Chapter 14
IN THIS CHAPTER
Discovering the importance of backing up
Finding out how to back up data from apps, online accounts, and smartphones
Exploring different types of backups of your devices and data
Encountering different ways to back up
While backing up your data sounds like a simple concept — and it is — actually implementing an efficient and effective backup routine is a bit more complicated. To properly back up, not only do you need to know about your backup options, but you also need to think about many other details, such as the location of your backups, encryption, passwords, and boot disks. In this chapter, you find out about all those backup details and more.
In the context of cybersecurity, backing up refers to creating an extra copy, or extra copies, of data (that may consist of data, programs, or other computer files) in case the original is damaged, lost, or destroyed.
Backing up is one of the most important defenses against the loss of data, and, eventually, it’s likely to save you from serious aggravation, as nearly everyone, if not everyone, will, at some point, want to access data to which they no longer have access.
In fact, such scenarios occur on a regular basis. Sometimes, they’re the result of human error, such as a person inadvertently deleting a file or misplacing a computer or storage device. Sometimes, they’re the result of a technical failure, such as a hard drive dying or an electronic device falling into water. And sometimes, they’re the result of ransomware attacks or other hostile hacker action. And when it comes to ransomware, an ounce of prevention — having all of your valuable data backed up and ready to restore in an efficient manner — is often worth many tons of cure.
Sadly, many people believe that they back up all their data only to find out when something goes wrong that they do not have proper backups. Don’t let that happen to you. Be sure to back up on a regular basis — often enough that if you had to restore from a backup, you would not panic. In general, if you’re in doubt as to whether or not you are backing up often enough, you aren’t.
While most of this chapter focuses on backing up data that resides on your laptop or other local computer data store, it is also important to back up data that resides not within your own “infrastructure,” but which other parties house for you as a result of using their systems.
In some cases, third-party backups resemble drive backups. While the provider has your data backed up, only you — the party who “owns” the data — can actually read it in an unencrypted form from the backup. In other cases, however, the backed-up data is available to anyone who has access to the backup.
That said, most major third parties have robust redundant infrastructure and backup systems in place, meaning that the odds that data stored on their infrastructure will remain available to users is extremely high when compared with data in most people’s homes. However, risks still remain.
Your cellular service provider may provide backup capabilities for your SMS text messages, and your phone’s operating system may provide general device backup features that include all SMS messages within the backups. If not, or if you choose not to use such backups, various apps can be downloaded from Google Play and Apple App Store that provide such features specifically.
Every major social media platform allows you to download all of your respective social media account’s data. While many people seem to think that there is no reason to back up such data (after all, they reason, the social media provider does its own backups of all account data), there are actually good reasons to do so.
First, if your social media account were somehow breached and taken over by a hacker, and that hacker deleted material from the account, you may have difficulty getting the material back — even if you successfully regain access to the account. This is true even if the social media provider actually has a backup in its possession of your original data; remember, restoring your data is not its highest priority.
Second, there is no guarantee that social media providers will remain in business forever. People are fickle, and while certain mainstay platforms may seem now to be “too big to fail,” that is most definitely not the case. Not that many years ago, MySpace was the dominant platform, with few people knowing about something called “The Face Book.” How things have changed!
And while MySpace is still around in some form, Friendster, which had over 100 million users, and Yik Yak, which had a valuation of over $400 million, have vanished, taking with them to the history books any access to the data that they once held for people. Also gone are Google Plus and Vine, and while the companies that last operated them still exist as tech giants (Vine was acquired by Twitter), the platforms are dead and the material that was on them is no longer easily accessible.
Third, a social media provider itself may be hacked, or otherwise go offline. Not that long ago, the right-wing social media network, Parler, for example, went offline completely for a period of many months. People who wanted to access their accounts could not do so.
While the exact mechanisms of backing up data vary between platforms, there is typically a function within the settings or help menus called Download Account Data or something of the like. You should periodically use it.
WhatsApp, which was acquired by Facebook (now known as Meta) in 2014, is arguably the world’s most popular tool for communication; its operator claims that the tool has more than 2 billion users worldwide.
