Cloud Server: What’s the Best Way to Keep Your Data Safe?

It’s 2022; cloud server solutions have superseded portable storage devices like hard drives in business use. Because why save files on limited storage spaces when you can utilise the cloud and access data anywhere?

The upsides to cloud storage are anything but trivial: infinite capacities, continued access during system failures, and no clutter on your computer! Backing up important data has never been more seamless.

However, as alluring as the benefits may be, there are some disclaimers to cloud computing. It’s worth noting that security concerns are a given, and data protection is always a must.

What is a Cloud Server?

These days, utilisation of the cloud is everywhere. We might not be aware, but we engage cloud services every time we use tools like Google Docs, Dropbox or Microsoft 365 applications.

In the simplest terms, the cloud is a remote location to store data. So instead of saving files on personal devices, businesses are increasingly storing data on servers hosted by third-party cloud providers.

This series of servers resides in data centres all across the country. Users can then access their data from internet-enabled devices at any time and place.

Is a Cloud Server Really Secure?

Although cloud providers have more robust security measures up their sleeves, it’s natural to worry about data vulnerability. Cybercriminals frequently loom with strategic attacks, and protecting data out of your reach can feel impossible.

But the truth is that cyber thieves are better off targeting confidential information on your computer via phishing emails and malware. They could infiltrate your devices or even freeze your computer to restrict data access until you concede a ransom.

On the other hand, cloud infrastructures by third-party companies are more potent at safeguarding sensitive information from unauthorised access.

Is Cloud Server Really Secure

How to Ensure Your Data is Safe in the Cloud

While there are specific criteria to uphold when choosing a cloud service provider, the best practices for data security are more or less the same. This next section will go through some critical tips for securing your data in the cloud. 

1. Back-Up Your Data Locally

Backing up data is central in data management, even when using the cloud. Ideally, your information shouldn’t be housed on only one cloud server; you should have multiple digital copies in local storage.

That way, you can access your data even when the cloud server goes offline or when the original copy is compromised. There is also the question of a power surge, hardware failure, robbery, and natural disaster—is gaining access still possible?

The answer is yes, as most cloud providers practice redundancy by copying and storing data on different sites. Luckily, you can work with yours to determine the level of necessary redundancy depending on your company’s needs.

2. Be Smart with Passwords

Did you know that 75% of cyberattacks on corporate networks are due to weak passwords?

Passwords are the battle frontlines of your home, so you better ensure that no hacker can crack through. Best-case scenario, a strong password may discourage cybercriminals from attempting to break your sturdy lock.

While devising and remembering complicated passwords can be a headache, the trouble could mean it’s working. Here are some quick-fire tips for creating a secure password:

  • Make sure there are at least eight characters.
  • Combine letters, symbols and numbers in an atypical configuration.
  • Avoid using identifying information, including intimate names and birthdays.
  • Try not to apply the same password for different accounts.

Besides coming up with an uncrackable sequence, it’s also smart to change your passwords frequently. And be careful not to reuse or share them!

3. Encrypt Your Data

Another crucial step is making sure your cloud service provider encrypts your files. As a result, hackers will have a more challenging time stealing data, which mitigates security breaches by a wide margin. 

With preliminary layers of encryption on your local hardware and in the cloud, you can protect your information from service providers as well.

4. Enable Two-Step Verification

Setting up two-factor authentication also serves as extra protection to prevent hackers from obtaining sensitive information. If you’re not familiar with 2FA, this tool requires an additional action on a separate device when logging into accounts.

Thus, accessing your cloud data wouldn’t be a mere username and password away, as you still need a verification code. This ensures extra protection for your data even when hackers get ahold of your password or details.

5. Read the Fine Print

It has become a bad habit for us to glance through the terms and conditions in software contracts. However, paying attention to the user agreement is essential before signing on with any cloud provider.

Generally, this piece of document details information about how your data is stored, protected and used. You could be giving third-party permission to distribute your information without knowing it.

Be sure to stay well-informed of any caveats and always read the updated privacy policies by your service provider. 

6. Ensure Security Testing

Lastly, your cloud provider should never overlook continuous testing of their servers and network. There’s no guarantee that your provider’s defences are strong enough to withstand modern breaches, malware, and viruses without security testing.

Ensure Security Testing

Aegis Cloud Data Protection and Disaster Recovery

Aegis is an experienced cloud service provider with an assortment of cloud backup and disaster recovery solutions on its belt. Complete with centralised backups and encryption while adhering to the 4-3-2 backup rule, rest assured your data is safe from malware attacks, unforeseen disasters, and inadvertent deletions.

Additionally, Aegis provides complimentary cloud disaster recovery (DR) services to ensure infrastructure redundancy and minimal downtime. All your data would be stored locally in Aegis’ impenetrable data centres located in Malaysia, addressing data sovereignty and promising continued access no matter what.

Learn more about our cloud services, and don’t miss out on Aegis’ latest promotions on cloud DR, endpoint backup, and Office 365 backup.


