We all have documents, pictures and other digital artifacts that we don’t want to lose. Not only are you at threat from physical threats, like a stolen laptop, fire, floods and disk failures, but you also have to protect yourself from digital threats like viruses, malware, and hackers. Because of this, it is more important than ever to ensure you have a backup strategy in place. If you feel safe because your files are in “the cloud” (iCloud, Dropbox, Box, etc.), you are mistaken. Syncing is not the same as a backup, and I recommend you consider reviewing the 3-2-1 rule of backing up.
The 3-2-1 rule of backups is universally accepted as the recommended guidelines for personal data backup. This 3-2-1 rule is also recommended by the US-CERT (United States Computer Emergency Readiness Team), and here it is:
3 – Keep 3 copies of any important file: 1 primary and 2 backups.
2 – Keep the files on 2 different media types to protect against different types of hazards.
1 – Store 1 copy offsite (e.g., outside your home or business facility).
So let’s dive a little deeper into what it means to have three copies of every file.
The first copy is the primary copy on your computer hard drive that you already have and use today.
The second copy is a backup to a local external device. This external device could be a hard disk, thumb drive, network drive or Apple Time machine. This copy is mainly designed for fast backup and restore. It serves as an alternative to your third backup copy.
The third copy is a backup to an offsite location. This offsite backup will usually be done using a backup or cloud provider of some sort.
All hard drives will fail; it is simply a matter of when. Having that second copy can help you to restore your files very quickly. However, this copy is subject to fire, flood, being stolen and hard disk failure as well. This is why having the third copy, the offsite copy, is so essential for a complete solution. My personal recommendation is to take it a step further and to make your second copy an offline copy, not just a local copy. What I mean is, I recommend you run your backup to your local external device, and then physically disconnect it from your computer or network. Doing that can provide you with additional protection from a hacker who may have gained access to your system and prevent them from wiping out your backup. Additionally, it can help protect you from ransomware, a nasty new malware that encrypts all your data and forces you to pay a ransom to get it back. Ransomware is so effective that the FBI often advises victims to pay the ransom if they need to get their data back. Be proactive and keep a local offline backup. Disconnecting your local backup does create a level of inconvenience. However, plugging in your external hard drive and triggering a backup once a month and then unplugging it, really isn’t that much work. If you have a physical safe, I recommend storing your offline backup in it when not actively backing it up. Doing so can help protect it from theft and reduce fire/flood damage depending on the safe you own. [TODO: link safe recommendations]
iCloud, Dropbox, box are for syncing and syncing is not the same as a backup. Syncing services can be significantly more expensive to use to backup all your data when compared to backup service providers. Syncing services also lack finer grade controls over encryption and security of your files. There are good reasons to use syncing services but do not rely on them as your sole backup strategy. Sync providers may not provide versioning or deleted file recovery in same cases as well. As a reminder, ensure you have two-factor authentication enabled on your sync/cloud service provider.
Here is an example of the dangers of relying only on something like iCloud. If a hacker were to gain access to your iCloud account, they could delete all the files on your iCloud Drive. More importantly, they could then use the iCloud control panel to trigger your devices to reset and erase all their data. This attack scenario actually happened to a reporter who failed to use the 3-2-1 backup strategy.
Encryption…are you using it? Ensure your computers hard drive is using encryption. Also, ensure your second local copy of your data is encrypted. This way if your computer or your external hard drive is stolen, someone can’t gain access to all your data. And of course, you want your third copy, the online/offsite/remote/cloud backup, encrypted as well. Now every reputable sync and backup service will encrypt your data, but there is something crucial to point out here. There is a difference between them encrypting your data for you where they know your encryption key/passphrase and one where they cannot even view or recover your data for you if you forget your passphrase. Syncing services almost never allow you to encrypt your data with your own key, but good backup services will. Using your own encryption key cane provide an additional level of protection to your data. However, it can be disastrous if you lose your first and second copy of your data, and you cannot remember the passphrase used to encrypt your backup. There is no “forgot password” feature when you use your own key.
There are a couple of backup services I recommend for your offsite backup. First is Backblaze. Backblaze costs less than $5 per month for unlimited storage. They support two-factor authentication and allow you to use your own private key if you prefer the additional security. You can also backup external hard drives connected to your computer. I highly recommend you consider them.
Crashplan is my second recommendation. They also support two-factor authentication, private key, unlimited backup and external hard drive backup. Crashplan can also help you with your second copy, the local onsite backup, of your data to an external hard disk. If you wish to use CrashPlan’s cloud, it will run you about $10 per month which makes Backblaze a more attractive option.
Lastly, if you are a do-it-yourself person, you might consider using Arq. Arq allows you to generate encrypted backups and store them on one of numerous cloud providers. However, I have found from personal experience that a solution like Backblaze is better in most ways and worth the $5 monthly.