To back up your Android device’s WhatsApp data, go into the Settings menu in the top-right corner of your screen, tap Chats, tap Chat Backup, and either tap BACKUP to manually back up, or configure the appropriate settings for periodic automatic backups. On Apple devices, you can reach the Chat Backup feature by tapping Settings at the bottom-right corner of the screen, tapping Chats, and then tapping Chat Backup.
If you use Google Photos, you can also separately configure Google to sync copies of your photos and videos on your phone to storage space in the cloud (Google Drive). To do so, click your profile photo that appears in the top-right corner of the screen in the Google Photos app, click Photos Settings, Click Backup & Sync, and turn on the feature accordingly.
Many other apps offer backup capabilities. Look through the app’s settings options, or check help forums online, if you have difficulty finding such features.
Both Google and Apple offer automatic syncing of data; using such a feature keeps a copy of your most recent data and also simplifies transferring your data when you upgrade to a new phone. Such syncing, however, also means that if you delete data, the deletions also sync. As such, you should still back up.
Android provides two ways to back up your data and apps: automatic backups and by backing up manually.
On Android versions 9 and later you can easily set up automatic backups as follows:
Depending on your phone’s current configuration, you may receive additional instructions (such as to update a Google app necessary for the backups to run). If you do, follow such instructions. You may also be asked to allow Google apps to have access permissions needed to run the backups. Once your first backup has run you will see “On” listed below the data types that have been backed up.
You can run manual backups on Android at any point simply by opening the Settings app, tapping System, and then tapping Backup. Some Android phone manufacturers have slightly different menu schemes, so just search through the menus for the Backup or Backup Now option.
Apple offers several built-in ways to back up your iPhone (or other iOS device).
To back up your device to iCloud, run the Settings app, and tap your name at the top of the screen. You will then see an option for iCloud — tap it. You will then see a switch to turn on automatic backups to iCloud as well as a button to immediately launch a manual backup.
Apple lets you backup your Apple device to a Windows PC or to a Mac.
To back up on Windows:
Connect your device to your computer. (On modern Apple devices this is normally done using a USB to lighting cable — the USB side goes into the computer and the Lighting side goes into the Apple device.)
iTunes will start. If you have configured your device to require a password to unlock it this is when you will be prompted to enter it.
Click Summary.
Optionally (but you know what you should do) turn on “Encrypt local backup” and create a password to protect your backup.
To back up on a Mac:
On modern Macs running the macOS Catalina operating system or later, open a Finder window.
Note: If you are using a Mac running an older version of macOS (macOS-Mojave or earlier) you will first need to open iTunes, then follow Steps 2–4 that follow.
Select the icon for your iPhone as seen on your computer.
Optionally (but you know what you should do) turn on “Encrypt local backup” and create a password to protect your backup.
Because cryptocurrency (see Chapter 1) is tracked on a ledger and not stored in a bank, backing up cryptocurrency involves backing up the private keys used to control the addresses in the ledger at which one has cryptocurrency, not backing up the cryptocurrency itself. Often, for security reasons, keys are not maintained electronically. They’re printed on paper and stored in a bank vault or fireproof safe.
For those who use hardware wallets to store the keys to their cryptocurrency, the backup for the wallet device is often a recovery seed, which is a list of words that allows the device to re-create the keys needed for the relevant addresses. It is generally accepted that, for security reasons, the list of words should be written down on paper and stored in a bank vault and/or safe — not stored electronically.
Anytime that you back up lists of passwords, make sure to do so in a secure manner. For important passwords that do not change often and are not likely to be needed on an urgent basis, consider making no digital records of them at all. Instead, write them down on a piece of paper and put that paper in a bank safe deposit box.
Backups of your data can be categorized in many different ways. One important way of distinguishing various types of backups from one another is based on what is actually being backed up when a backup process runs. The following sections look at the different types of backups based on that approach.
A full system backup is a backup of an entire system, including the operating system, programs/apps, settings, and data. The term applies whether the device being backed up is a smartphone or a massive server in a data center.
