World Backup Day – is your data safe enough?

World Backup Day - is your data safe enough?

World Backup Day31 March is World Backup Day, a chance for us all to avoid being April Fools by making sure we have secure backups of all our most important data.

On last year’s Backup Day, we provided a rundown of the most basic and important steps you can take to ensure your files can be retrieved in the event of a disaster.

Most physical storage media, from hard drives and USB flash drives to CDs and DVDs, are vulnerable to damage from flood, fire, or sudden impact (sometimes even simply dropping them on the floor).

That’s not to mention having your laptop stolen, losing a USB drive, or indeed corruption or accidental deletion, so having a single copy of your important files is never a good idea.

Of course, keeping a second copy right next to the computer holding your main copy is not going to help in the event of a fire or burglary.

As a result, a range of online backup services has emerged in recent years, providing handy options for simple, low-cost backups that are shielded from many of the risks of copies stored in your home or office.

There are some issues to consider here too, though, especially in terms of privacy.

Depending on the service you use and the location of its servers, your data could be open to the prying eyes of government agencies and even hackers, so it’s advisable to use strong encryption of your own if you need to upload data to a cloud service while keeping its content private.

Make sure access is controlled with strong passwords and 2-factor authentication to keep unwanted people out of your account, and don’t forget to pay the subscription fee, as your data may automatically be deleted if your account expires.

The ransomware threat

When we last covered World Backup Day, ransomware was a relatively new addition to the range of headaches facing us, with CryptoLocker hitting headlines around the world in late 2013.

Since then ransomware has become a popular money-making tactic for cybercriminals, evolving multiple variants including CryptoWall and CryptoDefense, and going after iPhone users, gamers and companies’ customer databases.

Of course, ransomware wasn’t invented with CryptoLocker – the AIDS Information Trojan, created in late 1989, was probably the first example of malware that scrambled your data and demanded money to decrypt it.

But the inclusion of properly-implemented cryptography in CryptoLocker and its followers – rendering the files it targets for all practical purposes irretrievable without paying up – has turned it from an annoyance into a calamity for those affected.

At least, that is, for those without proper backups.

Any business should include regular and secure backups as one of its most basic processes, and everyday home users are steadily learning that this applies to them too.

However, as we’ve seen, even in settings where you would expect secure computing practices, they’re not always in place, with organisations from police departments to entire school districts finding their data locked up and held to ransom.

Malicious encryption

Having malicious software running on your computer, encrypting files at will, adds a further complication to the backup process.

Many ransomware variants don’t just scramble your C: drive.

They look for any device that can be accessed as if it were a disk drive, including USB drives, network shares and even cloud-based storage, if it is mounted as a directly-accessible network drive.

This could result in the double nightmare of having your carefully stowed backups also encrypted and locked up.

There’s also a risk with more basic scheduled backup systems that your local files could get encrypted, then backed up, overwriting existing “clean” backups so that even if you restore your backup, you are still stuck with scrambled files.

Stepped backups

So, there’s a strong argument for some sort of stepped approach to backing up, using at least two separate backup devices and updating one or the other alternately on a regular basis, checking the integrity of the data stored on them each time.

That way, you’re reasonably sure you won’t lose more than a few days or weeks’ worth of data, even in the case of the most devious and long-lasting infection.

The main point of World Backup Day is to make sure those of us who have yet to make any sort of effort to secure our data make a start and take those first basic precautions.

If you haven’t yet backed up any of your stuff, now would be a really good time to get moving.