can simplifying the process of recovering hundreds of files across many directories.

Not all backups for remote systems have all these features, so shop carefully.

Yes, these systems cost money, but you might be surprised how much you can save when it comes time to upgrade or replace these machines. You’ll also be really glad you did this if you get hit by a ransomware attacks, which are not likely to get less common.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2021 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)