Quote:
Originally Posted by NullNix
Why would it need to be offsite? Are you postulating some sort of viral ransomware which infects everything on the local net now?
|
Risks are (roughly in order):
- Yourself (accidents). That's why RAID or Clustering isn't a backup ("Arrgh")
- Someone else.
- Lightning (I had a server partially damaged by surge on phone line, it had a modem, but xDSL is a risk). Building need not be hit. Anywhere within 10m to 100m along the entire length of mains cable or phone cable.
- PSU fails and destroys HDD pcbs and Mobo etc. Seen that twice!
- Fire
- Flood
- Malware
- Theft
Some places add earthquake, subsidence, war, government, Police seize all because someone alleges you do child porn (takes months to get it back according to news reports I've read of those cleared).
If you are sensible, don't click on stupid email links & attachments, don't get pawned by a fake free mouse present (works but uses USB HID to install a backdoor), have script blocking on all 3rd party scripts by default in Browser then malware is the lowest risk.
Training is more effective than AV software.
I used to sell IT systems and design security & disaster plans. Using computers since 1980 and never had malware.
Fixed loads of customer self-inflicted damage, HW failures etc.
The HSE Ireland ransomware attack (Irish Hospitals etc) started with one person clicking on an email attachment. They were paying a stupid big company for IT support/advice (see Capita disasters in UK). The infected PC infected almost the entire HSE. No partitioning of LANs, inadequate net share log on security (old LAN Manager security). Twenty Year plus out of date IT procedures. I was doing better IT in 1996.
Companies are only as smart as the smartest person making decisions (who if smart but not expert takes expert advice).