Why ISO 27001 Accreditation is Crucial When Selecting a Managed Service Provider

After watching The Great Hack documentary, it’s spine-chilling to think how easy it is to weaponise our data against us. The amount of data produced each day from IoT and other technologies is insurmountable, yet its safety is arbitrary.

If tech giants like Facebook are not unassailable from cybersecurity breaches, what about your corporation’s information security? With remote working models cementing their place in the business world, large-scale cyberattacks are growing more creative and frequent.

The documentary also showed us how complex securing data and applications is, much to our chagrin. These unpredictable threats to significant business disruption have turned many companies towards partnerships with a Managed Service Provider (MSP).

However, choosing the appropriate provider is critical in mitigating information security gaps. Given that your MSP will have complete access to highly confidential data, you would want to ensure it abides by stringent Information Security Management System (ISMS) governance.

ISO 27001, in particular, is a vendor-neutral, gold standard for any cybersecurity framework. This accreditation’s specific purpose is to identify whether your information is secure, regardless of format.

What is ISO 27001 Accreditation?

Known as the International Organisation for Standardisation, ISO was established to help people understand the optics behind doing business with other organisations. ISO 27001 then aids in analysing an InfoSec management system or the policies and procedures surrounding sensitive data.

ISO 27001’s guidelines do not align with specific industry sectors, covering all IT systems, including cloud hosting environments. Its broad framework makes it possible for implementation across all organisations.

What is ISO 27001 Accreditation

Why Choose an ISO 27001 Accredited Managed Service Provider?

Working with an ISO 27001 certified provider ensures the best practices for governance, risk management, business continuity, and regulatory compliance. Equally as important, you would know how your data is stored and managed.

Moreover, partnering with an ISO 27001 MSP brings an arsenal of advantages, such as:

  • Confidentiality through limited unauthorised access and disclosure only to authorised users.
  • Integrity by safeguarding data from malicious or unapproved alteration.
  • Availability and prevention of corporate data loss or downtime that endangers your business.

In Conclusion

Since ISO 27001 certification necessitates that an organisation’s entire security program undergo an external audit each year, it’s an excellent way to identify vulnerabilities and protect your intellectual property. After all, cybercrime tactics and hackers are not waiting for you to catch up.

Considering the sophisticated methods that cybercriminals continue to mastermind, there is no guarantee to eliminate security breaches completely. However, employing an ISO 27001-accredited MSP can help challenge and minimise these threats without worrying about legal implications.

Aegis has been an ISO 27001: 2013 Information Security Management System (ISMS) certified Managed Service Provider since 2019. The entire Aegis’ backup and disaster recovery process and procedures are governed by ISO 27001 ISMS. Our cloud hosting, backup and disaster recovery services can deliver efficiency, reduce customer server downtime and execute disaster recovery plans for business continuity when disasters strike.

Don’t miss out on our ongoing promotions for cloud DR, endpoint backup, and Office 365 backup — all much-needed deals!


7 Examples of Malicious Code: Detect, Remove and Prevent

The continuous advancements of technology do not come without risks, especially concerning malicious code. Malicious code is a serious threat to computer systems, purposed explicitly for exploiting or creating vulnerabilities. 

This malicious software could cause a myriad of complications for you, including data theft, security breaches, extortion — shall we go on? Consequently, it’s important to understand how the code operates so you can detect, remove it and prevent system damages.

What is a Malicious Code?

Malicious code, or malware for short, is a “language” perpetrators communicate to infect computer systems. In short, any harmful computer program that serves to destroy your corporate network and data intentionally is known as malware. 

Malware infiltrations are incredibly dangerous because they are unrestricted to manual methods, able to replicate and spread themselves. However, other types of code require human interaction, such as prompting downloads from users.

When your company is stricken with malicious code, it may very well result in:

  • Data corruption
  • Extortion through the demand for ransoms
  • Theft of confidential information
  • Loss in credibility

But don’t worry, there’s still time to protect yourself and your business! Let’s examine the different types of malware and how they work.

7 Common Types of Malicious Code

Malware comes in multitudinous classifications, each with its own application area and focus. Yes, even hackers have their respective modus operandi.

1. Worms

Worms are perfectly capable of self-replicating and self-spreading, infecting one computer to the next without end-user action. Once this malicious code infiltrates your system, it can grow its depredation throughout the entire network, from device to device.

2. Viruses

Another code that can clone itself depending on the infection method, viruses bind themselves to a legitimate program for execution. These harmful codes travel via file downloads or documents and can modify host files.

Subsequently, the virus could damage the application’s core functionality, disable access to users, and corrupt precious data.

3. Trojans

Trojan horses are decoy files that appear legitimate to deceive users of their malicious payloads, usually carrying viruses, backdoors, ransomware, or other codes. This threat requires user action to download a program or file to execute, then inconspicuously breaching your computer systems’ security.

4. Ransomware

This form of malware usually comes as an email attachment or a malicious website. When an unsuspecting victim downloads it, ransomware encrypts files on the user’s machine or across the network infrastructure.

Then, a popup display threatens to hold the data “hostage” and restricts access until a ransom is paid.

5. Spyware

As its name suggests, this malware spies on your devices’ activities, discretely gather sensitive information and transmit it to a third party without your consent. A common type of spyware is a keylogger, which tracks your keystrokes and subsequently sends your login credentials to the hacker.

6. Rootkits

A rootkit infiltrates a target system while granting the attacker access to sensitive data. This customisable malware can even modify system configurations with the victim unaware of its presence.

Perpetrators primarily deploy rootkits through social engineering attacks, such as phishing emails, gaining unauthorised access upon installation. Rootkits can even undermine anti-malware software and evade detection.

7. Adware

Do you remember the early days of free software that had popup ads? Adware was born in the same era, displaying nefarious ads in an unsecured web browser to infect devices.


Detecting Malware

Aside from malware detection tools, there are several ways you can identify malicious code in your system. If you come across any of the following indications, ensure to perform a comprehensive diagnosis.

  • Performance problems: If your computer systems often crash, slow down, or fail to perform essential functions, it could be malware.
  • Strange behaviour: Your computer is doing things without your initiation. For instance, an unknown force is rendering changes to your files or sending emails from your account. That unknown force is most likely malware.
  • Suspicious activities: Your internet traffic may suddenly increase, or mysterious files appear on your hard disk.

Removing Malware

There are ways to remove dangerous code if you realise you’ve been the target of malware. Accordingly, you could engage a tech expert to remove malware from your system manually or try some of these techniques:

  • Perform a complete scan on your device and use an antivirus solution for removal.
  • Uninstall any vulnerable software and download the latest version with tighter security updates.
  • Delete any suspicious files and clear the cache on your browser.

Preventing Malware Attacks

Just because you can remove it, doesn’t mean you shouldn’t take measures to prevent it. Here are some proactive steps to take:

  • Install antivirus and anti-malware software with automatic updates, malicious code detection and removal features, and web-browsing security.
  • Don’t neglect routine maintenance to ensure your systems, plug-ins, and critical software are always updated.
  • Practice secure browsing when it comes to unnatural URL links and attachments.
  • Exercise caution when using public data connections from WiFi hotspots that don’t require authentication. Attackers sometimes exploit public networks to deliver malicious code.
  • Utilise data backups to safeguard critical applications and data, thus ensuring 24/7 access and recovery.

Aegis Data Backup Solution provides foolproof cloud backup and disaster recovery services to empower businesses in the fight against malware. Moreover, clients can take advantage of our recent promotions on cloud DR, endpoint backup, and Office 365 backup.


The need for endpoint security isn’t going away

Although it was merely three short years ago, it seems like a distant time when organisations only operated from offices. Now, we can conduct business from our dining table or even without leaving our beds.

The world is slowly reinstating itself and learning to live with the pandemic and its concomitant work adjustments. Suffice to say; remote work will be an indefinite trend.

Whether you favour working from home or not, one thing’s for sure: the implications for endpoint security and data recovery cannot be ignored.

Remote Working as the New Normal

Global tech moguls are paving the way for remote working in the new business landscape, prompting other companies to follow. A prime example is Mark Zuckerberg allowing at least half of Facebook employees to switch to remote work permanently.

Many startups are also adopting the WFH model, with 70% of emerging venture-based companies allowing employees to keep working remotely even after offices reopen.

The same goes for Malaysian organisations returning to the workplace — workers only have to come into offices if necessary. For instance, employees can complete tasks they cannot perform from home in the office.

As a result, work productivity has either stayed the same or improved due to the WFH model. Moreover, leaders found that they could invest less in physical offices and redirect spending to more tactical pursuits.

With these newfound benefits, the remote work world’s advent is just the beginning.

The Inevitable Escalation of Ransomware

Unfortunately, there is evil where there is good. It’s not that ransomware was never a problem, but attacks have increased exponentially since WFH activities started.

Ransomware criminals would encrypt a company’s data, leading to a halt in IT infrastructure and operations. They then demand a ransom from the victimised entity to decrypt the data.

This form of cyberattack happens at an alarming rate. More specifically, once every 14 seconds, and that time keeps reducing.

The global health crisis has presented more opportunities for cybercriminals to commit ransomware, which can be highly costly for you. Plus, every minute you can’t access corporate data means revenue losses and damaged reputation.

You may be safer at home, but your data and endpoint devices are not. As uncertainties continue to loom, this is not the time to let your guard down regarding endpoint security.

Readying Yourself with Endpoint Security

Businesses are constantly confronted with how to reliably back up their data regardless of where employees work and what endpoint devices they use. After all, it will only be a matter of time before you experience endpoint data loss or corruption.

So long as your organisation maintains a remote workforce, ransomware and malware will always be a threat. Thus, there’s no time like now to revisit your data backup and recovery strategy.

It’s essential to note that endpoint security is more than the tools you deploy — it’s about planning for disaster recovery.

