Terry & Oorlagh George holding their Oscars

By all accounts, no one in the television audience of 39.3 million people could probably tell that the father and daughter team of Terry and Oorlagh George had anything to worry about. Standing on the stage at the annual academy awards ceremony, they beamed with joy holding their gold Oscar statuettes in their hands, having just won the award for best live action short film. Even after facing dozens of photographers and providing countless interviews, there was never a hint that all was not well with their award-winning film “The Shore”.

But after the evening’s ceremony and after-parties, the pair wondered if anyone would ever see the version of the film they had labored to create and lost in an unusual circumstance.

Shot completely in digital format, “The Shore” was edited into multiple versions using Apple’s Final Cut Pro. “We created several versions of the film”, explained Producer Oorlagh George. “We edited the film to an airplane friendly version, another for television with cuts for commercials, a film festival version for time constraints and our preferred version-also known as a Director’s Cut.”

All of the Final Cut Pro project files for the various versions of the film “lived” on a MacBook Pro laptop computer that was configured for automatic backups. Yet, somehow after the MacBook refused to boot up and its files were restored, it was discovered that the critical Director’s Cut version of the film was missing.

“We went to the Oscars-and we won!” Oorlagh recalled. “Since the drive was in transit to DriveSavers, we didn’t think we would get the version of the film back that we really wanted people see.” But, after just two days, DriveSavers rescued the irreplaceable Director’s Cut along with her family photos and notes for a television series she was developing.

Oorlagh summed up her experience with a laugh saying, “We are so grateful to the kind people at DriveSavers, they are just amazing. I would use them again in a heartbeat…but hope I never have to!”

Backing up is the first rule of thumb for protecting all your important data and clearly it has real benefits, yet it’s surprising how many people don’t do it or…do it improperly. A suitable backup means that a duplicate copy of your data resides on a different storage medium than your main hard drive. Copying your data to another folder on the same drive doesn’t count because when (not if) your drive crashes, you may not be able to access any of the data.

A good backup plan starts with deciding what files you want to backup. This can take awhile if you have a large hard drive and thousands of files collected over years of computing. To speed up the backup process and reclaim valuable space on your hard drive, it’s a good idea to do little digital housekeeping and archive old data to semi-permanent storage media such as DVD-R, BD-R or even CD-R. Although these media are “write-once”, the expectation is that they will last about one hundred years before deteriorating.

Once you’ve archived data to your discs it’s recommended that you verify and check the data on them to ensure everything was properly transferred and that none of the files are corrupt. Lastly, you should make more than one set of these archive discs and store them in different locations. You might keep one at your office, another in a safe deposit box and perhaps an additional copy at the home of a family member.

Next, you should think about a reliable backup device that will function properly on a daily basis. An external hard drive that resides on your network or is connected to your computer full time is a good start. Choose a drive that will backup the entire capacity of your hard drive (plus a bit more extra space for future data). Ultimately, you’ll want to include all the files you’ve created, your programs and the system software too. Nothing beats the speed of a hard drive with a full backup to get you back up and running quickly.

The real secret to bulletproof backup is to do it religiously. The best advice here is to use software that automatically backs up your drive at a scheduled time every day. Apple’s Time Machine and third-party software products like Acronis True Image for Windows, handle automated backups seamlessly and there many others available for purchase on the web.

Beyond a single backup device you should also have a backup—for your backup. Think worst case scenario: a sprinkler pipe bursts flooding your studio computer and backup; a fire breaks out and everything becomes a wet, charbroiled mess after the fire department douses it with water; a disgruntled employee erases your main hard drive and destroys the backup. To protect yourself against these situations, you’ll need a secondary backup—one that happens outside your facility.

Cloud-based backup services work by downloading and installing software on your computer with data backed to their servers that can be configured to run at scheduled times on your wired or wireless network. Three popular services are Mozy (currently 50GB for $5.99 a month), Carbonite (unlimited space for $59 annually), and CrashPlan (unlimited space, free and various plans). Any of these providers can do the job adequately and you’ll get added peace of mind when you’re away from your desktop computer working with a portable laptop out in the field.

©2012 DriveSavers, Inc.

You find the strangest things inside computers…actually this little bat was having a nap in the stairwell of our building. He was released uninjured in the field across the street from our offices.

Newegg.com, the online retailer of electronics and computer products, has expanding its services into data recovery services plans, the company said Tuesday.

NewEgg has partnered with DriveSavers which will provide data recovery services to customers whose storage devices fail. The service–which works beyond backup and recovery to recover critical data from a failed or corrupted storage device–will cost $29.95 for one year of service for a hard drive and $49.95 per year for laptops.

