Use Cold Backup Versioning to Protect Your Data from Viruses and Intruders

January 15, 2014 - Data Security

If you haven’t lost data then you will. That’s the nature of digital information. It likes to get corrupted or disappear for seemingly no good reason. Do you have regular backups? Will you be able to recover when that happens to you? Because it will.

Backing Up as a Security Strategy

Thief Image

Data loss isn’t just a result of accidents. It can be caused by malicious activity as well. I see it all the time in my line of work. Cyber criminals get the giggles when they see how they’ve screwed up your life. It’s what they do.

So lets look at some ways that data loss can occur as a result of malicious activity. Use your imagination here. The crooks do.

Data corruption by malware

Viruses and other devious software like to mess with things. Sometimes this means deleting your files, sometimes it means corrupting them beyond repair.

Operating system corruption by malware

Some malware likes to target your operating system. That is, in most cases, Windows. Frequently they will corrupt the boot sector or some critical boot files and your computer will no longer start.

Ransomware infections

When ransomeware gets on your computer, it will encrypt all your files with unbreakable encryption and hold them for ransom. Once you pay the fee, it will (hopefully) decrypt your data and let you have it back. But if you have backups, you can give said malware the finger and laugh as you wipe it from your computer and start over.

Remote intruder access

Sometimes evil hackers will break into computers and do horrible things. At that point, all of your data is at their mercy to do with as they will.

Physical intruder access

Is everyone you let into your home trustworthy? What if you come home to find the repairman browsing your files or visiting malicious sites on your computer? Are your coworkers trustworthy?

Device theft

Laptops, flash drives, phones, and every other type of digital device are stolen all the time. Would you lose your data for good if one of your devices suddenly went missing?

What is Cold Backup Versioning?

“Cold backup versioning” is just a concatenated term I use to describe two separate backup strategies: cold backups and backup versioning.

Cold backups

A cold backup is a backup that’s not attached to your computer. Think of the thumb drive or external hard drive that you back up your files to. If you were to unplug the drive after you’re finished backing up, that drive becomes a cold backup. The drawback, of course, is the inconvenience of needing to connect the drive every time you back up. Cold backups are good for several reasons:

  1. They are immune to power surges or other electrical anomalies
  2. They prevent accidental deletion of your backups
  3. They prevent modification or deletion by viruses and intruders

Backup versioning

Backup versioning is the practice of keeping several versions worth of your backed up files. So if you make a change to a file, you keep the old version and the new version. This can lead to having dozens or hundreds of versions of any single file. That can make things a bit difficult to manage if you don’t have a system in place, but the result is well worth it. Backup versioning has several strengths:

  1. The ability to recover an older version in case of accidental change
  2. The ability to see a file’s history
  3. If a file has been attacked by a virus, you can go back to a version before the infection occurred

Methods for Cold Backup Versioning

So how do we put this stuff into practice? It all seems very inconvenient. Well here are my favorite security-minded strategies that might work for you.

Method 1 – Online Backup Service

By far the most convenient method, but they do charge a monthly fee. These services monitor your files for changes then back them up to their servers online automatically, so you don’t have to remember.

I only consider this a “warm” backup solution because it’s never technically disconnected from your computer (though you can tell it to be). They do, however, provide protection from power anomalies on your computer and accidental deletions. But they also provide the security of full backup versioning, so if a file does get corrupted by a virus and uploaded to their servers, you can go back to a version before the corruption happened. I recommend one of the following services:

I like these companies because they are among those that provide the option for “Trust No One” (TNO) encryption. That means only you can see your data. Not even the company’s employees can view it. That’s a big plus for privacy. SpiderOak in particular uses TNO by default and you can’t turn it off.

Method 2 – Auto Backup to External Hard Drive

This method creates a local backup (as opposed to offsite) by automatically copying all your files to an external hard drive. Local backups are of course not protected against theft or disaster like they would be with an online service.

For local backups, I would not use a thumb drive. Reasons being: 1) you have more room on a hard drive for backup versioning, and 2) thumb drives tend to get lost and corrupted too easily.

  1. Plug in the external hard drive
  2. Run your backup software
  3. Unplug the drive’s USB and power connectors

The backup scheme will take some configuration to get set up, but once that’s done, it should be easy as pie. Of course, most backup software costs money but it’s only a one time purchase. The good ones will also give you the ability to encrypt your backups. That is highly recommended so that if the external drive is ever stolen or lost, your data is safe. Try one of these options:

I swear by Acronis’s products. I’ve never tried NovaBACKUP but it seems like a good solution. Both offer the ability to encrypt your backups.

Method 3 – Manual Backup to External Hard Drive

Again, do not use a thumb drive if you can help it. This method requires you to do manually what backup software does automatically. Here is one possible backup scheme:

  1. Plug in the external hard drive
  2. Create a folder on it with today’s date
  3. Copy all of your personal files into the folder
  4. Encrypt the backup files – see my AxCrypt tutorial for help with this
  5. Unplug the hard drive’s USB and power connectors

Do this maybe once a week. After a while you will have several folders with versions that go back as far as you want. I would just go until you’re almost out of hard drive space then start deleting the oldest versions first to make room. By that time you will probably have months or years worth of backups.

This method is easy to manage and simple to perform. The biggest drawback is that the files are not encrypted automatically. If your drive ever gets stolen or lost, your data goes with it. I highly recommend manually encrypting your backup as in step 4 above.

Now Stick To Your Backups

The vast majority of your backups will never be needed. You’ll go for months or years and think, Why am I doing this again? Here are some excuses I hear when people stop their backups. Believe me, I’ve heard them all.

  • I’ve never lost anything important
  • I haven’t ever needed my backup so I’ll change it to monthly instead of weekly
  • I need my external hard drive for something else for a while
  • I only missed a few weeks
  • My external hard drive died
  • I use a Mac so I’m safe… Yes, I’ve heard this one strangely enough

STICK TO YOUR BACKUPS. The one time you might need it in three years will be well worth the inconvenience. If you ever experience catastrophic data loss like I have, you’ll probably get paranoid about it like I am. Please don’t let that happen before you decide to get on the wagon.