Secure Endpoint Security for Distributed Workforces

The Need for Endpoint Security

Aegis Cloud Endpoint Backup (CEB) offers absolute data protection for businesses catering to remote work. With an automated backup solution, organisations can ensure all workers’ endpoint devices — laptops, mobile phones, etc. — are safeguarded against ransomware.

While managing WFH operations can be difficult, Aegis CEB provides straightforward deployment with centralised management. This means that companies can simplify their IT administration and remotely create and deploy backup policies.

Furthermore, Aegis CEB helps companies prevent and remedy endpoint device loss or theft with geo-tracking and remote wipe features. On top of remote data wipes, corporations can enact incremental restores for only new or changed files.

Protect Endpoint Data Wherever It Goes

In the world of changing work approaches, inaction could be a threat in itself. Implementing endpoint security may seem like a hassle, but it’s no longer an option.

The good thing about Aegis CEB is its silent installation to endpoint devices, allowing administrators to automate the deployment of remote backup agents. Backed up data would reside in Malaysia per data backup compliance policies.

Additionally, Aegis provides unlimited disaster recovery resources and granular monitoring for any issues that may arise in the WFH environment. Find out more about Aegis Cloud Endpoint Backup (CEB) or explore some features of Aegis that help combat ransomware.


Spoiler Alert! New Technologies Have Negative Impacts on Information Security

The evolution of new technology is exciting, but the growing threats to information security — not so much. Information security, or InfoSec, refers to your company’s tools and processes to protect digital and analogue information.

It safeguards sensitive data against unauthorised activities, such as inspection, modification, and disruption. If client details, financial data and intellectual property are compromised from tampering or deletion, the consequences could be irrevocable.

There are varying types of InfoSec implementation, including:

  • Application security
  • Cloud security
  • Incident response
  • Vulnerability management
  • Disaster recovery

Information Security vs Cybersecurity

People often use the two terms interchangeably, and although they are both security strategies, cybersecurity and information security cover different objectives and scopes.

Cybersecurity involves protecting raw data primarily from internet-based threats, a subcategory of InfoSec if you will. Meanwhile, information security covers a broader range, from data encryption and endpoint security to infrastructure and networks containing corporate information.

It is related to information assurance, protecting information from non-human-based threats, like natural disasters and server failures.

Common InfoSec Threats

The current digital climate, while impressive, has given rise to more risks that will affect your company’s information security. Some of the top threats to look out for are as follows:

1. Unsecured Systems

The speed at which technologies are advancing imperils security measures more than you’d think. At other times, legacy systems developed without security in mind may remain in operation.

Hence, companies must diagnose these faulty systems to properly mitigate potential threats. Ensure your security team does so by patching, decommissioning, or isolating them.

2. Social Media Breaches

Social media sites are a hacker’s hunting ground for obtaining personal information. Whether we mean to or not, we do share quite a lot about ourselves on these platforms.

Attackers can easily breach social media security, spreading malware through direct messaging. Or, they might use the information displayed on these sites to analyse organisational vulnerabilities and plan an attack.

Social Media Breaches
3. Social Engineering Attacks

Social engineering weaponises psychological stratagems to trick users into divulging private information or providing access to the attacker. Spear phishing is a common form of social engineering often executed through email.

For example, hackers may target an employee within an organisation by sending an email appearing to be from a colleague. They could then steal personal information or company secrets disguised as a trustworthy source.

And yes, technology is progressive enough for attackers to do this, causing a significant information security risk. Thus, it’s important to raise awareness of social engineering and its dangers and train users to identify these messages.

4. Lack of Encryption

Encryption is the key to data security, encoding data that only authorised users can decode. It is especially vital for avoiding data loss or prevention due to lost or stolen equipment or even cyberattacks.

However, it is a complex process lacking legal obligations regarding proper implementation. Although organisations used to overlook this security measure, more and more are increasingly adopting it through cloud services that support encryption. 

5. Insider Threats

The ones responsible for insider threats are, sad to say, your company’s employees. Vulnerabilities like these could be accidental or intentional, wherein attackers misuse “legitimate” privileges to access confidential information.

With accidental threats, individuals may unintentionally expose business information, download malware, or experience identity theft. Conversely, intentional threats may see insiders damaging, leaking, or stealing sensitive information on purpose for personal gain. 

6. Security Misconfiguration

In this modern age, it’s safe to say that companies use numerous technological platforms and tools. More specifically, web applications, Software-as-a-Service (SaaS) applications, databases, etc.

While cloud services usually have security features in place, these tools must undergo configuration by the organisation. Security misconfiguration resulting from negligence or human error can lead to a breach in security.

Luckily, you can mitigate such risks by engaging a third-party provider that continuously monitors IT systems and identifies information security gaps. With over a decade of experience up its sleeve, Aegis offers complete managed data protection and cloud disaster recovery services.

We ensure proactive monitoring and support all year round with unlimited disaster recovery resources and certified DR drills.