Technically speaking, a full system backup includes a backup of all drives attached to a system, not just those mounted inside of it — although if some drives are attached to the system only from time to time and are not needed for the primary use of the system, some might exclude the contents of such drives from full system backups, especially if they’re attached to other systems, or are backed up as part of the backup of other systems. For most home users, however, a full system backup means exactly what it sounds like: Backing up everything.
A full system backup is sometimes known as a system image because it essentially contains an image of the system as it existed at a particular point in time. If a device that you have an image of fails, you should be able to use the system image to re-create the entire system as it was at the time that the backup was made. When you use the rebuilt system, it should function exactly as the previous system did at the time of the backup.
One important caveat: Because a system backup includes settings, hardware drivers, and so on, restoring from a system image does not always work well if you restore to a different device than the one that was originally backed up. If you imaged a laptop that runs Windows 7 as its operating system, for example, and then acquired a newer device intended to run Windows 11, which has different hardware in it, a restored system image of the first device may not work well on the newer device. The reverse is even more likely to be true: If you keep an old computer in your closet “just in case” and that just-in-case situation turns into reality, your attempts to restore the image from a newer machine to the older machine may fail fully or in part.
One special case of system images is the original system image, also known as a factory image.
Many modern computing devices, whether laptops, tablets, or smartphones, come equipped with a factory image that can be restored. This means that when you acquire the device, it comes with an image of the original configuration that you receive — including the operating system, all the original software, and all the default settings — stored in a hidden partition or other storage mechanism not normally accessible to users.
At any point in time, you can perform a factory reset and set your device to look identical to the way that it did when it was new. When you do so, the device restores from the hidden image.
Some systems also create periodic images that you can restore from without having to go back to the original factory settings. Windows 10 and Windows 11, for example, have such capabilities built in.
Original installation media is for programs that you acquire and install after you purchased your device. If software came on a DVD, CD, or USB drive, saving the physical media that it came on allows you to reinstall the software in case of a problem.
If you’ve acquired programs since you purchased your device, it’s likely that some or all of them were delivered to you via digital download.
When software is delivered as a download, the downloader does not receive a physical copy. However, if you received software via a download, you can store a copy of the installation file that you downloaded on one or more of many different types of media, such as a thumb drive or a CD or DVD. Alternatively, you can store the copy on a hard drive, but be sure to back up that drive if it is part of your computer infrastructure.
In addition, some stores that sell downloadable software maintain copies of the software for you in a virtual locker so that you can download it at a later date. Such “backups” are useful, but be sure that you know how long the store will maintain the product in your locker. Some people have had serious problems because they relied on such “backups” only to find out that the software was not available to them at the time that they needed it.
An alternative to performing a full backup of the entire system is to perform a full backup of the data on the system, but not of software and the operating system. (Configuration settings for both the operating system and various installed programs are often stored in data folders and included in such backups.) Performing a full data backup allows users to restore all of their data in one shot if something goes wrong. Depending on the tool used to perform the backup, users may be able to restore a subset of the data as well — for example, by choosing to restore only one particular file that they accidentally deleted.
Incremental backups are backups made after a full backup and that contain copies of only the portion of data (or, in the case of a system backup, the portion of the entire system) that has changed since the preceding backup (full or incremental) was run.
Incremental backups normally run much faster than full backups because, on most systems, the vast majority of data files do not change on a regular basis. For the same reason, incremental backups also use less storage space than do full backups.
To recover data, however, restoration must be done from the last full backup plus all the incremental backups performed since that last full backup.
Many people (and many businesses as well) choose to do full system backups on one of the days of the weekend and then do incremental backups during each other day of the week, thereby finding a happy medium between the efficiency gains during the backup process and the potential for a tedious recovering process.
Differential backups contain all the files that changed since the last full backup. (They are similar to the first in a series incremental backups run after a full backup.) A series of differential backups therefore requires more time to run and uses more storage space than incremental backups, but less than the same number of full backups. Recovering from differential backups can be faster and simpler than doing so from incremental backups because a restore needs to be done from only the last full backup and last differential backup.
