GSuite Back-Up and Recovery

There are users who believe Google Vault is THE solution for G Suite data backup and recovery, but is it?

Firstly, what is Google Vault?

Google Vault is a native GSuite application that allows organizations to archive data, implement retention rules, preserve users by placing legal holds, search the organization’s data using several search operators, review actions of Vault users through audit reports, and also export data for further processing.

Some Google administrators believe that Vault is a “good enough” solution to use for backup and restore, as well as eDiscovery and archiving. While Vault is indeed a good solution for data retention for legal needs, it doesn’t meet the primary criteria for backup and restore, data availability and business continuity. In fact, Google notes that:

“If you delete a user, all the data associated with the user’s account will be removed from Google.”

So, Vault wasn’t designed to perform rapid, granular restores because it’s not a backup solution by definition; however, it can potentially restore lost data in certain situations.

The most important aspect when distinguishing Google Vault from a genuine backup solution is that Google Vault’s main function is to archive and retain data so that it could be easily located in the future.

Intrinsically, backup solutions preserve data integrity by continuously producing a copy that may be replaced if the primary data is compromised. Attempting to use Google Vault for backup purposes will ultimately prove unprofessional because it would be inefficient and unsatisfactory. In any business, data availability is key, so restoring from a backup should be performed as fast as possible.

Does G Suite backup automatically?

Google does back up your GSuite data in order to guarantee that your data remains accessible but in accordance with their own internal backup and disaster recovery plans. However, these backups are not available to admins or end-users and exist just to safeguard Google’s products and services from disasters, accidents etc. Therefore, Google doesn’t protect your business data from intentional or accidental user deletion, programmatic errors, malware, etc.

How long Gmail will keep your emails?

Gmail will retain all emails that reach the inbox indefinitely, as there is no stated policy of deletion upon reaching a certain age. Bottom line, emails can be kept forever unless they are deleted by the user.

Once an email has been deleted, it will reside in the trash folder for a period of 30 days in which a user may recover the email before it is deleted permanently. Similarly, email that is identified as Spam by Gmail will be automatically deleted after a 30-day interval.

Can someone recover permanently deleted emails from Gmail?

GSuite admins may be able to recover the emails by using one of two ways:

  • Emails may be restored from the Admin console within 25 days of deletion. After the 25-day period, the data is removed forever.
  • Mailboxes (including deleted messages) from the past 30 days can be retrieved using the Email Audit API.

After 25-30 days, not even G Suite administrators can recover emails without a viable backup and recovery solution in place.

Get complete protection for your business

Having your GSuite fully backed-up provides a multi-layered approach to security against ransomware, compliance needs such as HIPAA, and advanced recovery features.

Unfortunately, it’s a common misconception among SaaS/Cloud users that doing back-ups isn’t necessary for their data because it already exists in the cloud. As previously mentioned, native GSuite and Office 365 apps don’t protect business data against human error, phishing emails, malware etc. Ransomware attacks, especially in the cloud, are on the rise, and we all know how popular phishing scams have become.

Therefore, you need a dedicated solution to further improve the security of your business data. One that includes:

  • automated backups (at least once a day) that capture point-in-time (PIT) snapshots of each users’ relevant app data, with the option to perform additional backups at any time.
  • unlimited storage space
  • detailed activity log with all administrator and user action records.

SaaS/Cloud providers protect your data from hardware failure, software failure, power outages and natural disasters while StratusPointIT can help protect business data from human error and malicious acts from internal or external sources. As a result, your GSuite data (Mail, Contacts, Calendar, and Drives) will be secure (data encryption both at rest and in transit), easily recoverable, and fully protected.

Microsoft Docs Login Form Phishing Scam: Overview

Phishing e-mail campaigns are used to steal sensitive data such as login information and usually their success depends on a user clicking a link which leads to a phishing website that looks like a regular login page. However, not all phishing campaigns use remote websites as we are about to see.

Scammers continue to surprise us with their methods.

Several email users across the country have recently reported that they received emails that looked like traditional payment notifications phishing with a fairly usual text: “Good day, please find attached a copy of your payment notification.” The HTML attachment (invoice.html or payment.html) it carried turned out to be anything but usual, instead it redirects the browser to a fake login page.

So, when opening the 930 kb file in a regular text editor, right after the first line – <! — Internal Server Error –> there are more than four thousand empty lines followed by a lot of obfuscated JavaScript code (more than 500k characters).

The next step is to load the website in a browser. After opening the file in Firefox, it became obvious why the script was so large. Unlike most other HTML-based phishing attachments, this one didn’t depend on an external fake login page but carried the entire thing within its body.

Although the page was supposed to look like a Microsoft Docs page, the scammers provided a list with multiple valid e-mail providers such as Gmail, Yahoo, AOL, Hotmail, Office365 etc. one could use to “log in”.

The catch for such a scheme to work is to create a page that looks genuine and inspires trust for users to fill in their login information. From our observations, in this particular case, scammers did a pretty good job as the page under examination feels authentic.

 

MS login page

 

After the user supplies an e-mail and a password, the website appears to connect the session to the e-mail server, but actually, it sends a HTTP GET request containing login data specified by the user to a remote web server at hxxp://7l748.l748393.96.lt/.

 

GET request

 

Subsequently, an additional request for a phone number and a recovery e-mail is displayed to the user. When those fields are filled in as well and sent to the same domain as before, although this time using a POST request, the browser is redirected to a low-quality picture of the supposed invoice and right after that the page is redirected again, but this time to either a genuine Microsoft website or to the domain specified in the recovery e-mail supplied by the user.

