Maybe you’re like me and you use Duplicati to target cloud and local storage for backups.

However, you attempted to login to Duplicati through the interactive stub in the Systems Tray and attempted to login, only to receive a cryptic error: Failed to Get Nonce.

The error indicates that the browser is using a cached version of the login page. The nonce system was used up until 2.0.8.1, but is not used in 2.1.0.1+. It should be easy to resolve with a forced reload (Shift+F5) in Chrome, or, dump the cache. Try again.

But let’s say you’re still experiencing the problem and can’t login to your localhost:8200 (http://localhost:8200/ngax/index.html). Drop to DOS with an elevated command prompt and try this command:

"C:\Program Files\Duplicati 2\Duplicati.Server.exe" --webservice-password=1234 --server-datafolder "C:\Windows\System32\config\systemprofile\AppData\Local\Duplicati"

Then try to login to the localhost:8200 with 1234. You can change the password again once you’re in.

But let’s say you’re still encountering problems with its access token, and you’ve got the Windows service for Duplicati loaded. Try this:

1. Clear/preserve your Application Log in Event Viewer.

2. Go into services.msc and stop the Duplicati Server service.

3. Start the Duplicati Server service.

4. Go into the Application Log.

5. You might see events entered by Duplicati that it was unable to start the 8200 instance because of a problem with its keys. It will provide a link to reset those keys within the event details.

6. Click on that and you’ll be walked through a reset.

Now, maybe you’re playing with multiple instances. Look closely. If you accessed Duplicati’s web-based UI from the stub, you might be in the localhost:8300 instance of Duplicati. Yes, confusing; the Windows Service, by default, only works against the 8200 instance, so if you ever wondered why your backups configured in the 8300 instance aren’t automated and working — that’s why. So how do you fix that? Try this:

1. Access the 8300 instance.

2. Export your backup configs to a *.json file.

3. Log out of the 8300 instance.

4. Access the 8200 instance using that localhost:8200 command from earlier.

5. Import your backup config.

6. When it runs for the first time, it’ll report a problem with the database. Run the repair option. It’ll rebuild your local database.

7. After, you’ll be ready to run your backups again under the 8200 instance which is processed by the Windows service.

8. Delete the backup in the 8300 instance.

R

You’re a small business.

You handle Personally Identifiable Information (PII) all the time.

You can invest in the best firewalls, encryption tools, and cybersecurity software, but if your employees don’t know how to safeguard PII correctly, your business is still at risk.

In fact, human error is one of the leading causes of data breaches. That’s why employee training isn’t just an IT concern — it’s a business survival strategy.

Why Employee Training Matters

Your employees interact with PII daily: customer names, addresses, payment details, account numbers … if they don’t know how to protect this information, cybercriminals can exploit their mistakes. Phishing emails, weak passwords, misplaced documents, and accidental data sharing are all common pitfalls.

What Should PII Training Cover?

1. Recognizing Phishing Attacks. Employees should be able to spot suspicious emails, links, and attachments designed to steal sensitive data.
   

2. Strong Password Practices. Implement passphrases, multi-factor authentication (MFA), and secure password managers to reduce vulnerabilities.
   

3. Handling Data Securely. Teach employees where and how to store, access, and dispose of PII. Locking down USB drives, shredding documents, and using secure cloud storage are key.
   

4. Social Engineering Awareness. Scammers often impersonate coworkers, IT support, or even customers to gain access to PII. Employees should verify requests before sharing data.
   

5. Incident Reporting. If a breach happens, immediate action is critical. Employees must know who to report to and how to contain the damage.

Behavioral Training: The Human Firewall for Protecting PII

Technical Controls alone can’t keep Personally Identifiable Information (PII) safe. Your employees and their behaviors are the first line of defense against breaches. That’s why behavioral training is just as important as security tools. Small mistakes, like clicking a phishing link or writing down passwords, can expose sensitive data. Teaching employees to think before they act is key to protecting customer and business information.

Key Behavioral Training Areas

1. Phishing and Social Engineering Awareness. Employees need to recognize suspicious emails, fake login pages, and fraudulent phone calls. They should be trained to verify requests, never click unknown links, and report anything suspicious.
   

2. Secure Password Habits. Weak passwords are an open invitation to hackers. Employees should be required to use passphrases instead of simple passwords, enable multi-factor authentication (MFA), and avoid writing down or sharing login credentials.
   

3. The Principle of Least Privilege. Employees should only access the data necessary for their role. Training should emphasize that curiosity isn’t an excuse for looking at sensitive data, and accessing unauthorized information can have serious consequences. Management should craft job descriptions that emphasize least privilege in action: certain levels of employees should only see certain levels of information.
   

4. Safe Data Handling. Employees must understand the risks of leaving documents unattended, storing PII on personal devices, or discussing sensitive information in public places. Shredding physical documents and locking screens when away from a workstation should become second nature.
   

5. Incident Response and Reporting. Employees should not fear repercussions for reporting a security mistake. Encouraging quick reporting of lost devices, phishing attempts, or suspicious activity can prevent bigger breaches. Incident Response is critical. Most states demand a time-frame for reporting data breaches or losses to consumers. Further, without reporting, there can be no corrective action to improve the information system.

The Importance of People

Security isn’t just an IT responsibility, it’s about fostering a company-wide culture to value PII — to treat it with kid-gloves. Behavioral training transforms employees from potential risks into active defenders of your business’s data.

Training isn’t a one-time event. Cyber threats evolve, and your employees need ongoing education to stay ahead. A well-trained team isn’t just your first line of defense. It’s your strongest.

R

Small businesses collect customer data every day: names, email addresses, payment details, and maybe even Social Security numbers. But do you really know what qualifies as Personally Identifiable Information (PII) and, more importantly, how to protect it?

PII is any information that can be used to identify an individual. That includes obvious details like full names, home addresses, and phone numbers, but also less obvious data, like IP addresses, biometric data, and login credentials. If your business stores, processes, or transmits PII, you’re responsible for keeping it secure.

So why does this matter? Because cybercriminals want PII. Stolen personal data can be sold on the dark web, used for identity theft, or exploited in phishing scams. And if your business is the source of a breach, that could mean legal trouble, fines, and — worst of all — a loss of consumer trust.

PII Laws Vary by State—What That Means for Your Small Business

When it comes to PII in the United States, there’s no single national standard for how businesses must protect it. Instead, each U.S. state has its own regulations, creating a patchwork of laws that small businesses need to navigate. If you collect, store, or process PII from customers across multiple states, compliance can get tricky.

Why Do PII Laws Vary by State?

Some states take data privacy very seriously (I’m looking at you, California), while others have looser regulations. The reason? Data privacy isn’t just about security, it’s also a political and economic issue. States balance consumer protection with the business community’s needs, which is why some enforce strict mandates while others rely on general consumer protection laws.

For example:

• California (CCPA/CPRA) is one of the strictest PII regulatory frameworks requiring businesses to disclose data collection practices and allowing consumers to opt out of data sales.
  

• New York (SHIELD Act) mandates "reasonable" security measures, even for businesses outside New York that handle New Yorkers’ data.
  

• Texas and Florida have evolving data breach notification laws but fewer proactive consumer rights like California or New York.
  

• Other States have minimal PII-specific laws, mainly requiring breach notifications.

What This Means for Your Small Business

1. Where Your Customers Live Matters. If you do business across state lines, you must comply with the laws of the states where your customers reside. Being aware of their data breach and consumer protection laws is important.
   

2. You May Need a Privacy Policy. Most states require businesses to publish how they collect, store, and share consumer data.
   

3. Data Breach Reporting is Not Universal. Depending on the state, you might have to report a breach immediately or within a set timeframe, only if a threshold of affected consumers is met. Understanding those requirements and thresholds is central to crafting good policy.
   

4. Non-Compliance Can Get Expensive. Some laws allow consumers to sue businesses for mishandling PII, leading to fines, lawsuits, or reputational damage.

How to Stay Ahead

• Take an Inventory. What is PII? Where is it stored? How is it maintained? Build an awareness with your team about its importance.
  

• Know Your Customers. If you serve Californians, comply with the CCPA. If you have New York clients, follow SHIELD Act rules.
  

• Implement Strong Security. Even if your state has weak PII laws, data breaches hurt your business. Encrypt data, train employees, and enforce access controls.
  

• Stay Updated. PII laws change constantly. Partner with a legal or IT consultant to stay compliant.
  

While federal data privacy laws might eventually unify regulations, small businesses can’t wait—staying informed and proactive is the best defense. Protecting PII isn’t just about compliance — it’s about maintaining trust with your customers. A single breach can undo years of hard work, so take the right steps to keep your customers’ data safe.

R