If you decide to use differential backups, consider how many backups you should be making before making the next full backup. If the differential backup starts to grow quite large, there will not be much performance gains while making the backup, and any restoration will take far longer than if done from just a full backup.
Many people (and many businesses as well) choose to do full system backups on one of the days of the weekend, and then do differential backups during each other day of the week.
Incremental and differential backups are made in conjunction with full backups, as shown in Table 14-1.
TABLE 14-1 A Comparison of Full, Incremental, and Differential Backups
Full Backup | Incremental Backup | Differential Backup | |
---|---|---|---|
Backup #1 | All data | — | — |
Backup #2 | All data | Changes from Backup #1 | Changes from Backup #1 |
Backup #3 | All data | Changes from Backup #2 | Changes from Backup #1 |
Continuous backups refers to backups that run continuously. Every time that a change is made to data (or to a system and data), a backup of that change is made.
One exception are complex backup systems that log each backup action and have the ability to reverse them. These backups can undo problematic portions of backups to the point that they occurred.
Partial backups are backups of a portion of data. As opposed to full backups, partial backups do not back up all elements of data from a system. If a system were to be completely hosed, for example, you would have no way to fully recover all of its data contents from partial backups made earlier of that system.
Partial backups can be implemented in a full incremental-like model in which the first backup in a series includes all the elements that are part of the set included in the partial backup, and subsequent backups in the series include only items from that set that have changed.
Partial backups can also be implemented as always full-like — in which case, all elements of the set included in the partial backup are backed up each time, regardless of whether or not they have changed since the last backup.
Folder backups, are similar to partial backups in situations where the set of items being backed up is a particular folder. While backup tools can facilitate folder backups, to the chagrin of many cybersecurity professionals and IT departments, many users perform such backups in an ad hoc fashion by manually making a copy of hard drive (or SSD) folders to USB drives at the end of each workday and consider such backups to be sufficient protection in case of problems.
Theoretically, of course, such backups work and can be used to recover from many problems. Reality dictates, however, that ad hoc backup procedures almost never result in proper backups: People forget on some days to back up or do not back up because they’re hurried, neglect to back up some materials that they should have backed up, store the backups on insecure devices in insecure locations, or lose the devices on which the backups are stored — you get the idea!
If you want to be sure that you have proper backups when you need them — and, at some point, you are likely to need them — do not rely on ad hoc folder backups.
A drive backup is similar to a folder backup, but for situations where an entire drive is being backed up instead of only a folder. Ad hoc backups of drives do afford some protection, but rarely deliver sufficient protection against risks of losing data.
One special case of drive backup is that in which a person or organization uses an encrypted virtual drive. For example, users may store their files within a BitLocker drive on Windows. BitLocker is a utility built in to many version of Windows that allows users to create a virtual drive that appears as any other drive to the user when it is in use, but appears as one giant encrypted file when not in use. To access the drive, the user must unlock it, normally by entering a password.
Backing up such drives is often accomplished by simply including the encrypted file within the full, incremental, folder, or drive backup. As such, all contents of the encrypted drive are copied without being referred to by name and remain inaccessible to anyone who does not know how to open the encrypted drive. Many backups tools offer drive backups in addition to more structured forms of backup.
While such a scheme protects the contents of the encrypted drive as they live in backups by using the same encryption as was used for the primary copies, note several caveats:
Some files and folders do not need to be backed up unless you are imaging a disk (in which case the image must looks exactly like the disk). Operating system paging files and other temporary files that serve no purpose if a system is restored, for example, need not be backed up.
The following are examples of some such files and folders that you can exclude from backups on a Windows 10 machine. If you’re using backup software, the software likely comes with a built-in list of default exclusions that may resemble this list:
To conserve storage space, some backup engines will also back up only one copy of an identical file that appears in two places instead creating two “links” to the contents of that file in the backup. Sometimes such a feature appears as an option in an Exclusions settings section.
Some applications have built-in backup capabilities that protect you from losing your work if your computer crashes, power fails, or you don’t have battery power left.
