Featured: Backing up encrypted data? You're probably doing it wrong.
|My most important book is still on sale! The Ask Leo! Guide To Staying Safe On The Internet - Expanded Edition is 25% off for a limited time. Yes, I consider it my most important book, because it covers what is perhaps the most important, and perpelexing, topic of all: keeping your computer, your data, and yourself safe on the internet. Grab your copy today!|
Your support helps! People often ask how they can support Ask Leo!. I've put together a page that lists all the ways I can think of. While your purchases and patronage (and your coffee) help tremendously, not everything involves money! Anything, and everything is deeply appreciated to help keep Ask Leo! going. Support Ask Leo!
I talk about encryption a lot. I talk about backing up even more.
Encryption is a critical component of keeping data safe and secure and out of the hands of those who shouldn't see it.
Backing up, of course, is our safety net for when things go wrong. A recent backup can save you from almost anything.
Unfortunately, I'd wager that most people are backing up their encrypted data improperly. The result is that they're not as protected by that backup as they might think they are.
The common approach
Let's assume you have some encrypted data. Specifically, that could be any of the following:
Naturally, that only skims the surface. There are many ways to encrypt data. For the purposes of this discussion, any of them will do.
The common approach is to back up the encrypted file. If “improtantdocuments.zip” has a password and is encrypted, then it's “improtantdocuments.zip” you're most likely to back up.
It's good you've backed up; don't get me wrong. That's much better than not backing up at all, of course.
But you're still at risk from threats your unencrypted data doesn't face.
When encryption goes bad
There are a couple of ways that encryption can “break”.
The most common is that you lose the password to the encrypted data. Perhaps you need the contents of an encrypted “.zip” file you created a decade ago, and have no clue as to its password. Without it, the data in that file is lost — as lost as if you simply deleted it on the day you created it. (This applies to public key encryption in cases where the private key is lost as well.)
Less common, and less expected, are disk- and file-damage-related problems — the very problems we think of using backups to protect ourselves from. For example, if the disk on which your backup “.zip” file is stored develops a bad sector anywhere within the file, it's possible the entire file will be unrecoverable. While some encryption algorithms are resilient to localized errors to minimize the damage done in cases like this, that's not true for all. Sometimes a tiny error in the wrong place can cause massive data loss if the files are encrypted.
Unencrypted files don't suffer from these issues. You'll never forget a password when there isn't one, and any file damage will be restricted to the single (or few) files within which a disk error happens to reside.
Therein lies our solution.
The better approach
Back up the data while it is unencrypted.
Expand the zip file, copy files out of the VeraCrypt volume, back up the contents of the mounted BoxCryptor volume — you get the idea. Decrypt the data, then back it up.
Depending on the scenario, this doesn't have to be hard. In the case of VeraCrypt and BoxCryptor-like tools, simply back up the contents of their mounted drives. In fact, if you're using whole-disk encryption, your backups will probably be unencrypted by default.
Of course, that means your backup now has secure data that is unencrypted. That requires one more step.
Now secure those backups some other way. The most common is to secure them physically — placing backup drives into locked drawers or safes or otherwise restricting physical access.
Another approach is to encrypt those backups using a different technique. For example, most image backup programs allow you to assign a password to the backups they create.
As an example, I take care to export my LastPass database in an unencrypted form, and then encrypt those backup copies using public key encryption. I also back up all the files I store encrypted in OneDrive, using Cryptomator to collect them into a zip file in unencrypted form and encrypting that using public key encryption.
By storing formerly encrypted files in their unencrypted form, we mitigate the possibility of encryption-related damage. Even if we choose to encrypt those files using a different technique, we've greatly reduced the risk of permanent damage by distributing the risk. It's significantly less likely that I would lose both my LastPass master password and my private key simultaneously, for example.
Back up, yes, but make sure you understand the ramifications and potential additional risks of backing up encrypted data. It may not be an issue for you, and that's great, but think about it now before it turns out that it has become one.
Related Links & Comments: How to Best Back Up Your Encrypted Data
I regularly hear concerns about using cloud storage — the biggest being that online files are at higher risk of compromise should your account or the storage be hacked. There are also concerns that your storage provider could be required to hand over your files to law enforcement agencies under certain circumstances.
Those are all valid concerns.
Cryptomator is a free encryption solution that addresses them.
Continue Reading: Cryptomator: Encryption for Your Cloud Storage
Shutting down Windows properly before turning off the power to your computer is important.
Not doing so can result in data loss and corruption as files are left only partially written to disk. But just turning off the switch is unlikely to actually harm your hardware.
Surprisingly, a household or other area-wide power outage turns out to be a completely different, riskier issue.
Continue Reading: If Shutting Down Windows Cleanly Is So Important, What Happens When the Power Just Goes Out?
A feature exclusively available to Ask Leo! Patrons Bronze level & above.
- Tip of the Day: Windows Remembers Size and Position (Mostly)
- Tip of The Day: Choose Command Prompt Over PowerShell
- Tip of the Day: Configure an Email Program (Even if You Don't Use One)
- Tip of the Day: Run CHKDSK Periodically
- Tip of the Day: Damage Assessment Can't be Relied On
- Tip of the Day: Pause Cloud Sync
- Tip of the Day: Get a PIN Before You Go
More Ask Leo!
Leo's Other Projects....HeroicStories Since 1999, HeroicStories brings diverse, international voices to the world ' reminding us that people are good, that individuals and individual action matter. Stories - new and old - are published twice a week.
Not All News Is Bad - Each day I look for one story in the current news of the day with a positive bent. Just one. And I share it.
leo.notenboom.org - My personal blog. Part writing exercise, part ranting platform, it's where I write about anything and everything and nothing at all.
Help Ask Leo! Just forward this message, in its entirety (but without your unsubscribe link below) to your friends. Or, just point them at https://newsletter.askleo.com for their own FREE subscription!
Newsletter contents Copyright © 2018,
Leo A. Notenboom & Puget Sound Software, LLC.
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC