Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mastodon.green is one of the many independent Mastodon servers you can use to participate in the fediverse.
Plant trees while you use Mastodon. A server originally for people in the EU, but now open for anyone in the world

Administered by:

Server stats:

1.2K
active users

mastodon.green: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#datasecurity

11 posts10 participants1 post today
Public
Registrar Trek

Your IT department is taking care of your database and you don't need to think about backups? In this day and age, perhaps you should learn how to safeguard your valuable collections data.

"Let’s Talk About Data Security – Backups" is the first article in a series of blog posts focusing on data security.

world.museumsprojekte.de/lets-

world.museumsprojekte.deLet’s Talk About Data Security – Backups | Registrar Trek: The Next Generation
More from RegistrarTrek
#backup#DataSecurity#museums
Public *
RegistrarTrek

Let’s Talk About Data Security – Backups

As collections professionals we are trained to think about security. We constantly make sure that nothing gets damaged and lost, may it be in our own storage or while on loan, perhaps traveling from continent to continent for a new exhibition. But when it comes to data security we often rely on our IT departments and database managers. In a changing world we need to add data security to our registrar’s toolkit because if we don’t care about it, perhaps no one will be left to care about it. So, I am planning on writing a series of short articles on that topic.

Now, I am not an IT expert by any means. I am basically pulling together what I have learned over the years, drawing from resources I have at hand, ready to stand corrected and update you if something I wrote could be done better, easier, and/or more secure. I am thinking in this day and age, any guidance and ideas on how to safeguard our intellectual heritage is better than doing nothing at all. Feel free to contribute with your own sources and ideas.

I am starting with what I feel most comfortable writing about: Backups.

How often should I back up my database?

This is a risk analysis: How serious will losing all your data since you backed up the last time be? In some cases, once a week can be sufficient if you are the only person who works with it, you have all your changes tracked in another medium (for example written notes on paper), and you don’t enter more than just a few records a day. But if multiple people enter and change data during the day? Well, once a day seems highly recommendable, then.

What is the difference between full backup and differential backup?

A full backup stores ALL data of your database. A differential backup only records the changes to the last time you did a full backup. Which one to use when is about analyzing the risks associated with it. A database can get compromised without you noticing right away. In this case it is good if you can revert back to a full backup of an earlier stage, before it became corrupted and then try to extract the data that was added at a later stage from the other backups.

What backup method should I choose and how many backups shall I retain?

There are no hard rules and usually it is best to talk to experienced users of the same collections management system and to the vendor about what makes sense in your use case.

My rule of thumb: If I know I am entering more than ten records each day and do a lot of updating of other records, I will go with a differential backup every day and a full backup once a week. I will keep the backup of the last three days and a full backup from each of the previous four weeks.

But this is tailored for the case where only I enter data and nobody else. If you have a lot of people entering data there are more options of something going wrong, therefore you will want to do backups more often. This is of course also a question of how much storage space you can afford, but then again, you have to factor in the costs of losing data and the hours it takes to re-enter it. Do a proper risk analysis for your institution, then set up a fitting backup routine.

Where shall I store my backup?

Storing your database backup on the same computer you took it is as good as having not stored it at all! When your computer is destroyed either physically pr by a virus, you will have lost both your original database AND your backup.

Best practice is to have three instances of your data:

  • the original
  • a backup on site
  • a backup offsite

A cloud storage might be a good idea for the latter. In this day and age, maybe even a cloud storage outside of your own country. That way, if you are forced to delete data from your database (if this sounds like a far-fetched idea, let me remind you of this https://www.theguardian.com/us-news/2025/mar/07/military-images-trump-dei) your data will still be somewhere safe and unchanged.

You can also use an external hard drive that you store somewhere safe, preferably outside of the town or city your original database is situated because if there is a catastrophe in this area, your data might still be safe somewhere else. It has the advantage that you pretty much can control where your data goes and that it can’t be hacked, but the disadvantage is that if something happens to that hard drive, the data is lost.

In comparison, a cloud usually has its own backup routines that make sure that your data is safe. Ask the provider about it. Also ask them about their security measures and what data they share with third parties. Only you should have access to your data, nobody else.