One such program is Microsoft Word, which offers users the ability to configure how often files should be saved for AutoRecover. For most people, this feature is quite valuable. I even benefited from this feature while writing this book!
While the mechanism of configuring AutoRecover varies between some versions of Word, in most modern versions, the process is the following or something similar: Choose File ⇒ Options ⇒ Save and configure the options according to your taste.
No simple one-size-fits-all rule applies as to how often you should backup your system and data. In general, you want to ensure that you never lose enough work that it would cause you significant heartache.
Performing a full backup every day requires the most amount of storage space for backups and also takes the most time to run. However, doing so means that more total copies of data are available — so, if a backup were to go bad at the same time as the primary data store, less data is likely to be lost — and fewer backups are required to perform a system or data restoration.
Performing a full backup everyday may be feasible for many individuals, especially those who can run the backups after work hours or while they are asleep at night. Such a strategy offers the best protection. With storage prices plummeting in recent years, the cost of doing so, which was once prohibitive for most individuals, is now affordable to most folks.
Some people and organizations choose to perform a weekly full backup and couple that backup with daily incremental or differential backups. The former strategy provides the fastest backup routine; the latter offers the faster recovery routine and reduces the number of backups needed in order to perform a restore to a maximum of two instead of seven.
For apps that do not have in-app-auto-backup capabilities, some folks have suggested periodically using the Windows or Mac Send menu option to send to themselves via email copies of files that they are working on. While doing so is clearly not a formal backup strategy, it does provide a way of backing up work during the day between regular backups and often does so offsite, ensuring that if one’s computer were to die suddenly, an entire day’s worth of work would not be lost.
You can use multiple types of tools to create, manage, and restore from backups. Tools can automate various types of backups, for example, or can manage the process of a perpetual syncing backup. Backup tools come in wide variety of price ranges, depending on their robustness and scalability.
Backup software is software designed specifically to run and manage backups and restorations from backups. You can find multiple vendors of such software, with exact features varying between products and between the platforms that they support (for example, features may vary between Windows and Mac versions of the same backup software package). Some offerings are intended for home users, some for large enterprises, and others for pretty much every level in between.
You can use backup software to manually or automatically backup — that is, you can configure it to backup specific systems, data, drives, or folders at specific times, using different backup models, such as full, incremental, and so on.
Ideally, you should configure your systems to automatically back up at specific times to make sure that you actually back up and don’t neglect doing so while you do any of the many things that come up in life.
If you just worked on some important project or spent many hours creating some new work on your computer, however, you may want to kick off an extra manual backup to protect your work and the time that you invested in it.
Some external hard drives and solid state devices come with built-in backup software. Such software is often extremely intuitive and easy to use, and users may find it the most convenient way to set up their backup routines.
Windows comes equipped with basic backup software built in. The software sports several features, and, for many people, may be sufficient. Using Windows Backup is certainly better than not backing up at all.
You can configure Windows Backup in two places:
Additionally, a Windows File Backup utility automatically backs up files as you modify them. You can access its configuration options via the Control Panel File History option. If you have plenty of disk space and work efficiently, make sure that your files are backed up quite often.
For more on restoring files from Windows File History, see Chapter 15.
Many devices come equipped with the ability to automatically sync your data to the cloud — a process that allows you to restore the data to a new device if your device is lost or stolen. Even devices that do not have this feature built in almost always can run software that effectively delivers these features for a specific folder tree or drive.
Using the sync feature provides great protection, but it also means that your data is sitting in the cloud — which, simply means that it is on someone else’s computer — and potentially accessible to both the cloud-service provider (in the case of most smartphones, the provider would be Apple or Google), as well as to any government agencies that demand access to the relevant data while armed with a warrant, rogue insiders, or hackers who manage to somehow obtain access to it.
As discussed earlier, syncing also typically means that if you delete something on your device, it gets deleted from the synced copy (which means syncing is not sufficient on its own as a means of backing up).
Before you decide whether or not to use the sync, think about the pros and cons.