Newegg said it will offer the plans with the purchase of hard drives and notebooks. The plans essentially act as insurance policy against a hard drive failure; data recovery efforts typically cost hundreds, if not thousands, of dollars, if obtained after a failure.

Cybercriminals will keep pursuing consumers, businesses and government agencies, but other Internet security violators in 2012 will range from teen “hacktivists” to “Big Data companies,” foreign governments, and corporate employees, said security experts on hand at the RSA Conference in San Francisco.

With regard to specific security exploits, participants cited the use of new channels such as DNS for Web site command and control, new “blended attacks” involving mobile malware, and advanced persistent threats (APTs) against new targets such as clouds and pharmaceutical firms. As we see it, here are five general trends that emerged from RSA as top security threats for 2012:

1. Idealistic young ‘hactivists’ will continue to attack.

“It’s certainly been a very interesting and active year in our field with the rise of hacktivism, the increasingly sophisticated targeted attacks, [and] breaches of major organizations,” said Ari Juels, chief scientist and director of EMC’s RSA Laboratories, during a conference session.

Of the data breach cases investigated by Verizon Business during 2012, 29% involved exploitation of default or guessable passwords. Password exploits were followed by backdoor malware at 26%; use of stolen log-in credentials (24%); exploitation of backdoor or command and control channels (23%); keyloggers and spyware (18%); and SQL injection attacks (13%), according to select findings from Verizon Business’ 2012 Data Breach Investigations Report (DBIR) released at the RSA conference.

Over the past year, hactivists have been conducting large-scale exploits to infiltrate law enforcement agencies and major companies and steal sensitive data “for the purposes of embarrassing or damaging” these organizations, according to Ed Skoudis, founder and chief security consultant at InGuardians and a speaker at the show.

“The big difference is [that] the attacker doesn’t try to hide,” noted Johannes Ulrich, chief research officer with SANS and a co-presenter with Skoudis at the conference. “They try to open it up and show the world what they have accomplished.”

Hacktivists “claim to be political idealists who want to change things,” contended Misha Glenny, an investigative journalist specializing in cybercrime, during a panel session about hacktivism at the show.

Yet it can be tough for authorities to tell the difference between “genuine idealism” and attacks generated for intellectual property gain or by other kinds of criminal intent.

Many hacktivists are in their teens or twenties. Although “there are some very positive examples” of what hacktivism can do, hactivists can also be “duped by a criminal organization,” according to Glenny.

During the same session, Eric Strom, a cyber-investigator for the FBI, cited “a smaller criminal element that could be associated” with hacktivist attacks.

2. ‘Big Data’ companies are taking control of users while profiting from user information.

In another session at RSA, cryptography expert Bruce Schneier named “Big Data” companies — or companies that “collect, aggregate, and use” large amounts of data about users — as one of the three greatest security dangers.

Schneier suggested that Big Data results in a “feudal security” system where users entrust personal information to organizations such as Google, Apple and Facebook, which then in turn use the collected data to profit from sales of ads or products.

“I mean Big Data as an industry force. like we might talk of Big Tobacco or Big Oil or Big Pharma,” according to Schneier. The emergence of Big Data can’t be helped, he said, because data is so inexpensive. “It’s easier and cheaper to search than [to] sort.”

The lack of control that users now hold over their cloud-based data extends to newer devices such as smartphones. “I can’t do things as a security professional on my iPhone. Apple doesn’t give me the same access that I have on my personal computer,” he said.

Also among the three major dangers are “ill-conceived regulations from law enforcement” and the “cyberwar arms race” among national governments, according to Schneier.

3. Foreign governments will start to target clouds and more types of businesses with APTs. 

Another conference speaker, Uri Rivner, head of New Technologies, Consumer Identity Protection, in EMC’s RSA Security Division, described APTs as “military-grade attacks against commercial companies.”

During a pre-show podcast, Rivner predicted that, in 2012, APTs might be launched against cloud-based services and more types of companies — in industries such as pharmaceuticals, energy and mining — as new sources for IP theft.

Meanwhile, attackers are starting to exploit command-and-control systems that use DNS code, Skoudis said during a conference session. Hackers can now produce produce malware that is able to maintain a connection with a machine on a network for as long as the machine can resolve DNS names. To detect such attacks, Skoudis suggested keeping an eye out for unusual DNS traffic.

The RSA show also saw announcements of new products and technologies designed to curb attacks by toughening up authentication for logging into Web sites, for example.

TextPower introduced a new two-factor authentication system that works outside of Web browsers in efforts to avoid keystroke logging, “Man in the Middle,” and “Man in the Browser” attacks.

How does it work? After a user has entered a user ID and password on a Web page, the system displays a one-time authentication code in clear view on the Web page of a PC. The user then texts the authentication code from a cell phone. Even if attackers know the cell phone number, they’ll be unable to spoof the phone, since wireless carriers identify phones by unique identifiers specific to each phone, said Scott Goldman, CEO of TextPower, in an interview with NotebookReview.

