Community News Security

How to make backups of your data – and why you should

The most unfortunate thing about backups is that we usually realise we need one when it’s already too late. We want to recover data we lost, but – unless we made a backup copy beforehand – the data may already be gone. Even when recovery options are available, they can be very expensive and complex.

By Altieres Rohr, security analyst at CAIS

The good news is that creating and maintaining backups for personal use has never been easier. From online services to physical media, there are many affordable (and free) options to make sure you never lose your essays, spreadsheets or photos.

Backups are a process – a habit. Seemingly complicated at first, they are fast after you become familiar with your tools. You’ll only need to start your backup solution and let it do its job.

Be prepared for anything

Backups are a last line of defence against a wide range of risks. It’s understandable that many of us associate data loss with threats like ransomware or other malware attacks, but backups can come into play much more often.

  • Malware. Anti-virus solutions help prevent malicious code from stealing your passwords or doing other bad things, but it’s a reliable backup that will make sure your data is safe at the end of the day.
  • Physicals accidents. If someone bumps into your laptop charging cable or you drop your phone, the damage can cause data loss.
  • Lost or stolen devices. If you forget your devices somewhere or they get stolen, you will need a backup copy of your data.
  • Service issues. If all your data is stored on a PC, a power failure will make it inaccessible. If everything is online, internet or service hiccups (a forgotten password or temporary security lockout) may also make your data unavailable to you – at least for a time.
  • Hardware and electrical failures. Storage devices will eventually fail, and so will certain electrical components they are attached to.

The strengthened security of modern devices also makes backups more important. Many recent laptops and all smartphones have their storage built into their logic boards, and these memory chips are not made to be removed or read outside of the device. In other words: if any component fails, your data cannot be accessed.

This may seem like an unwanted design, but it can be a feature. When the storage is tied to the device and encrypted, a password will always be required for access. Because computers are able to hold so much information despite becoming smaller and lighter, we end up carrying our data everywhere – if it could be accessed without a password, it would be at risk.

While the protections that are built into your mobile devices protect your privacy, it’s up to you to make additional copies to prevent loss.

Pick the right backup solution

File syncing and backup tools give you options to make file copies smarter and faster.

If you can’t find or obtain your backup files, then it’s pretty much the same as not having one at all. Selecting the right way to back up your data is key.

  • Be aware of mandatory storage. Your project or organisation may already have a storage system tied to a backup routine, and there may be legal requirements (such as data retention and privacy) that must be observed. Before you use your personal storage for corporate or project files, make sure it’s okay to do so.
  • Consider how often you will need it. Some files can wait a little to be backed up, while others require more immediate attention. It’s OK to use a different service for each case – focus on a process you can actually follow through.
  • Cloud storage. Cloud storage is usually more about data syncing between devices than backups, but there are providers that specialise in backups. This usually means allowing you to rollback your data easily and encouraging you to upload everything without deleting local copies. If you’re on a budget, you can create your own strategy by using the free tier of one provider just for backups.

If you just realised you don’t have a copy of all the data you’ve uploaded to the cloud, don’t worry – there’s usually an easy way to fix that. For instance, you can use Google Takeout or Facebook’s download option.

  • External media and tools. You can use a USB drive to back up your files. When using your own media, it helps to have a tool to make your life easier – while a “copy/paste” operation will do the job at first, you’ll quickly realise you want the process to be smarter and faster. Windows 10 has a built-in backup feature to save file history, and Macs have Apple’s TimeMachine. If you don’t need file history, look into sync tools like FreeFileSync (available for Macs, Windows and Linux) or rsync (for advanced users only).
  • App-specific backups. Some apps have their own backup feature. This is the case for some messaging services like WhatsApp and Signal. Be careful when backing up app settings – they may contain passwords or other sensitive information. If you’re a gamer, be aware not all games have a cloud save functionality (some may require specific tools).
External drive cases allow you to keep using old laptop hard disks through USB, making a great budget option for your backups.

Backups also need security

Even safety measures create some risks. When it comes to backups, every new copy of your data is one more place where it can be accessed without your authorisation.

The appropriate measures to secure your data will vary, but there are two key features you should keep your eyes out for.

Two-factor authentication. Any kind of online service should have additional authentication factors, and you need to use them!

The best options require you to own a hardware key, but you can also generate codes with a free app on your phone. Avoid using SMS for this purpose – there are several documented cases of attacks against SMS messages.

Most importantly, remember to create and safely store your backup access codes – these will be required if something happens to your phone.

Encryption and media control. If you opted to use physical media, consider enabling password protection with encryption. BitLocker is a good option, but it’s only available on Windows 10 Pro. However, some external drives on the market have their own encryption technology. Once your data is encrypted, handle passwords and recovery keys with care – if they are lost, your files will be impossible to recover.

If you have many files that you will no longer make changes to, there are options (such as SD cards and optical disks) with write-once functionality for additional integrity protection.

Learn to back up your phone

If you have an Android phone with a card slot, keep in mind that the card should not be used as a backup solution.

By default, the card is not protected by the same encryption that prevents access to the internal storage. The benefits of encryption are negated when you copy encrypted files to an unencrypted storage medium on the same device.

While you can encrypt the card to prevent this, this comes with a caveat: if the phone fails, the card will become unreadable. In other words, it won’t be there as a backup when you need it.

To properly back up your phone, you need to connect it to your computer with a cable or use an app that can send data over the network. iPhones have iTunes, but things can get trickier on Android – especially if you like to delete your photos after you send them to the cloud. You need to download and save them somewhere else.

Your secure vault

A backup is a secondary storage that is maintained exclusively for recovery purposes. Any data or service used daily is at higher risk of data corruption, attacks, or accidents.

I’ve heard from people who had all their photos on their phone backed up to the cloud, yet lost everything because they couldn’t recover the account after having a problem with their mobile device.

Our data can be invaluable – they hold our work and memories. Sometimes you may want to be able to access it easily, but certain information needs to be put in a vault like a jewel. A secondary copy is more similar to a vault, so don’t mix up your data for daily use and your backups.


Author

Altieres Rohr

Altieres Rohr is a security analyst at CAIS, the security incident response team from Rede Nacional de Ensino e Pesquisa (RNP), the national research and education network in Brazil. He has been creating content related to cybersecurity awareness for over 15 years.