Manual backups are exactly what they sound like: backups performed manually, often by people copying files, folders, or both from their primary hard drive (or solid-state drive) to a network folder or thumb drive.
Automated-task backups are essentially manual backups on steroids; they are manual backups that are run by a computer automatically instead of by people manually kicking them off. While automating the backup process reduces the risk of forgetting to back up or not backing up due to someone being hurried, file and folder copying is still risky because if some sensitive information is, for some reason, not stored in the proper folder, it may not be backed up.
One possible exception is the case of virtual drives. If users automate the process of copying of the file containing the entire drive on which they store all of their data files, such backups may be sufficient. For most home users, however, setting up an automated copying routine is not a practical solution. Using backup software is a far simpler, and better, option.
If you ever need to re-create your system, you will need the ability to boot the computer, so as part of the backup process, you should create a boot table disk. For most smartphones and tablets, creating a boot disk is not an issue because resetting the device to factory settings will make it bootable.
Such simplicity is not, however, always the case with computers, so when you perform your first backup you should ideally make a bootable disk that you know is safe to boot from (in other words, no malware and so on). Most backup software packages will walk you through this process, and some computer manufacturers will do the same on your initial startup of the system. Various security software packages are distributed on bootable CDs, DVDs, and/or USB drives as well.
For backups to have any value, they must be properly stored so they can be quickly and easily accessed when needed. Furthermore, improper storage of backups can severely undermine the security of information contained within the backups. You’ve probably heard stories of unencrypted backup tapes that contained sensitive information on them getting lost or stolen.
That said, there is not a one-size-fits-all approach to proper storage of backups. You can back up in different places, which results in different storage locations.
Storing a local copy of your backup — meaning somewhere near a home computer or readily accessible to the owner of a smartphone, tablet, or laptop — is a good idea. If you accidentally delete a file, you can quickly restore it from the backup.
Backups should always be stored in a secure location — not on a bookshelf. A fireproof and waterproof safe bolted down to the floor or fastened to the wall are two good options.
Also, keep in mind that hard drives and other magnetic media are less likely to survive certain disasters than solid-state drives, thumb drives, and other devices containing memory chips.
Because one of the purposes of backing up is to have the ability to preserve data (and systems) even if your primary copy is destroyed, you want to have at least one backup offsite — meaning in a different location than your primary data store.
Opinions differ as to how far away from the primary store the backup should be kept. Essentially, the general rule is to keep the backups far away enough that a natural disaster that severely impacts the primary site would not impact the secondary.
Backing up the cloud offers the benefits of offsite storage. If you lose all your equipment and systems to a natural disaster, for example, a copy of your data will almost always still exist in the cloud. Also, from a practical standpoint, the odds are that the information-security team at any major provider of cloud storage has much greater knowledge of how to keep data secure than do most individuals and have at their disposal tools that the average person cannot afford to purchase or license.
At the same time, cloud-based backup has its drawbacks.
When using cloud-based backup, you are relying on a third-party to protect your data. While that party may have more knowledge and better tools at its disposal, its primary concern is not you. If a breach occurs, for example, and large customers are impacted, its priorities may lie in addressing their concerns before addressing yours. Also, major sites are often major targets for hackers because they know that such sites contain a treasure trove of data, far greater than what they may be able to lift from your home PC. Of course, if the government serves the cloud provider a warrant, law enforcement agents may obtain copies of your backups — even, in some cases, if the warrant was served because it has demonstrated probable cause only that someone else (and not you) committed a crime.
That said, for most people, cloud-based backup makes sense, with the pros outweighing the cons, especially if you encrypt your backups, thereby making their contents inaccessible to the cloud provider.
Backing up to a network drive offers a blend of features from several of the prior locations for storing backups.
Like a local backup, a network backup is normally readily available, but perhaps at a slightly lower speed.
Like an offsite backup, if the network server on which the backup is located is offsite, the backup is protected from site problems at the primary data’s site. Unlike offsite backup, however, unless you know for sure that the files are offsite, they may be in the same facility as the primary data.
