Resources for the global digital safety training community.
While anti-virus, firewalls, encryption, and all the various steps we take to ensure the safety of our data are valuable and fantastic ideas, it’s still not a question of if you are going to lose data, but rather a question of when. There are simply too many variables at play that could cause things to go wrong.
Preparing for “the worst” is just as important as defending against it; that is to say, you need to have a data backup policy as part of your own security plan. But what might a backup policy look like? What are its dimensions?
The first step to crafting an effective a backup policy is getting a sense of what data you have, and where it is. The Data Backup Matrix Activity & Discussion is one way of doing this; however, another way would be by making a list of the different kinds of data you maintain and where you store each kind.
Essentially, a backup means having your information stored in at least two locations. Elicit or share some of the ways that different kinds of (digital and physical) information can be backed up:
Where should we back up our digital documents? Elicit the possibilities, which should have already been covered in the Activity & Discussion:
The topic of cloud-based storage solutions may very well arise during this session, which can kick off a discussion about the security of sensitive information on the cloud. Given both the popularity and array of options available for cloud storage services, this discussion on the advantages and disadvantages has been included as a separate step.
Emphasise the need to have a physical distance between the devices storing master copies and backups of files. You may elicit examples for this, such as if there’s a fire, natural disaster, office raid, etc.
If backing up to the cloud is your only backup, are you confident you will always have internet access available in case you need to access that backup? (e.g., If you don’t have internet access, you don’t have a backup.)
Almost inevitably, you will be asked what your recommendation is for cloud service providers. You can use this opportunity to discuss topics such as the concerning security architecture of DropBox, whether or not users trust Google services with their data, and others. In addition, the following recommendations have come from other trainers and security advisors, and may be of use when considering how to go about this discussion yourself:**
ownCloud is an open source option that participants, and particularly their organizations, can use, which is very similar to Dropbox and has more functionalities such as shared calendars, contacts, bookmarks, and more.
SpiderOad is, among the corporate cloud services available, one of the few that meets a comparitively higher standard of “zero-knowledge” and access to user data.
CrashPlan allows users to create store encrypted backups on trusted contacts’ devices or in the cloud, including CrashPlan’s servers if they so choose. It can be a powerful option for users who do not trust, or cannot afford, paid cloud services but want to have backups stored offsite in case of raids or other threats to their home or office.
It also allows users to use trusted human networks for off-site backups - it’s important to mention here that users should consider their trust in other users (as they would with a cloud service provider) when considering this option.
When or how often one should backup their data depends on a number of personal and organisational dynamics; however, a good question to kick off this conversation and guide the decision-making process is:
It’s also worth mentioning that some types of data may need to be backed up more frequently than others. Considering a layered approach could be useful, wherein all of your data is regularly backed up on a recurring basis, with more frequent backups taking place for certain more important or sensitive kinds of information in between the larger, overall backups.
This is also an opportunity to mention that while certain organizational structures, or individual activities, may require a more tailored approach to regular data backup, it can regardless be a good practice to backup your important data at least once per week.
There are four common backup types which are generally used in most backup programs and protocols. A type of backup actually defines how data is copied from source to destination, and lays the groundwork for a data repository model (or, how the backup is stored and structured on the chosen medium or storage location).
The starting point for all other types of backup, containing all the data in the selected folders and files. Because full backup stores all files and folders, frequently enacting full backups results in faster and simpler restore operations.
This backup type contains all files that have changed since the last Full Backup. The advantage of a differential backup is that it shortens restore time compared to a full backup or an incremental backup, as it works only with data that has been altered.
Stores all files that have changed since the last Full or Differential, or previous Incremental Backup. The advantage of an incremental backup is that it takes the least time to complete. This can also make historical versions of your data available - OSX’s Time Machine is an example of a popular Incremental Backup tool.
Identical to a full backup, with the exception that the files are not compressed in .zip files (as they might normally be) and they cannot be protected with a password. A mirror backup is most frequently used to create an exact, mirror-image copy of the source data.