Reality Check: Time to ask these hard questions to your current Backup / DR provider

At a certain point, you may be compelled to ask yourself: have I settled for mediocre IT support? Outsourcing your IT management means transferring the responsibilities of monitoring, maintaining, and securing your network to a third party.

Therefore, it only makes sense to wonder if you are receiving the grade of service you deserve. You can start by hitting your cloud provider with the right questions:

4 Hard Questions to Ask Your Backup / Disaster Recovery Provider

1. How does your backup provider deal with downtime?

Downtime is a business’s worst nightmare. While the fix is costly, other aspects are at stake — client trust diminishes, and revenue plummets.

Perhaps the most predominant cost of downtime is the halt in operations and productivity. When an IT system disruption occurs, employees can no longer complete their tasks, and business expenses don’t automatically come to a standstill.

Prolonged downtime could shut your entire business down, making it imperative for your backup provider to detect and resolve any system issues before this happens. 

2. Does your backup provider offer industry-specific expertise?

If you get the impression that your IT support’s knowledge of technology is as broad as your own, move on. Another bad sign is when your provider sends the most novice technician to deliver primary and generic services.

In any case, your backup and DR provider should have a stellar understanding of your needs. They should help make your work easier and more effective, whether it’s streamlining tasks or increasing productivity.

They can deliver the best tools and solutions to ensure an excellent return for your investment with all this in mind. Remember: you’re paying for an expert, and the right hire should possess the skills and knowledge that you don’t have.

Does your backup provider offer industry-specific expertise
3. Is your backup provider quick to respond to support requests?

It is essential to learn about your provider’s guaranteed response time and timeliness in handling real-life support calls. Try to ask for testimonials or case studies depicting how they respond to clients’ needs, as well as the results.

Moreover, you should discover their process of receiving, tracking, and following through on these requests. Do they have a support email address? An online ticket system?

Maybe you would prefer if they had a 24/7 Help Desk, like Aegis. Either way, get all the details on how their support requests work because you’ll want to know.

4. Does your backup provider offer strategic consulting?

The main benefit of outsourcing is that you can divert your full attention to your work without worrying about IT. Hence, you should be receiving professional guidance and consultation on the best solutions for your business to ensure lengthy success.

Technology is constantly advancing, and your company must keep up accordingly. Your backup and DR provider should have the capacity to offer the latest innovations and technological applications like the cloud.

Cloud technology allows you to minimise hardware use, increase scalability, and grant access to your data anytime, anywhere. When implemented and supported correctly, your company can go a long way.

As a cloud backup and disaster recovery service provider, Aegis delivers innovation, flexibility, and cost-effectiveness to guarantee successful backup and disaster recovery implementation.

Aegis is an industry veteran regarding all cloud backup and disaster recovery needs, providing fully managed services. Find out more about our DR service model equipped with unlimited cloud resources to manage corporate data and IT systems.


Understanding RPO and RTO to Better Strategise Disaster Recovery

Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are the two imperative metrics of disaster recovery. These parameters are the basis on which your data protection plan rests, allowing you to determine the recovery time limits, frequency of backups, and recovery procedures necessary.

It is vital to analyse each objective — their roles, cost implications, and computing — to achieve optimal results from your strategy. A viable recovery solution should enable you to resume business processes in a timeframe at the RPO and RTO.

At first sight, these concepts might seem similar, but there are crucial differences to consider here. This article will cover the differences between them to prepare you for sure-fire strategising.

What is RPO in Cloud Data Protection?

Recovery Point Objective (RPO) measures the maximum data quantity your business can “tolerate” to lose during a disruption. Besides that, it helps you measure the time interval between the last backup and a disaster before your business continuity plan is affected.

This objective is beneficial regarding data backup and recovery activities and how frequent you should perform backups. Because even if your backups are up-to-the-moment, you will likely lose some data during a disaster.

Example: Let’s say you back up data once daily at midnight, and your RPO is 24 hours. If a disaster occurs at 8 am, you would lose 8 hours of data but still be in the clear. However, RPOs with low values, i.e. one minute, would require constant replicating critical files to keep backup data as current as possible. 

What is RTO in Cloud Data Protection?

Recovery Time Objective (RTO) defines the amount of time it takes to restore IT infrastructures and services following the disruption. In other words, it begs the question of “How much time will pass before the affected data and systems are fully operational again?”

RTO is essential in ensuring business continuity, allocating a specific timeframe in which your business should bounce back after disasters. Several factors come into play when calculating RTO to return to business-as-usual (BAU):

  • The cost per hour of outage.
  • Available budget and resources. 
  • Priority/importance of critical files, databases, and systems.
  • Actions needed to recover, i.e. replacing damaged components, restoring and testing, etc.

The relationship between RPO and RTO is inverse, meaning that the shorter your allocated time for recovery, the higher recovery costs will be, and vice versa.