Like cloud backup, network based backup can be restored to other devices on your network. Unlike cloud backup, it may be accessible to only devices on the same private network (which, may be a problem, or, in some situations, a good thing from a security standpoint).
Also, network storage is often implemented with redundant disks and with automatic backups, offering better protection of your data that many other storage options.
There is no reason to only back up to one location. From the perspective of restoring data quickly, the more places that you have your data securely backed up, the better. In fact, different locations provider different types of protection optimized for different situations.
Keeping one copy local so that you can quickly restore a file that you accidentally delete, as well as maintaining a backup in the cloud in case of natural disaster, for example, makes sense for many people.
Keep in mind, however, that if you do store backups in multiple locations you need to make sure all the locations are secure. If you can’t be sure about the security of some form of backup, beware and do not back up there just because “the more backups, the better.”
Never, ever, store backups attached to your computer or network, unless you have another backup that you are willing to recover in case of a malware attack. Ransomware that infects your computer and renders the files on it inaccessible to you may do the same to your attached backup.
If you back up to write-once, read-many-times type media, which is most commonly found today in the form of CD-Rs and DVD-Rs, it is safe to leave the backup in an attached drive after you have finalized the backup recording and set the disk to read-only.
Backups can easily become a weak point in the data protection security chain. People who are diligent about protecting their personal information, and organizations that are careful to do the same with their confidential and proprietary information, often fail to afford the same level of protection to the exact same data when it resides in backups rather than in its primary location.
How often do we hear news stories, for example, of sensitive data put at risk because it was present in an unencrypted form on backups tapes that were lost or stolen?
Be sure to encrypt your backups if they contain any sensitive information, which, in most cases, they do. After all, if data is important enough to be backed up, the odds are pretty good that at least some of it is sensitive and should be encrypted.
Just be sure to properly protect the password needed to unlock the backups. Remember, it may be a while before you actually need to use the backups, so do not rely on your memory, unless you practice using that password on a regular basis to test the backups.
Also, keep in mind that if encryption methods used to protect backups go obsolete, the backups should be replaced with backups re-encrypted with better encryption. This issue is likely going to become a major headache for many organizations as quantum computing (discussed in Chapter 18) matures.
Many folks have thought that they had proper backups only to discover at the time that they needed to restore that the backups were corrupted. Hence, testing backups is critical.
While, theoretically, you should test every backup that you make and test that every single item within the backup can be restored, such a scheme is impractical for most people. Do, however, test the first backup that you make with any software, check the auto-recover files the first time that you use Word, and so on.
Some backup software comes with the capability to verify backups — that is, after making a backup, it checks that the original data and data in the backups match. Running such verification after making a backup adds significant time to the backup process, but is well worth running if you can do so because it helps ensure that nothing was improperly recorded or otherwise became corrupted during the backup process.
People and organizations often store backups for long periods of time — sometimes preserving materials for so long that the encryption used to protect the sensitive data on backup media is no longer sufficient to adequately protect the information from prying eyes.
As such, it is imperative that, from time to time, you either destroy your backups or re-create them.
Likewise, if you backed up data along with various DOS programs or early Windows 16-bit executables needed to process the contents of those backups, you may be unable to restore from the backups to many modern machines that may be unable to run the executables. Obviously, if you did a full system image of a machine 20 years ago, you are going to have difficulty restoring from the image today (you may be able to do so using virtual machines — something well beyond the technical skill level of most users).
Even some older versions of data files may not work easily. Word documents from the mid-1990s, for example, which can be infected with various forms of malware, do not open in modern versions of Word unless a user enables such access, which may be difficult or impossible to do in certain corporate environments. Files formats utilized specifically by software that has long since disappeared entirely from the market may be even harder to open.
As such, old backups may not have much value to you anyway. So, once a backup is no longer valuable or once its data protection may be at risk of compromise, get rid of it.
How should you dispose of the backup tapes, disks, and so on? Can you just throw them in the trash?
No. Do not. Doing so can totally undermine the security of the data in the backups.
Instead, utilize one of the following methods:
3.12.161.165