My lunch Friday was with a professional who stores a lot of sensitive data on her office computers. She keeps her client’s names, investment transactions, social security numbers, and other sensitive data in unencrypted files while she does work for them and for archival purposes.
We talked about how she had to wear so many different hats because she was running her own office. Not only does she provide the professional advice her clients pay her for, she also has to be office quartermaster, bookkeeper, publicity agent, etc., etc., and IT manager. She said that her computer set up was very simple, and that triggered me to launch into my evangelical discussion on backing up computer data.
She agreed with me completely that back-ups were critical. She explained that she runs backups every week and makes two copies. One copy she keeps in her office on an external hard drive and she keeps another copy on a thumb drive which she puts in her handbag and keeps it with her wherever she goes.
She, like me, is worried about an office fire or an earthquake which would destroy backup disks kept in the office. Or, maybe the office would simply be inaccessible for a few weeks due to a structural problem triggered by the fire, earthquake, or even terrorism near her downtown location. In either case, she said, she wanted to have a copy of her data with her so she could set up shop at her house or another location if there was a physical problem with her office.
I tried to ask gently if she had considered backing up over the Internet. She had, she said, but was worried about how secure cloud backups were. She just didn’t know if information sent through the Internet could be kept private and if the people receiving the information on the other end could be trusted.
Mmmmm!… I couldn’t think of reasonable questions to ask her. I was more directive than Socratic. Here’s what I shared:
First, keeping a thumb drive full of easily readable information in a target for thieves — your handbag — is truly not a good practice! We’ve all heard news stories of some credit bureau employee’s laptop loaded with data being stolen from their car or from a coffee shop. Handbags are traditional targets of theft and sensitive information should not be routinely kept there.
Second, professional back-up software encrypts your files before they are shipped off to the backup center. What goes out to the Internet is unreadable digital gibberish. The data centers themselves are protected with best-practices security precautions.
Third, I cannot personally guarantee that all of your data will be 100% secure if you backup with one of the major backup services. I am not a security expert. I didn’t examine and test the services’ encryption techniques, nor am I qualified to evaluate the physical and technical security of the storage data centers. You’re not a security expert, either. But, the companies who hold themselves out to be expert in data security and backups are willing to risk the liability of saying that your data is safe. Two of them, Mozy and Carbonite, are industry standards for home and small business. Since you are not an IT security expert, I think you should rely on the industry-standard-setting companies’ security assurances.
Fourth, you want your backups to occur automatically and more frequently than weekly. Automatically because when you’re busy and changing a lot of data, you’re the most likely to forget to do the backup and you’re the most likely to resent the time you spend on the manual process. More frequently than weekly because you probably cannot afford to lose a week’s worth of work! Once again, Mozy’s and Carbonite’s products solve the problem. Each continuously examines your hard drive and backs up new and changed files.
After my diatribe, my friend said said she would go back to her office and sign up for a cloud back-up service that afternoon. I think I convinced her and she was really going to do it. Of course, she just might have been trying to get away from the crazed zealot she’d been dining with.