Today is World Backup Day.
Data backup is incredibly important today given how much of human activity is online. Here are a few suggestions to reduce the risks of losing your important data. (Data is "important" if losing it would negatively impact you.)
- Ensure that all your important data is backed up to at least two different places, at least one in the cloud and at least one local (e.g., an external hard drive).
- Manual backup -- weekly at a minimum -- can work if you're diligent and set a reminder in your calendar, but automated daily backup is much better.
- For data that lives on your computer or an external drive, your first backup should be to a cloud provider. Your second backup can be cloud or local.
- Have an offline local backup. Offline means that the storage device (e.g., external drive, flash drive) is physically connected to your computer only during the actual backup operation. This provides protection against corruption, deletion by mistake, and ransomware.
- If you have data that lives in the cloud, you need at least one backup too, which could be on your computer or an external drive. Your password manager falls under this: export its database occasionally -- but only if your computer drive is encrypted; see below.
- Cloud sync (often free, e.g., Google Drive) is not the same as cloud backup (usually paid, e.g., Backblaze). True backup will keep deleted files and old versions of your files for at least 6 months (and ideally longer), supports point-in-time restore, and lets you choose which folders to back up. Cloud sync providers usually keep these for no more than 30 days, don't support PIT restore, and often only back up files you place in the single fixed folder.
- For sensitive data you're backing up to the cloud -- or if you don't want to have to think about which data is sensitive or not -- use a cloud provider with end-to-end encryption (E2EE), also called Zero Knowledge.
- For local backups (e.g., to external drives), ensure that the data is encrypted. (Critically, also ensure that your computer's drive is encrypted. Windows Home doesn't do that and Windows Pro doesn't do it by default; so if someone steals your computer they'll get all your data.)
- For mobile devices you can reduce data backup concerns by ensuring that all important data on your device actually comes from (is synced from) the cloud, or, say in the case of new photos not yet transferred to your computer, is automatically backed up to the cloud. Don't leave any unbacked-up data on your device for too long.
- A backup is not useful if the restore from it fails when you need it, so run test restores on your data occasionally. This applies to both local and cloud backups.
- Manage your backup process: keep a list of all your data sources and where each source is backed up to and how often. This will help you identify gaps in your backups.
- Looking at the broader picture, you can reduce the cost, effort, and risks for data backup by reducing the amount of data you have. Don't keep data longer than it's useful to you for.
- Organizations: The larger the organization, the more stringent their backup requirements are, for both technology and processes. One small example of the latter is that the organization's security policies should include detailed requirements for backup of the organization's data.
This is an update of my World Backup Day 2021 post: World Backup Day, and suggestions.