The relationship between RPO and RTO

Differences Between RPO and RTO

With the definitions out of the way, let’s discuss the key differences between these business metrics:

  • Assessment basis
    • While RPO only looks at data and how often backups should occur, RTO reflects the entirety of your business needs. RTO covers your company’s overall IT needs, including how long your business can survive without a break in continuity during disruptions to IT infrastructures and services.
  • Cost relevance
    • Usually, the costs associated with sustaining your RTO would be greater than those regarding your RPO. And understandably so, because RTO involves not only your corporate data but the entire IT infrastructure.
  • Ease of calculation
    • RPO is relatively easier to implement, considering that data usage is consistent and has fewer variables. On the other hand, recovery time affects business operations rather than solely data, entailing more complications.

Recovery time also depends on uncontrollable factors like the time of day the disaster strikes. Therefore, it is advisable to have professional administrators who thoroughly understand different restore types, and their recovery speeds to determine RTO values appropriately.

Tips to Upgrade and Achieve RPOs and RTOs

Firstly, IT administrators must have a good idea of what disastrous events could befall a company’s IT infrastructure. Only then can you properly analyse the two metrics and identify possible vulnerabilities.

Below are some valuable tips for planning your RPO and RTO in 2022:

1. Check if your cloud backup provider has a flexible feature set.

If you’re going to outsource, find a resilient backup solution with multiple copies of your data and unlimited retention. Retention policies aside, it’s also wise to increase the snapshots of mission-critical data.

Make sure your backup provider can cater to switching or utilising multiple backup software without any additional cost, providing workability of backup software across a heterogeneous platform.

2. Watch your budget.

Retaining more snapshots and data copies will require more storage capacity, leading to more expenditures. Thus, it’s in your best interest to employ a backup solution that guarantees zero capital expenditure, such as Aegis’ services.

3. Never neglect the 4-3-2 backup rule

Always have versions of your data stored in a different medium of storage and other offsite locations to ensure multiple copies of backup data availability and continued access during disruptions.

4. Update your disaster recovery plan.

Be sure to adopt your disaster recovery strategy according to the changing business landscapes, such as new WFH policies. Furthermore, don’t forget to consider the specifics of decentralised data backups.

5. Ensure continuous testing.

Without constantly testing your disaster recovery plan, you can never be confident that it works. Having frequent DR drills can expose gaps in your DR plan and help you fine-tune it accordingly to prevent failures when a disaster does happen.

The best practice is to look for a disaster recovery provider that provides complimentary unlimited DR drills in a year, accompanied by complimentary DR seats available for customers to utilise during DR drills or actual DR declaration.

That said, feel free to learn more about Aegis’ comprehensive cloud backup and disaster recovery solutions.


Keeping Up with Microsoft 365 data protection

Microsoft 365 is perhaps the most widely used service in the business sphere. New features and functionalities are constantly popping up to help streamline user workflow and productivity. 

Now, Microsoft Teams has entered the chat. It aims to serve as an enterprise communication tool containing everything you need to conduct business on a singular platform. 

However, these new features bring with them uncertainty for your company. You have more data to manage than ever, potentially resulting in data storage and compliance issues.

Many organisations moved to Microsoft Teams in a flurry for remote work but were still oblivious to the need for Office 365 data protection strategies in their virtual workspace. Before basking in the flexibility of Microsoft services, companies must contemplate their plans for data loss prevention.

Here’s why backing up data on Microsoft applications is so important and the key characteristics your third-party data security and management solution should have.

Protecting Microsoft 365 Data

Whether it’s Teams, SharePoint, OneDrive or Email, there are a couple of things to note about data protection:

1. It’s your responsibility.

Microsoft may provide service infrastructure uptime, but the responsibility for your data is on you. There is no guarantee of data protection or recovery in the event of a loss. So if their server is down or gets wiped, you will no longer have access to corporate data kept on Microsoft applications. 

2. Protecting & managing data is complex.

Did you know that new changes to the Microsoft infrastructure make it more complicated to back up data? Data protection and management can be challenging since the software distributes your data across various locations. 

3. Insider threats can happen.

Straight from the horse’s mouth, 53% of organisations were victims of insider attacks in 2019 alone. Besides that, human errors such as unintentional overwrite and deletions also render data at risk. Microsoft services are not exempt from these data loss occurrences, which is cause for concern because this is where users access business data regularly. 

If recovery through Microsoft is still feasible, it could be incredibly time-consuming and expensive. 

4. Two copies do not suffice.

Implementing the 3-2-1 rule is a smart move for your data backup and recovery plan. This entails storing two copies of data in different locations while stowing the third copy to an independent, offsite location.

When it comes to Teams, you’d automatically have two sets of data stored separately. Entrusting a cloud backup provider with your third copy would be a good next step, especially if your Microsoft production data is lost or corrupted.

5. Losing data is expensive.

Your business may not experience a company-wide data loss catastrophe, but data “unavailability” issues are highly plausible. The cause infinitely varies, which is why organisations must ensure protection and recovery should the situation unfold.

It’s no secret that data availability is essential for day-to-day operations, and data loss could cost you valuable time and money.  

