Welcome to number five in our series of articles discussing Information Security. This time around we’re going to look at how to back-up your data securely while still allowing you to recover the information in the event of a disaster. You may want to read our previous articles here: #1, #2, #3 and #4.
Before we get into the discussion on back-ups and recovery, however, it’s important to understand what qualifies as a disaster. There have been several large scale disasters recently: the Japanese Tsunami, the Haitian Earthquake and flooding in Australia. But disasters don’t have to be large scale – and they don’t have to occur naturally. One dictionary definition of disaster is “a sudden or great misfortune or failure.” So dropping your laptop down the stairs – or your iPhone into the toilet – would qualify as personal disasters.
Regardless of the scope of the disaster, you need to take steps to protect yourself and your business. One of the things that you need to consider is how you’re going to protect client data – and one of the ways you can do that is with a back-up. Back-up options can be grouped into three categories: archives, local back-ups, and online.
Archives are for information that needs to be kept for an extended period of time, regardless of whether or not there’s been a disaster. Generally, archives don’t need to be accessed very frequently – once a year or less – but when they’re needed, they must be available. Archives are generally kept on CDs or DVDs, so they can be read and used quickly. Tax returns are the most common type of information that is archived. You should consider all of the discs that come with your PC or are needed to install a program to be archives. If you happen to have a hard drive fail, you’ll need those discs in order to get the computer running again. (Note that some PCs don’t come with discs, but require that you create them yourself from a program installed on the computer. Don’t skip this step.)
Local back-ups are just what they sound like – a copy that you make and keep locally. External USB or FireWire connected hard drives are the most common types of local back-up media, but Network Attached Storage (NAS) is another option. USB/FireWire drives (such as those from Western Digital, Seagate, or Maxtor) are connected to one computer at a time, and can be moved from machine to machine. Most include software that allows one-touch back-ups, so creating regular back-ups is relatively simple once it’s configured. Mac users can simply use the built-in Time Machine application. One important note on USB/FireWire drives, however, is to only connect them when you’re taking a back-up. That’s not only because Malware will infect any connected device, but also because the device could be damaged by electrical surges. I can tell you from personal experience that you might even accidentally delete information off the wrong drive if you leave it connected.
Another local back-up option is NAS (available from LaCie, Buffalo, and Western Digital, to name a few) – which is similar to the USB/Firewire drives. But rather than connecting to one machine at a time, it’s plugged into your network so that every network-connected computer you have can access it.
Local back-ups are very convenient, but make sure they are not kept with the computer. Many years ago, a large bank in California had a fire in their headquarters. They had a policy that required users to back-up their data onto external drives. However, they discovered that most of their users kept the back-up drives in their desks – which were also destroyed by the fire – so the data couldn’t be restored as they had hoped. While keeping your local back-up in a fireproof safe would solve this particular problem, it does nothing for floods, tornadoes, hurricanes or earthquakes. So if you choose to use a local back-up solution, you may want to consider keeping it in your car or some other location away from your computers.
You could also consider storing all of your critical data on a USB flash drive that you carry with you. Regular flash drives, however, are relatively fragile and can fail. If you’re going to keep it in a pocket or purse, you should consider a rugged USB drive (like the 64GB Flash Survivor from Corsair, which is crush-proof and water resistant to 200M). If you do choose the USB flash drive option, make sure the drive is encrypted using a product like TrueCrypt (or is a device with encryption built-in like IronKey) so it can’t be read if it’s lost or stolen.
Online back-up is sometimes referred to as cloud-based storage. You may have heard about “cloud computing” lately, or seen advertisements about moving “to the cloud.” It’s all the rage in the media today and many companies are capitalizing on it. But it’s really not complicated – the cloud is the Internet, so cloud computing means using the Internet for all of your computer needs. Services like Google Docs or Microsoft Office Live let you create, store, and access all of your information via the Internet. All you need is a computer with a web browser.
Online storage is basically big hard drives “in the cloud” that you can use or rent space on. Your data can’t be seen by any of the other users, and you can’t see theirs. There are two different approaches in the market today: online storage (like Microsoft SkyDrive or Google) and online back-up (like BackBlaze or Carbonite). The difference between the two is that online storage lets you pick which files you want to copy, and lets you access those files from anywhere using a browser. Online back-ups, on the other hand, generally require that you install software on your computer and continuously copy any changes you make on your local hard drive to their storage in the cloud. With an online back-up you must have their software installed in order to access the files.
Regardless of which option works best for you, be careful which provider you choose. During the dot com bubble in the late 90s and early 00s, there were a lot of companies that offered online storage. But most of them went out of business and their assets were sold to the highest bidder, which could have included your data. So make sure that you encrypt any sensitive information that you store on the Internet.
As far the ability to recover your information if it is lost, it will vary depending on the specific back-up method and product that you select. For archives, it’s usually as simple as reading the disc with the applications whose data it contains. Local back-ups can be restored with the same software you used to create the back-up (assuming you archived that software so you could reinstall it). Online back-ups should always be available, and again will depend on the specific vendor.
Finally, keep in mind that not all information is equal. Vacation photos, while nice, will not allow someone to steal your identity (or your client list) – tax returns, e-statements, and customer databases will.
Next time around we’ll wrap up our series on information security by talking about PIN codes and passwords, why they’re important, and offer some tips on creating strong passwords.
John Schaefer is an information security expert with over 20 years of experience in Global 100 corporations. His experience includes application development, network operating systems, network hardware, and security architecture. He is the Chief Technology Officer for Eastvale Consulting Services, Inc.
Susan Schaefer is the owner of Ships ‘N’ Trips Travel (www.shipsntripstravel.com) located in Brentwood, Tennessee and specializes in leisure travel with a focus on group travel and charity fundraisers. Through their division Kick Butt Vacations (www.kickbuttvaations.com) she focuses on travel for young adults under 35. Susan can be reached by email at email@example.com or by phone at (888) 221-1209).