4. Attackers will make more use of mobile exploits for hacking into corporate networks.

When it comes to mobile security, lots of people still want to know when we’re going to see giant botnets made up of mobile phones, according to Skoudis. At the moment, though, attackers are beginning to launch so-called “blended attacks” involving the  exploitation of employees’ phones.

“Bad guys are going to the Android Marketplace, pulling down an app, building a backdoor into it and selling it in another Android app store for a lower price,” he said.

“Or they’ll take the backdoor, grab an icon from an application someone wants to buy, and sell it in another app store for a lower price.”

While it’s typically harder to sneak an app into Apple’s App store, it can be done. A couple of years ago, for instance, a developer managed to get a “flashlight” app into the App Store even though it contained a tethering feature which violated the policies of wireless carriers.

According to Skoudis, attacks against enterprises through mobile devices won’t be difficult to do, because many corporate executives demand BYOD (bring your own device) network access and many enterprises don’t restrict the use of mobile devices.

As reported in our sister publication, Brighthand, other research released at the RSA Conference shows that BYOD smartphones, laptops and tablets are getting inadequate security protection in terms of encryption and enablement of autolock and password security.

5. Company employees, consultants, and business partners can always pose security risks.

Also at the RSA Conference, Dawn Cappelli, technical manager from Carnegie Mellon’s CERT Insider Threat Center, delivered a session on “insider” exploits by company employees, consultants, and business partners. Almost 50 percent of all companies have been hit by insider attacks, according to recent studies by CERT. Although incursions by outsiders are even much more common, insiders can cause considerable financial damage.

Perpetrators range from terminated employees who sabotage systems out of revenge to lower-level staff bribed by criminal interests to steal or modify company information.

In one incident investigated by CERT, for example, a car salesman offered to pay an empoyee of a credit reporting agency $150 per record to change the credit reports of people who wanted to buy cars but had bad credit. The insider then recruited four co-workers to take part in the scheme. The credit agency didn’t discover the fraud for more than a year.

Companies can even lose corporate information at the hands of unqualified data recovery contractors, hired to recover information when a laptop hard drive fails or a smartphone gets damaged in a drop or fall, maintained Michael Hall, CISO for major data recovery company DriveSavers, in another interview with NotebookReview. Too often, businesses choose a data recovery service on the basis of price or a promise of speedy data recovery rather than adherence to sound security practices, according to Hall.

Hall pointed to the results of a new survey by the Ponemon Institute showing that 87 percent of companies acknowledge experiencing a data breach over the past two years — and that, of these, 21% say that the breach occurred while a drive was in the hands of a third-party data recovery firm.

Although some of this data loss is unintentional on part of data recovery companies, some could be intentional, the survey results indicate. In one case, while away on a business trip, the CEO of a large defense contractor accidentally spilled a diet soda on a notebook PC containing very sensitive information about a forthcoming merger. The CEO then hired a data recovery service in the local area to restore the hard drive.

Two weeks later, information about the merger leaked out during a cable business program. The CEO was told that the merger was now “on hold” and would probably be canceled. An ensuing investigation showed that the data recovery service was a home business and didn’t have proper procedures in place to ensure protection of confidential information.

Digital photography offers a fast and convenient way for photographers to accomplish their work. However, with convenience comes the extra task of managing camera cards and unlimited numbers of digital images. Add to the list, the very real possibility of a hard drive crash or physically damaged camera card and data recovery becomes a priority.

Here at DriveSavers Data Recovery, we’ve assembled the following list of tips to help prevent potential data loss and handle flash memory cards properly:

• The first rule of thumb for protecting your digital photos (or any important data) is to back it up! That may seem obvious, but here at DriveSavers, we see hundreds of drives, flash memory cards and other storage media every month that have failed mechanically or been physically damaged.
• Always transfer photos from your camera’s memory card to your computer’s hard drive as soon as you can. Note that some image management programs installed on your computer allow you to delete photos from the memory card as soon as transfer is complete. We do not recommend deleting images or reformatting memory cards, until all files on the computer’s hard drive are opened and tested.
• Backup your new photos immediately! This will guard against data loss when your hard drive crashes unexpectedly. Backup your data using CDs, DVDs, an external hard drive or online backup service.
• It best to make more than one copy of your backup media and keep a duplicate offsite in a secure location, perhaps in a fire safe or bank safety deposit box.
• When traveling, always carry a spare external hard drive, blank CDs, DVDs, or other media to use for backup. Most importantly, when you return home from your trip, don’t forget to back up your laptop. You can’t back up too often!
• It is a good idea to replace your flash memory cards occasionally. In most cases, typical flash memory cards can endure about 10,000 to 1,000,000 erase cycles.
• Never carry unprotected flash memory cards in your pocket! Simple static buildup in your clothing can zap the card and make it unreadable. There are other dangers as well such as breaking a card in your pants pocket as you sit down, or putting the card along with your clothing through the wash—literally.

