File shadowing: The key to a swift recovery from USB and file-based attacks

USB devices are undeniably valuable, but they can be dangerous. On one hand, they are useful in transporting enterprise-critical data, but on the other, they can wreak havoc if misplaced, corrupted due to a human or hardware-related error, or stolen. It’s no wonder some companies forbid the use of USB devices altogether.

However, banning USB devices isn’t an ideal solution, as portable storage media is especially helpful for managed users who are on the go, also known as roaming users. These users work from remote locations to carry out important marketing campaigns, support-related activities, or other tasks that often rely on transporting corporate data using USB devices. In instances where sensitive information needs to be transferred out of the organization, IT admins should enforce strict security measures, including making copies of outbound data. This is where file shadowing, also called data mirroring, comes into play.

What is file shadowing and why is it important?

File shadowing is the creation and storage of a copy of any transferred or modified USB content. The resulting shadow copies are typically archived in password-protected share folders. Implementing file shadowing for USB devices is mainly a precautionary measure; however, its importance should not be underestimated. Here’s why: According to a report by the Ponemon Institute, among 400 surveyed companies, on average each had lost lost 12,000 records on missing USB sticks.

Even more alarming is that if the compromised data includes client or employee information, the company responsible might incur significant financial penalties and possibly lawsuits due to non-compliance with privacy regulations. The 2019 Cost of a Data Breach Report explains that the cost per stolen record is $429 on average in the healthcare sector, compared to $210 in the financial sector, or less than half the per record cost.

Keeping these staggering numbers in mind, it’s easy to understand the benefits of having a file shadow policy in place.

  1. By reviewing the share folder with the copied data, the actual content of the stolen files can be identified. This is the first step in a quick and cost-effective recovery, and a crucial one at that, as it enables organizations to assess the damage and construct a precise remediation strategy.
  2. When a network failure caused by malware injection leads to the corruption of the original files, business-critical data frequently accessed by remote users can be restored from the file shadow remote share folder.
  3. Since file details and information about endpoints, users, and devices are documented, impacted users can be warned to change their passwords and encrypt their intellectual property, financial records, or redact their personal data completely. Furthermore, the computer from which the information was transferred can also be doubly secured. All of these steps can prevent further loss.

Implementing file shadowing in your organization can be accomplished simply and effectively using ManageEngine’s Device Control Plus.

Device Control Plus‘ intuitive dashboard, real-time insights, and numerous configurations are designed to ensure easy navigation through all file shadowing processes. Granular settings enable IT admins to create and implement flexible policies. When deployed and enforced, these policies ensure that file shadowing is successfully carried out for all desired devices and endpoints, and that data capacity and network performance needs are addressed. Download a 30-day free trial and get started on securing your data with the file shadow protocol.

** Optrics Inc. is a ManageEngine partner


The original article can be found here:

https://blogs.manageengine.com/corporate/general/2020/04/08/file-shadowing-the-key-to-a-swift-recovery-from-usb-and-file-based-attacks.html

About the Author: Shannon Lewis

Leave a Reply