A few months ago, a popular cybersecurity news organization posted an urgent notice on social media seeking help to recover their data after their blog was deleted. They announced that they had no backups and they were desperately trying to contact the site administrator to restore their blog collection. This was as maddening as it was embarrassing for the same reasons. One would think that a cybersecurity organization would exemplify good backup habits, or that a news organization of any type would practice good backup procedures. One would assume that an admission of such negligence would be kept out of the public spotlight.
There was no legal requirement to announce the data loss, since it was not the result of a breach, or any malicious act involving any sensitive data. It was simply an error by the web site operator, either through an automated process, or a manual blunder. Either way, the admission that they did not have backups did nothing to help promote security in any way.
The General State of Affairs Gives No Comfort
This event made me wonder about the general state of backups. I wondered whether the average person practices good backup habits, so I started to ask around. I figured that I would be bored with the responses, since I am such a backup evangelist. I make multiple backups of my important data, and I go so far as to wear an encrypted copy on a USB drive that is with me at all times. You would not be the first person to call me weird for doing so. It only gets weird when I tell people that the USB is fully bootable, so I don’t have to rely on anyone else’s operating system to retrieve a file.
My own unscientific survey about the backup habits of many of the people I know has left me quite disheartened. The majority of them do not backup their data at all, and some still do not even know how to do so. How is this possible?
Time to Celebrate?
This all reaches the point of dismay, considering that March 31st is World Backup Day. In fact, it is the 11th anniversary of the event, and it is “celebrated” both by mainstream publications, and of course, media manufacturers. Surely, I thought that the importance of data backups was common knowledge to everyone by now.
There are so many easy ways to back up data. However, in our zeal to promote good habits, we may have complicated things a bit. We cybersecurity zealots tend to do that on occasion. The old “3-2-1” method of making three different backups on two different types of media, and storing them in more than one location is probably more than most people can comfortably tolerate.
Overthinking the Problem
In many cases cloud backups have helped, but they have also created a new problem. For example, many people rely on their iCloud backup to protect all their photos, and while this is good, it also promotes a false sense of security, as people don’t consider their important data files. This is a good way to start a conversation about data backups for those who are unfamiliar with the options.
Other cloud backup solutions also create a similar problem, whereas those backups are often in an “always-connected” state, and if something as devastating as ransomware infects the host machine, the online backup will also be affected. This has happened on more than one occasion to large enterprises, such as those targeted by the WannaCry attacks of 2017. This is a more advanced concept, and should be saved for a time after a person establishes basic backup habits.
Another unintended consequence of the apparent ease of cloud backups is that most people rely solely on the backup provider to encrypt the data. This is good, because the data cannot be used if it is stolen, however, it also gives the entire encryption process to the backup provider, which means that they could easily decrypt the data since the private key is under their control. While most people are not transacting State secrets, it is still not the best practice to entrust your private key to an external entity. However, the idea of encrypting prior to backup is a concept so advanced it eludes the practice of even some security professionals.
Set the Shortcomings Aside
With all of these apparent shortcomings, how can we properly celebrate World Backup Day? We can do so by promoting the overall concept of backups. Let’s speak about data backups as we would about any security practice; with patience and simplicity. Throw all of the shortcomings into a box for later discussions.
Many people do not know that there are easy options to protect their data from loss, so any step towards backing that data up is a broad leap in the right direction. If we stick to the basics of data backups, we may be able to make World Backup Day a true cause for celebration. Let’s introduce those who are unfamiliar with data backups to the many available offerings before we expand to purchasing them their very own USB necklace.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.