Sending user’s login information to a server and then redirecting the browser to a legitimate web page is normal behavior for a phishing page. Although, in this case the phishing page not only steals the credentials but also transfers them online without any encryption in plain HTTP to a remote location.

Besides that, what is unusual about this phishing is the fact that the entire phishing page was delivered as an attachment. We believe that this was intended to avoid email security filters and analytics on web proxies. Also, by generating the landing page locally, the attackers reduce the risk that their landing page will be discovered and removed, but whatever the reason was, their M.O. is quite ingenious.

However, this isn’t the first phishing scam with a similar “self-contained” website, but this was the first time we came across such a complex HTML phishing attachment that carried all the scripts and files in one package and didn’t depend on a remote server for anything else than for collecting the stolen credentials.

Finally

At StratusPointIT, we support all our customers by offering them guidance, training and professional IT security features to prevent advanced cyber-attacks such as this one from compromising their systems.

Few Reasons Why 24×7 Network & Server Support Is Mandatory

Imagine what happens if your organization’s network or server(s) suddenly goes down one night? In case you didn’t plan something, there are two scenarios: either incredibly high over-time costs or solving the issue/s during the workday.

Having 24×7 monitoring of your network and server(s) will ensure that your organization can keep working around-the-clock and that every IT issue is solved as it comes up, avoiding a destructive cascade of failures.

Procure an Instant, Experienced Support Team & Save Money

Rather than having to rely on one or two IT employees, a company with a managed IT service solution expanding network, server, and help desk support has immediate access to a qualified, experienced team. Its members will be able to quickly identify the source of the problem and resolve it in a timely manner, so that your organization doesn’t experience substantial business disruption.

A managed IT service solution will free up your IT staff, so that your IT department can focus on more important issues. That means you won’t be paying your IT team overtime, instead, you’ll be able to use their knowledge and experience to optimize the existing infrastructure looking for new technologies to improve business operations.

Businesses today cannot afford downtime

When their IT infrastructures get hit, their internal workflow will stop, and organizations will be unable to deliver their products/services to their waiting clients, losing money and getting their brand affected as a result. Some companies can suffer hits and overcome episodes like these, others can’t.

Technical problems may occur. Hardware/software issues are always a possibility. Of course, not every IT support issue can cause a disaster and not every issue is urgent, but how your IT Help Desk responds is crucial because it can make the difference between a little hiccup and a massive business interruption.

Here are two key reasons why 24×7 network and server support should never be optional.

24×7 Monitoring

People may stop working on nights or over weekends, but systems don’t. Your help desk should be teamed with 24×7 remote monitoring catching little IT issues before they become big ones, in many cases before you’re even aware there’s an issue.

With 24×7 monitoring, there’s a good chance that your help desk will already be aware of the problem you’re experiencing and are actively working to resolve it.

Urgent Issues

This may seem like a costly luxury, but it’s not. The team providing 24×7 monitoring can also provide 24×7 support in much the same way that grocery stores can stay open all night since employees are already there stocking shelves.

Of course, your team may not always be working nights and weekends, but when they are, it’s probably for an important reason. The last thing they need is to be blocked because they can’t get support.

Conclusion

24×7 Network and Server Support is not a luxury, but rather a requirement. A requirement that will avoid hassles and keep your team happy and productive.

Why Businesses Need to Create a Risk Profile to Prevent Cyberattacks

Think about the last time you were afraid of something. Did you approach the situation rationally? If so, you’re in the minority. Most people are terrible at being rational when afraid. And where cybersecurity is concerned, that’s exactly what criminals are counting on. 

In 2018, the Data Science Institute at Columbia found that surgeons under stress tend to make up to 66 percent more mistakes in the operating room. You’re probably wondering what, if anything, this has to do with cybersecurity. A great deal, actually.

It’s proof positive that even medical professionals are prone to error when under extreme stress. The cybersecurity industry is no different.

There’s no shortage of sensationalism around the cybercrime industry. You can’t even turn on the news without hearing about some new and terrible threat facing the digital world. To hear the media tell it, cybersecurity is an industry in a perpetual state of crisis.

A looming talent shortage and overworked employees. Irreducibly complex and sophisticated cyberattacks led by state-sponsored black hats. Unstoppable botnets that can bring the entire Internet to its knees. Powerful tools like ransomware-as-a-service that allow even the least tech-savvy of individuals to execute advanced attacks.

These are all things that are happening, true. And they’re extremely intimidating to think about. If a well-funded black hat organization were to set its sights on your business, there would be little you could do.

The thing is, devastating cyber-incidents like the ones we see so frequently online?  They are not the norm. They’re just what makes headlines.

In actuality, the vast majority of cyber-attacks and data leaks are neither complicated nor targeted. They are shotgun cyberattacks that effectively throw malicious software and attack vectors at the wall to see what sticks. If you don’t want to take my word for it, have a look at the stats below.

What I’m trying to say is that too often, corporate cybersecurity veers to one of two extremes. Either we get sloppy because we think it can’t possibly happen to us, or we become paranoid, terrified at the dangers that exist on the web. Neither is the correct path.

Instead, businesses need to create and analyze their risk profile. They must endeavor to understand their unique organizational workflows, data requirements, and security threats. And perhaps more importantly, they must take a proactive role in both enabling employees and protecting corporate assets.

This is not something that can be done from a place of fear, stress, or paranoia. It needs to be careful, measured, and well planned. It needs to be an organization-wide, multi-departmental approach as well. That way, you don’t have a single group of people shouldering the burden for absolutely everyone.

About the Author:

Tim Mullahy is the Executive Vice President and Managing Director at Liberty Center One, a new breed of data center located in Royal Oak, MI. Tim has a demonstrated history of working in the information technology and services industry.