Now and again I talk about aspects of data security that aren’t directly related to backups. I don’t do it often, because I’m not a security expert, but there’s more than one way to lose your data, and stories about backup tapes stolen from financial institutions and missing laptops with confidential information on them show up in the news pretty often.
The security of your backups can be an issue for everyone. If someone broke in and stole your external hard drive, would they get everything? Most small and home office users have at least some information that shouldn’t be available to anyone who finds a USB key lying on a taxi seat. So we should all take basic precautions and not make it easy for those with harmful intent.
I saw an announcement about a new service called BlogBackupr the other day and flagged it as something to investigate. As a backup blogger, I’m certainly in favor of backing up your blog. (I’m not at all in favor of that awkward name; even “Blog Backer-Upper” would be more euphonious.) Before I could check the service out, however, I saw a post from Ike Pigott warning readers about a the way any provider of such a service could abuse the login and password information for your blog.
And just in case I wasn’t feeling paranoid enough after reading Ike’s post, I got a link to a new white paper from Bitpipe this morning: “How to Fully Protect Your Storage Environment.” (You’ll have to register to download it, if you’re interested.) The section that caught my eye was “Why and How Your Storage Environment Will Be Attacked,” by Kevin Beaver.
While the guide addresses enterprise storage, a few points apply to smaller businesses and home users as well:
- Storage security does not equal redundant systems and good backups. These two elements are only part of what’s going to keep your data safe and sound, so it’s important not to solely rely on them as has been done in the past.
- Storage encryption is not the silver bullet. Not for data at rest and not for data in transit.
The truth is, we all have to trust someone with our data sometime. Even if you run your own web and mail servers, even if you avoid online backup services, the only way to protect your data against fire, flood, and theft onsite is to move copies of the data offsite—which means it’s vulnerable in transit and at its destination. And most companies providing backup and storage solutions limit their liability pretty severely.
The malicious hackers are way ahead of most of us, too. They know more ways to attack than we’re aware we should defend.
So what’s a sensible person to do?
If you work with really sensitive data, it’s probably worth hiring a security expert. Otherwise, take the obvious precautions. If it’s small and portable (and even my twelve-ton, 17-inch laptop qualifies for that category), put a password on it. And store your passwords in a password-protected program. Don’t leave your data unattended. Do provide someone in your company or family with your master password in the event you are injured or killed and they need access to your data, but make sure that person knows how important it is not to hand out that information.
Check out any storage services you’re thinking of using before you sign up: search on Technorati and in places like Yelp to find out what people are saying about them. One or two negative reviews is normal, but if you find pages and pages of complaints, stay away. If a storage company is making headlines because of lost or stolen data, choose someone else.
At least most of us SOHO users can comfort ourselves with the knowledge that we are just too insignificant for serious hackers to bother with. The payoff for stealing your PIN number is fairly small. The payoff for stealing millions of credit card numbers from a bank is a lot higher.
But don’t let that make you careless.