3DSC 2.29: Create Backups of Your Files

Last year I suffered a catastrophic malfunction of my main hard drive.  After returning from a work trip I settled in to check email only to find my computer unwilling to boot.  This is not the first time I have broken a computer.  Fortunately this time I was prepared.  The step that saved me in this instance is today’s task: backup your files.

Difficulty: Intermediate
Active Time: 15-30 minutes
What it Protects You From: Data loss

Backup Your Files

Local Backups:  Local backups are stored offline, in your home or office.  These backups are typically stored on an external or networked-attached hard drive.  They protect you very well against the most common reasons for data loss like hard drive failure.  Local backups will not protect your data against larger data loss events.  If your house is flooded, burns down, or is struck by a tornado, your data is probably gone, too.  There are some major advantages to local backups though.

Local backups can be incredibly up-to-date.  This is especially true if they are automated and occur over Wi-Fi, like Apple’s Time Capsule.  Backups that require user involvement, like plugging in a hard drive and running manually may occur less frequently.  The other major advantage of local backups is security.  Backups that are only stored in your home are much, much safer from data breaches than those stored in the cloud.  Cloud backups have some serious advantages, though.

I recommend creating a local backup, even if you choose to do an additional offsite backup (offsite backups are described below).  The tools and techniques you use will vary depend on your operating system.

  • Windows systems: There are several methods you can use to backup a Windows machine.  If you only wish to backup select files, check out CryptSync (described below in Offsite Backups).  If you wish to use Windows’ built-in tools, you should first encrypt a hard drive using VeraCrypt or BitLocker.  Use Windows Backup and Restore (Windows 7) or File History (Windows 8/10) to backup data to the encrypted drive. The Windows tools work but are very basic.  If you desire a more feature-rich tool, check out Genie9 Timeline Pro.  I used it for a long time with great results.
  • OS X: I strongly recommend using Mac’s built in Time Machine backup utility.  Time Machine backups can be secured with AES-128 encryption.  If using the AirPort Time Capsule their transmittal via Wi-Fi is also encrypted.  Additionally, Time Machine is seamlessly integrated and user-friendly.

Offsite Backups:  The biggest advantage to offsite backups: they are impervious to local disasters.  It doesn’t matter if a power surge fries all your electronics or your house is leveled by a hurricane.  Your data is still stored on a cloud server somewhere and is recoverable.  This is a double-edged sword though.  Your data is stored offsite, on a machine that you do not control.  It may be vulnerable to data breaches or rogue employees.  Even if you delete it, you have no assurance it is really gone.  You are placing your trust in a faceless company.

While I do not backup to the cloud, there are ways you can do so more securely.  First, you can encrypt your files before uploading them.  The program I prefer for this in Windows is called Cryptomator.  Cryptomator automatically encrypts files individually as they are uploaded to the cloud. Cryptomator is free and available for Windows, Mac, and Linux computers, as well as iOS and Android mobile devices.

Windows and Mac offer the ability to backup to OneDrive and iCloud, respectively.  While I may reservedly recommend iCloud if you are insistent on cloud storage (as detailed in my piece on cloud storage threat models), I recommend strongly against using OneDrive.  Windows’ increasingly heavy-handed data collection (rolled out with Win10) makes me distrustful.  As does their privacy policy.

Final Thought: No matter what you choose, use something.  I have lost both personal and work-related data before.  It is not a situation I would wish on anyone.  And, protect your backup with strong encryption.  It contains everything your computer does, and should be equally protected.

6 thoughts on “3DSC 2.29: Create Backups of Your Files”

  1. Hi everyone. I’ve spent a great deal of time thinking about backups and my solution is still imperfect. I hope sharing my thoughts on this will help others when thinking of their solution.

    Justin, I love the idea of doing off-site backups for the reasons you cited. For those wondering where to store an off-site backup, I suggest getting a 2.5″ USB hard drive for the backups which will then fit inside of the typical entry-level safe deposit box at your bank of choice. In terms of software, there are dozens if not hundreds of choices and it likely boils down to personal preference. Mine is Macrium Reflect for Windows. However, I would not suggest this for cloud backups! I’ll first cover my implementation followed by the problems I would like to solve.

    The way I do it is to have two hard drives on my principal computer that are mirrored via RAID. This covers me against mechanical failure (unless both drives fail at the same time, which I have heard of happening). Next, I use Macrium Reflect to do differential backups to a 3.5″ USB hard drive that I store on-site. I do these backups once per month. Finally, I use Macrium Reflect to do incremental backups to a 2.5″ USB hard drive that I store in a safe deposit box. All hard drives are encrypted. You can use BitLocker, VeraCrypt or even Macrium’s build-in encryption should you prefer.

    Here are the weaknesses I have not yet addressed: if my system were to become infected with malware in the form of a ransomware, it would likely only affect my main PC and I could simply redeploy. The potential weakness, however, is that if said ransomware were to have a delayed activation where it deployed 45 days after infection, it would cover all of my backups too. Not very helpful!

    I have yet to read of an effective solution to this problem. One means I have considered is the notion of setting up a dedicated backup PC that has read-only access to my main PC that then PULLS data for backup purposes (i.e. the PC being backed up would never be able to access the backup computer’s filesystem and PUSH updates. Instead, the backup PC would access the PC with all of the data and PULL the data for backup purposes). All secondary backups, both on-site and off-site, would be done of the backup PC and not the one with all of the data directly. In theory, I believe this would mitigate the time-delayed ransomware risk but I’m not certain. I also think differential backups would be crucial and to never again use incremental (this is because if you do incremental, you would need to re-deploy all backups to get to the latest one, which would potentially include the ransomware. Differential, by contrast, would be a complete backup each time since the very first backup you made, allowing you to potentially recover files just before you became infected with ransomware).

    More importantly, I don’t even know what sort of backup PC configuration I would deploy. I was thinking of building a FreeNAS to do it but this begs an entirely new set of solutions to other problems, like whether it’s essential to buy ECC compatible equipment (i.e. motherboard, CPU, and RAM). If selecting ECC gear, the cost is very expensive. If you don’t, there is a theoretical risk that the volume could become corrupt and the entire filesystem (ZFS) would compound the corruption. What good is a backup if it becomes corrupt? So I would err on the side of caution and get ECC.

    For more information on push/pull, run some search queries on PUSH PULL RSYNC.

    Anyway, all of this is just for further consideration by anyone thinking of malware when implementing a backup solution.

Leave a Reply

Your email address will not be published.