My data management plan

It seems that my small business clients face a perfect storm of unimaginable and varied types of losses on a regular basis. I’ve personally suffered floods, thefts, head injury with amnesia, extended power outages, problems with fluctuating voltages, many hard disk failures, two unexplained SSD drive failures, Microsoft unannounced account cancellation, hacking attacks, human error, etc. that have all threatened my data over the years. Part of this risk is directly related to my rural location. Other risks appears to be random but at a higher rate than would normally be expected in a random environment. As a result, I try to consider every possible threat to my digital data.

The current setup

I am a one-person business with one primary notebook PC running Windows 10 with built-in security features at default settings including “Find my Device”. I use a power conditioner to minimize voltage fluctuations. Data is duplicated offsite on OneDrive. Data is occasionally manually saved to a Google drive as a second offline storage.

I’ve stored a Windows 10 System Image on several separate USB drives. One travels with me for ‘on-the-road’ recovery from hard disk disk issues. Other copies are stored two waterproof/fireproof safes is two different locations.

I use Eset SmartSuite with default scanning settings for common PC security measures.

I use other devices (smartphone, tablets, PCs at other locations) to access the files on OneDrive through various programs and apps. I keep a second notebook PC and several desktop PCs as an up-to-date spares but use them rarely.

Internet access is through two of primary providers in my region: Comcast and Verizon Wireless. When one goes out, the other is typically working.

I use LastPass to set, store and occasionally replace passwords for all programs as well as access to the remote storage drive. All passwords are distinct for each account, randomly generated with 8 to 12 characters. I manually download, print and store a copy of the LastPass vault data annually in two fireproof/waterproof  safes.

Only my spouse and executor have access to one of the safes. Nobody but me has access to the other safe but access instructions are included in the first safe.

The built-in Windows 10 File History program running in the background on automatic default settings is the primary system used to make ongoing backup copies of all current and historical data files. It appears to be working flawlessly but it will only work with a physically attached expansion drive on the primary PC. File History won’t run using cloud-based storage. File History consumes a lot of storage (>1 TB) .

I have two gasoline-powered electric generators in two different locations that are tested occasionally. Gasoline is stored and refreshed regularly.

Retired hard drives are either stored in a safe or physically destroyed with a hammer before disposal.

The current problem

I’ve run out of space on my 1TB USB drive attached to a USB 2.0 hub due to the demands of the File History program. I could erase and write over the older files but I don’t want to ‘just in case’.

The proposed solution

I plan to purchase a 4TB with an upgraded 3.0 hub for about $150. I see no benefit of a NAS drive with only one PC.

The older 1 TB USB drive will be retired and kept in a fireproof safe.

I still see no added benefit of using Acronic Backup (that I’ve purchased but abandoned) or Carbonite (which I loved and was flawless but don’t use anymore).

Known weaknesses

1. My system is only as good as the security of Microsoft, Google, Eset and LastPass corporations.
2. My data access is dependent on being able to access my LastPass account password OR one of my physical safes.
3. My data access is dependent on being able to access electricity AND either: a) have internet access, OR b) have physical access to a hard drive. (I am working on adding a solar power generation and storage system for 2016 or 2017).
4. Internet access is dependent on Verizon Wireless and Comcast cable. If both Verizon Wireless AND Comcast are out of service at the same time then I have no Internet access at my current locations.
5. Only one physical drive has the most current data. If I lose access to the online data AND the physical drive then I will lose several weeks or months of current data.
6. This plan does not consider online data transfer security issues that I consider to be a separate topic. I do offer a secure portal but will also utilize non-secure transmissions at a client’s request.
7. I am aware that simply by positing this level of information online I increase some risks but I also know that constructive criticism on the data management plan by others is a good bit more valuable and outweighs the risk.

Can anyone comment if you see any other weakness in my data storage and backup plan?