BeginnerData Protection

Back up data with the 3-2-1 rule and verify restores quarterly

Three copies, two different media types, one offsite. The GitLab database deletion incident had five backup methods — all of which failed, for different reasons. The WannaCry and NotPetya ransomware attacks encrypted backup drives that were mounted to infected systems. Backups that have never been tested for restoration are theoretical, not operational. The GitLab incident demonstrated this: several backup systems that seemed healthy had silently failed months earlier. Test restoration of a full system backup quarterly. Store at least one backup copy offline (not mounted, not accessible over the network) to protect against ransomware.

Tags

3-2-1 backupbackup testingoffline backupransomware recoveryrestore drill

More in Data Protection

All guides
beginnerfeatured

Never store passwords with MD5, SHA-1, or SHA-256 — use bcrypt, scrypt, or Argon2

Password hashing is not encryption — it is a one-way function designed to be slow. MD5 and SHA-1 are fast hash functions designed for checksums, not security. A modern GPU can crack billions of MD5 hashes per second. The RockYou breach exposed 32 million passwords in plaintext; the LinkedIn breach exposed 117 million SHA-1 hashes that were cracked within days. Use bcrypt (minimum cost factor 12), scrypt, or Argon2id — purpose-built password hashing functions with tunable slowness. Bcrypt's use in the Slack breach meant their stolen hashes provided negligible value to the attackers despite the database being fully compromised.

See: RockYou BreachData Protection
intermediate

Encrypt sensitive metadata, not just content — URLs and filenames reveal as much as files

LastPass stored encrypted vault content but kept the URLs of websites in each entry as unencrypted metadata. When their vault database was stolen, attackers immediately had a map of every service each user had an account with — extremely valuable for targeted attacks. Encrypt all metadata associated with sensitive data: not just file contents but filenames, access timestamps, record labels, and category information. In database design, consider whether column names themselves reveal information about the data they contain. End-to-end encrypted systems that leak metadata provide much weaker guarantees than their encryption implies.

See: LastPass BreachData Protection
beginner

Implement Subresource Integrity for all externally hosted JavaScript

Subresource Integrity (SRI) is an HTML attribute that locks a script tag to a specific cryptographic hash of the file — if the CDN serves a modified version, the browser refuses to execute it. The polyfill.io CDN hijack in 2024 served malicious JavaScript to 100,000 websites because none of them had SRI hashes on their polyfill script tags. A single attribute (<script src="..." integrity="sha384-..."> ) would have protected every affected website. Apply SRI hashes to every externally-loaded JavaScript and CSS file. Self-host critical JavaScript dependencies where possible.

See: Polyfill.io CDN HijackData Protection