Losing data is expensive

Engaging a Third-Party Cloud Provider

That said, it comes time to evaluate the right contenders for cloud-based data backup and recovery services. A few things to consider include:

  1. Centralised data management: Select one location for storage of all SaaS data to enable efficiency and convenience.
  2. Simple integration: Implement a comprehensive solution that is easy to deploy, use, and run every day without capital expenditure.
  3. Scale for posterity: Understand how your provider can continue to grow and guarantee protection for Office 365 data in the future.
  4. Security & data accessibility: Your business’s data protection strategy should ensure unlimited access to an offsite copy of your Microsoft data 24/7.
  5. Compliance factors: Meet all legal and compliance requirements with Office 365 backup.
  6. Predictability in pricing: The best solution should offer extensive cloud service protection for various SaaS applications with upfront pricing. Otherwise, you might find some costly surprises as your data storage grows.

Aegis Cloud Office 365 Backup (COB) provides all-inclusive data protection and restoration of Microsoft data, including SharePoint, OneDrive, Email and Teams. Learn more about our backup and disaster recovery services.


Scammer Check: An Expert Guide to Avoiding Online Security Threats

Internet fraud manifests in many forms, and it wouldn’t hurt to have a scammer check. Cyber thieves are still alive and kicking, often using email tricks for financial information, pop-ups that infect your computer with malware—even resorting to catfishing to forge fake romantic relationships.

In the last five years, the FBI Internet Crime Report tallied a total of $13.3 billion in reported losses. Although anyone can fall victim to online scams, older adults stand at higher risk as they have more to lose.

These numbers are frightful, but unplugging from the internet is likely not a viable option in this modern world. So, how can you reduce exposure to cybersecurity threats and stay safe online? This scammer check serves to take you through the optics of common internet scams and how you can avoid them.

What are Internet Scams?

Cybercriminals prey on their victims using online services or software, attempting to obtain financial or personal information through email accounts, social media, dating apps, etc. In the end, the successful crime results in the victim losing substantial amounts of money or not receiving promised funds.

Rise in Internet Scams since COVID-19

Unfortunately, the global pandemic has brought forth more fraudulent cases on the scene. Find out how COVID-19 impacted data protection for many businesses or read about the latest online scams below:

Rise in Internet Scams since COVID-19

Types of Internet Scams

These days, scammers are getting creative with ways to defraud victims through the internet. The first step in protecting yourself would be to recognise these methods.

Social Media Scams & Impersonation

Social networking sites are the motherlode of valuable personal information. Aside from aesthetic pictures, social media is also filled with fake posts about COVID-19 and fake accounts.

Take Facebook and Instagram, for instance. Fraudsters tend to copy a real account’s name, profile picture, posts and so on, creating a second identical account. Then, they target the original account’s friend list, sending follow requests to gain access to their profiles.

  • Scammer check: One might dismiss cloned accounts as a scam, considering the number of secondary accounts by the same person. However, it’s best to contact your friend directly if you get any suspicious friend requests. Ensure to report these accounts to Facebook or Instagram.
Coronavirus Emails

The deadly virus has affected us in various ways, including posing a threat to our online security. There have been emerging scams with false claims of cures, tests and vaccinations for sale, even going as far as to offer dirt-cheap deals on toilet paper.

  • Scammer check: Receiving emails full of links to great deals or vaccinations from unknown senders are never a good sign. Some may claim to be an “official” source but keep in mind that vaccination notifications don’t come in emails. Instead, head directly to official websites, such as WHO or CDC, to acquire factual information and news.
Quick-Money Promise

You’ve likely seen this scam everywhere. It could begin from a simple phone call, email, or LinkedIn message, endorsing a job that requires little effort for fast cash. As much as we want it to, the world doesn’t work that way.

Typically, these scammers would target those looking for new or WFH jobs. Once you secure the job, they’ll require you to fill up personal details like bank information, address, etc. But rather than receiving a pay cheque, you’ll be handing over entry to your financial accounts.

  • Scammer check: When a job position appears too good to be true, it probably is. Therefore, it’s best to stick to reputable sites during job hunts and do thorough research on the employer.
Online Romance Scams

Cyber thieves love preying on the vulnerable, and that includes people looking for love online.

First, they’ll start a conversation with an unsuspecting individual, establishing a romantic relationship. Gaining the victim’s trust, they might start asking for money, insisting that it’s for an emergency or for flying out to visit the victim.

  • Scammer check: It’s a red flag if your online partner never fails to produce excuses for why you can’t meet in person. Never allow access to your private financial accounts or transfer money to an internet stranger.
Malware Scams

Malicious software presents itself in deceptive ways: pop-up security warnings, links to news articles, phishing emails, etc. The perpetrator might scare their victim with pop-up warnings of virus infection, directing them to download fake antivirus software.

Clicking these embedded links will trigger malware installation, allowing the software to take control of your device, scan your private information, perhaps even destroy your files.

