Yahoo recently reported the largest hack in history, WikiLeaks is releasing hacked DNC emails at an alarming rate, and according to NBC News "the Obama administration is contemplating an unprecedented cyber covert action against Russia in retaliation for alleged Russian interference in the American presidential election." Are we on the brink of the First Cyber World War? Even if the current rhetoric just exacerbates unofficial nation-state-backed cyberterrorism, there is still a significant danger. Are you prepared to function offline? If not, it's time for some serious business continuity planning, a few muster drills and, most importantly, a tactical approach to disaster recovery.
My Company Does All That for Me
Most well-run businesses have some version of a Disaster Recovery Plan (DRP). The concept has been around forever. But what is your personal DRP? What if you were locked out of your main email account? What if you did not have access to online banking? What if you could not get online? What if the location-based services on your smartphone would not function? No maps, no Waze, no Uber, no Lyft, etc.? Do you even own a paper map?
Not for nothing, I don't think strong passwords are going to cut it anymore. It's time to back up your computer and your smartphone and to do your best to safeguard your important files, pictures, recordings and videos (especially original material that cannot be replaced).
Quite a bit has been written about how to back up your data. I won't rehash it here. The general theory is to have your data replicated in a couple of places. Services such as Dropbox, Box, Google Drive, iCloud, and the like all offer various versions of instantaneous synching between your local storage and the cloud. But most smart people also backup locally to an external drive with tools such as Time Machine (Mac) or File History and Windows Backup and Restore (Windows 10). A backup on a local, physical hard drive that is not connected to the public Internet is a very good idea.
If you've opted in to paperless billing, you should also consider printing out bank statements and any other financial or medical documents that you are likely to need if you are cut off from your cloud storage or if your files are maliciously erased.
I Can Always Access the Cloud
While it's true that there are multiple ways to access your cloud services (Wired or wireless Internet at home or work, public WiFi, a friend's Wired or WiFi connection, the 3G or 4G wireless networks, etc.), it is possible for a cyber-attack to damage or destroy both wired and wireless connectivity at the same time.
A natural disaster caused it to happen in New York City on Monday, Oct. 29, 2012, during Hurricane Sandy. By midnight, power was knocked out below 39th Street -- it did not return for a week. VoIP (Voice over Internet Protocol) phone lines stopped working as their battery backups drained. Even the old copper wire telephone network was down where the cables were submerged. Cell service was gone by late Tuesday evening and spotty (if you could charge your phone) until the end of the week. All VoIP phone communication was down by Wednesday. There was no Internet, no power, no water pressure, no traffic lights, no street lights, no basic social services -- and Manhattan got off easy. The effects were much, much worse in the greater New York Metro and in New Jersey.
All in, it is estimated that Superstorm Sandy caused $65 billion in damages in the US alone. A cyber-attack wouldn't destroy buildings or roadways, so you might think it would not be as costly. But that would depend on the extent of the damage and the duration of the event.
Data Doomsday Scenarios
I wrote an article in February last year entitled Data Doomsday Preppers, which was my reaction to the thesis of NatGeo's "Doomsday Preppers" TV show. In homage to all of the cyber-tough-talk this week, let's re-examine some of the data doomsday scenarios from my previous post.
- 20 million Americans wake up to find their bank account balances at zero.
- 20 million other Americans wake up to find random balances that exceed their wildest expectations. For example: a $25,000 balance where the day before it was $3,800 (the Federal Reserve, US Census Bureau and Internal Revenue Service's 2014 estimate for the average American family savings account balance).
- 30 million other Americans wake up to find out their hard drives have been erased and their data is gone.
- Retailers or financial institutions tell 30 million other Americans that their credit cards are canceled because of a data breach, and they will not be replaced for weeks because of the sheer volume of cards that need to be reissued.
- The top 500 websites are all hit with massive, unrelenting DDOS attacks.
- The top 10 health insurance providers lose 30 percent of their patient records due to the release of a super cyber weapon.
- 25 percent of federal prison records are erased or altered.
- $300 billion in cash goes missing from the US financial system.
- And, just for fun, hackers cause an algo-trading flash crash that takes 50 percent off the DJIA by 11am (as if any of the above would not be enough to cause a regular stock market crash).
None of this may ever happen. In fact, it probably won't. What will happen is something no one has thought of (or prepared for). That's the nature of a successful attack.
So back up your data. Practice a day offline. And make sure you know whom to contact, how to contact them and what to do when (not if) something unfortunate happens in our data-dependent, online world.