If you have any other helpful tips, we’d love to hear them in the comments!

Jonathan Gass, IT support specialist at a Kentucky community and technical College in Louisville has nearly 15 years of experience managing multiple servers and storage arrays. He supports six campuses in four different counties.

One particular device on the college network was a five-disk, two-terabyte SAN configured as RAID 5, which offers redundancy and the ability to rebuild a data set using parity information stored across multiple drives. The system was used to support 500+ employees, providing primary storage of the professor’s grade books and critical financial records for the business affairs department.

Two of the five hard drives in the SAN failed simultaneously and the timing couldn’t have been worse, occurring on the first weekend of December-just one week before grades were due. Worse, all regularly scheduled backup sessions had failed and others were discovered to be very old.

After a recommendation from the SAN’s manufacturer, everything was in place to have it shipped to DriveSavers. But, at the last minute, the procurement department demanded that Jonathan utilize their existing support contract with an outside vendor who partnered with a different data recovery firm.

Three days later, Jonathan received a phone call and it was not good news. “We’ve never seen a problem anything like this,” the tech at the data recovery firm told him “…unfortunately you’ve lost all data.” Without holding much hope, Jonathan had the device shipped to DriveSavers for SAN data recovery.

Jonathan feared the worst when DriveSavers phoned a few days later. Instead, he heard three inspiring words: We got it! “When we received the data, it was amazing, said Jonathan. The data recovery was 100 percent successful. I love the fact that the engineer took complete ownership from beginning to end.”

Asked if Jonathan would recommend DriveSavers he responded, “DriveSavers is permanently programmed into our speed dial. I experienced a fantastic level of professionalism and optimism from everybody at DriveSavers. If you suffer a data loss on a SAN or other storage device, DriveSavers are the people to call.”

An independent study by the Ponemon Institute, a privacy and information management research firm, has unveiled a Data Security Checklist for vetting third-party data recovery service providers. The study, “Security of Data Recovery Operations,” conducted among IT security and IT support practitioners, is the first national study published on the security of data recovery operations for businesses and government organizations. DriveSavers is the only data recovery company worldwide that meets all the security requirements on the checklist.

Paul Reymann, CEO of Reymann Group and one of the nation’s foremost experts in regulatory compliance and information risk management comments, “The lack of information security protocols and practices in the vetting, selecting and use of data recovery service providers is not a potential problem-it’s a real problem! The checklist is a prudent solution to help ensure data recovery vendors protect sensitive data during the data recovery process.”

For companies that already have a strong vendor risk management program, mandated vendor management practices apply to all stages of the information life-cycle. CompuCom Systems, Inc., the leading IT outsourcing specialist, and Lawrence Livermore National Laboratory (LLNL) have extremely stringent security protocol and auditing processes for their third-party vendors. DriveSavers Data Recovery has experienced firsthand and passed the stringent security protocols of CompuCom and LLNL which include each of the requirements listed in the Data Security Checklist below.

“Lawrence Livermore National Laboratory’s data security standards are based on the National Institute of Standards and Technology’s (NIST) recommendations. We strive to ensure that our mission critical data handled by third party vendors is protected at a level equivalent to the standards we hold for ourselves,” said Neda Gray, CISSP, Information Systems Security Officer for Operations and Business at LLNL. “We periodically require an exhaustive security assessment of our third party vendors.”

“Data security standards are set high by CompuCom to ensure that our customer’s data is never vulnerable,” said Dave Borgese, vice president at CompuCom Systems. “We require an exhaustive security assessment of all our third-party vendors. DriveSavers is SAS 70 Type II compliant and is guarded by a ‘defense-in-depth’ network architecture which provides the level of data security we promise to our customers.”

Not all companies have this level of security protocols in place for working with third-party vendors. The Ponemon Institute’s study confirms that there is a major gap in security protocols when selecting data recovery service providers.

Here is the recommended checklist that should be used for vetting third-party data recovery service providers. Data recovery service providers should follow these protocols:

• Proof of internal information technology controls and data security safeguards, such as compliance with SAS 70 Audit Reports
• Engineers trained and certified in all leading encryption software products and platforms
• Proof of chain-of-custody documentation and certified secure network
• Vetting and background checks of its employees
• Secure and permanent data destruction when required
• Use of encryption for data files in transit
• Proof of Certified ISO 5 (Class 100) cleanroom