  • Scammer check: Such scams can look like legitimate messages from well-known computer security providers. Avoid clicking on any links, opening attachments, or even replying to the message.
Malware Scams - Scammer check

How to Avoid Online Security Threats

1. File a Complaint

If you’ve been scammed in Malaysia, gather all pertinent details regarding the incident and file a complaint to MCMC. Analysts will review your complaint, proceeding with an investigation to the appropriate law enforcement or regulatory agencies. Hopefully, you can pursue legal action against the perpetrator.

Also, familiarise yourself with widespread frauds, so you and your loved ones can identify them before the downfall.

2. Avoid Responding to Unsolicited Calls or Emails

Don’t offer up personal or financial information if you get a suspicious call or email from a supposed “tech expert”. Keep in mind to always ask for proof of identity about the company before proceeding any further.

3. Install Antivirus Software

Security software is specifically designed to prevent malware and ransomware from embedding on your computer. It works by removing any detected malicious code, such as a virus or worm.

Consequently, if you do click on a dangerous link, the software can safeguard your files against threats. Of course, be sure only to entrust your data with official vendors.

4. Always Back Up Data

Businesses should make regular copies of corporate data to a secondary site or cloud storage, lest they lose vital data in a cyberattack. Never rely solely on home networks, as they are not the most secure.

Moreover, it’s also important to back up critical data on all endpoint devices, including laptops, tablets and smartphones.

Aegis is a leading cloud backup and disaster recovery service provider in Malaysia, offering reliable and cost-effective cloud backup and disaster recovery solutions. Our services include Endpoint Data Protection that guarantees the safety of remote users’ data, and complimentary unlimited Disaster Recovery resources for business continuity. 


Key Aegis Features You’ll Need to Beat Ransomware

Ransomware. The bane of all cybersecurity teams’ existence.

To this day, this imminent threat continues to instil headaches, financial losses, and irksome disruptions to business operations. Ransomware is the ultimate devil of all malware, severely unleashing chaos on operations and making it challenging to recover.

Ransomware restricts access to your corporate data, subsequently halting IT operations and all their reliant systems. But of course, there are effective strategies to enforce protection, such as a disaster recovery solution. A DR plan can help organisations recover their data and get them back online as fast as possible to avoid prolonged downtime.

Key Aegis Features You’ll Need to Beat Ransomware

Aegis is a trusted cloud backup and DR provider that aids organisations in ransomware resilience. With Aegis, businesses can prevent the disastrous ramifications from ransomware attacks with data protection and recover quickly to meet their recovery time objective (RTO) and recovery point objective (RPO).

Here are some crucial features that will not only help you recover from an attack but also strengthen your IT systems and backups for early preparation against ransomware:

1. Recover data in a matter of seconds

Aegis’ data protection services utilise cloud hosting and hourly virtual machine (VM) to replicate enterprise data to a secondary site, ensuring data resiliency and safeguarded software. By leveraging cloud computing and unlimited disaster recovery resources, clients can access instant restores for any workloads and reduce the impact of ransomware attacks.

2. Resume operations as soon as possible

When ransomware hits, response time is first on the damage control list. One must act fast to stop the spread of encryption across business networks to avoid further disruptions to applications and data. Aegis provides disaster recovery services in accordance with your RTO and necessary premises, minimising downtime to ensure business continuity. With Aegis 1Price-Any-Technologies (1PAT), we can cater to different RTO or RPO requirements, guaranteeing the workability of the backup solution.

Resume operations as soon as possible
3. Multiple copies of data for recovery

Did you know that ransomware recovery could be more costly than conceding to the ransom? That’s what most hackers rely on when they infect your systems. This dangerous malware is perfectly capable of attacking local backup copies to prevent recovery.

Therefore, with Aegis’ 4-3-2 Backup rule, Aegis provides clients with multiple backup copies locally and remotely to guarantee uncorrupted data for a speedy recovery with minimal data loss. In turn, implementing recovery on any requisite sites is highly doable.

4. Successful and non-disruptive DR testing

Having a solution in place does not mean you’re done for the entirety of your business. After all, how would you be sure that it works and that you’re 100% secured? Hence, Aegis offers complimentary unlimited DR Drills throughout the year, assisted by dedicated DR professionals to guarantee the success of every drill.

Upon completion, Aegis’ DR Drill team provides clients with updated documentation and consultancy for their business IT needs.

5. On-demand scalability for increased demands

As your organisation grows, you will have more digital assets to protect. Simultaneously, you will need increased performance or capacity that usually requires complex infrastructure, added capital expenditures, maintenance and management.

On that note, Aegis enables on-demand flexibility and scalability to replicate and restore corporate data for different systems. With Aegis Fully Managed Service, clients can expect proactive monitoring, managed services and Aegis DR-As-A-Service (DRaaS) for unlimited complimentary DR resources without capital expenditures.

Final thoughts…

A vital reminder to take away is that ransomware is a threat to every company, regardless of size. Why wait for it to happen to you before deciding it’s time to deploy the right solution for your business? With these robust features from Aegis Cloud Backup and Disaster Recovery, you can have the upper hand.

Need help?