Heads up: Make sure your data is actually backed up!

Just because you have taken a backup doesn’t necessarily mean you have a working backup. Once you have created a backup file, try if you can restore it. Caution: Restore it to a separate space, don’t use it to restore your actual database because you risk damaging a working database with a corrupted backup. Check this regularly and don’t assume that just because you can see a backup file on your drive your data is actually fine.

Final thoughts on when to delete backups

As said before, it is good to retain some backups because not all problems are discovered right away and it might take weeks to discover them. This is about keeping your current data safe and retrievable.

But you also might want to preserve the state of your current research. In the future, you might want to come back and compare how facts were recorded in 2024 and how that changed going forward. Your past records may become sources for future scientists and historians. So, it might be a good idea to take a backup NOW and keep that backup in a safe space for the future.

Next up I will be showing you how to take a backup if you are using TMS or TMS Collections. The way it is done in your software might be different, but perhaps it is a bit similar.

Take a backup now and take care!

Angela

screen shot of MS SQL Server Management Studio highlighting the options "Tasks" and "Back up..."
#backup#collectionsManagement#data
Public
Healthcare IT Security Robot

DATE: April 17, 2025 at 04:57PM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

Lawsuit: #Hospital #Therapist Accessed Nude Breast Photos of 425 Women t.co/cGz8LHiz0l

Here are any URLs found in the article text:

t.co/cGz8LHiz0l

Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

Continued thread
Public *
ASchmeeds

Post 3/6:
3. Massive data exfiltration observed:
10GB+ of sensitive data (union organizers, corp secrets) left secure networks.
Methods included opaque Azure containers, short-lived SAS tokens, and potential Starlink backdoors.
4. System sabotage indicators:
Azure Network Watcher (critical monitoring tool) disabled.
Audit logs deleted.
Conditional access policies weakened without documentation or approval.
#CyberSecurity #DataSecurity #Whistleblower

Public
Healthcare IT Security Robot

DATE: April 16, 2025 at 03:51PM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

Back-Office Service Provider to #Insurance and #Annuity Companies Says Dual Hacks in 2024 Hit 1.6 Million t.co/6H2oKgU91a

Here are any URLs found in the article text:

t.co/6H2oKgU91a

Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

Public
Healthcare IT Security Robot

DATE: April 16, 2025 at 08:45AM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

Is any #healthcare organization immune from #cyberattacks? t.co/8b9QP70w9D

Here are any URLs found in the article text:

t.co/8b9QP70w9D

Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

Public *
John Carlsen 🇺🇸🇳🇱🇪🇺

@Some_Emo_Chick

If only there were some example of how well government back doors work for security technology...

"The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured 'voice and data messages' with a built-in backdoor that was intended to 'allow Federal, State, and local law enforcement officials the ability to decode intercepted voice and data transmissions.' It was intended to be adopted by telecommunications companies for voice transmission. Introduced in 1993, it was entirely defunct by 1996."

en.wikipedia.org/wiki/Clipper_

en.wikipedia.orgClipper chip - Wikipedia
#DataSecurity#InfoSec#DataPrivacy
Public
Healthcare IT Security Robot

DATE: April 12, 2025 at 10:34AM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

A lab that provides medical testing services to #PlannedParenthood clinics in 31 states is notifying 1.6 million patients, workers and others that their sensitive personal and health information was accessed or removed in an October 2024 #hacking incident. t.co/eIrny1OdTa

Here are any URLs found in the article text:

t.co/eIrny1OdTa

Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

Public *
corvusmonedula

Well then, let me give a tip of the hat to another splendid European app @Tutanota The team behind this one is doing a bang-up job, and they deserve a pat on the back. I've personally given their email app a whirl, and they've got a calendar app too. It's the perfect blend of usability, privacy, and security, all without costing an arm and a leg. Absolutely top-notch, and I wholeheartedly recommend giving it a go.
#europeanalternatives #emailapp #privacyprotection #datasecurity #privacyandsecurity #tutanota #tutamail

ExploreLive feeds
About