Review of my data backup plan: everyone should have one!

Everyone should have a data backup plan with built-in redundancy that anticipates human error and known risks. Those who do not, it seems to me, always eventually wind up losing data. I’ve lost important data over the years including legal and financial records and family digital photos so I feel like I’ve learned the hard way and so I take the issue seriously. The term “blended backup” refers to using both online and offline systems, perhaps using more than one vendor or operating system. I prefer this “belt and suspenders” approach especially if your business and livelihood depend on it. If I seem a bit obsessive on this issue it is for good reason. Oven the past 30 years of using digital data and technologies I’ve had more than a fair share of disasters. I was forced to take extra precautions and for the most part, saw an improvement in my experience over time. Natural disasters and human error seem to be the most difficult to plan for and so these risks continue to present a challenge.

Over the past year I’ve read some of the latest books published about these issues and follow news on the topic as it is reported online. I recently took an online course in disaster preparedness through Coursera and, through my work as a public utilities auditor, I’ve learned more about utility infrastructure issues and risks. I previously wrote a series of short articles and reviews for CPAs on data security standards in 2012 and 2013. These are my best collective thoughts in summary form.

Known risks include:

1) Extended power outage – plan for use of batteries and locally generated power

2) Loss of Internet connectivity – have enough data locally to be effective. Choose software that syncs data locally and online.

3) Damage, break-downs or loss of equipment – be able to pick up any machine and be working within a short time. Be aware of issues that increase risk of hard drive and flash memory failure.

4) Natural disaster: fire, flood, earthquake, radiation exposure – use battery backups voltage spike protection at each location, portable battery chargers, store extra cables,  and appropriate storage systems.

5) Security issues: hacking, government surveillance, cyber-terrorism – use the best software and keep it up to date. Use two-step encryption whenever possible.

6) Human error, especially under stress conditions – rely on redundancy especially when working outside of normal conditions.

7) My incapacity – Make sure that other key people know how to access critical information and a letter of instruction in event of my incapacity. This includes access to online and offline safes/lockers. Integrate data protection into other emergency procedures and planning.

A backup plan should presume that Murphy’s Law will rule. If it can go wrong, it will. Things will go wrong at the worst time when you are most vulnerable. Failures will include things that you did not even know could go wrong. One of the most important lessons I’ve learned is that data loss comes when a “perfect storm” of life’s risks sneak up on you while you are still unaware of them. For example, my last data disaster came during hurricane Sandy: not directly because of the storm but because I was so mentally fatigued working 16+ hour days during recovery that I made mental errors and lost data.

In light of recent concerns raised about government decoding of virtually every commercial encryption method, we may now need to consider security issues more than in the past. There is no doubt that cyber security is our #1 national vulnerability on a big picture basis. Yet I’ve separately decided that I am not individually concerned with this issue. If I rely on the best commercial security tools offered by world-class companies like Microsoft, Apple and Google, that’s the best we can be expected to do. My web sites include a statement that my security procedures meet or exceed industry standards. My responsibility is to remain vigilant and keep up-to-date with the security measures offered these firms. this mostly means doing automatic updates of all installed software. Beyond this, if some government or terrorist or hacker can defeat those, it is beyond my capability to stop it. In contrast, I still have clients who will not use online banking, online accounting or online backup systems for this reason. (I point out that the risks of the online system are far less than the data risks they assume offline and in other procedures).

The #2 risk is more frequent failure of utilities due to increased frequency of natural disasters. The storms of our future will exceed anything we have seen in the past. We expect to be without power and Internet more often in the years ahead despite all the measures taken by industry and government to improve reliability.

For the past few years I’ve used this system:

Windows SkyDrive (soon to be renamed OneDrive) extensively for routine documents especially since I work mostly in a Windows Office environment, Folders on your hard drive can be synced online.

I use Google drive and Icloud to a much lesser extent and feel that they are pretty much the same quality as SkyDrive. Some people might argue that these three are the only data backup systems necessary today.

Acronis True Image backup software is used for hard drive backup, From what I hear and read, this is one of the best for small businesses like mine. Microcenter people highly recommended it a few years ago after I had trouble with other backup systems (Windows backup and another commercial software). The big advantage is that it allows true mirror image creation. I backup to two hard drives. I use both an internal and external drive. The external drive is kept in remote location in a waterproof and fireproof safe. I forget the cost of this software, but it is not cheap to keep up with the frequent updates. The other down side is that it is a bit overly complicated. Acronis offers online backup. I tried it but felt it was slowing down my PC when run on top of Carbonite.

Carbonite for online backup. Works seamlessly and flawlessly. Cost is $60 per year. I’ve had to use it many times over the years and it has always been perfect. When the subscription came up for renewal, I decided to do this investigation to see it there is a better approach for 2014. I notices that Carbonite offers the same hard backup software as Acronis.

I stopped using “Back in a flash” that was a tool for recovery when windows crashed. It uses a Linux system built right onto the flash drive. I liked it, but was just too much manual effort to keep up with, Also, I vaguely recall that I was having some user problem with the tool. Maybe I’ll dig it out and try again.

My plan for 2014:
Upgrade to Acronis 2014 that includes 5G of online backup. Re-test this online backup for my relatively small amount of data that is not already duplicated on the cloud in other systems. If this is not satisfactory, renew the Carbonite account. For now I’ve uninstalled Carbonite to speed up my PC. Schedule time to review Back in a Flash or an alternate recovery system that anticipates the need for fast offline data during a complete disaster (extended regional power outage, no Internet and failure or loss of PC).

In the future, rely on a whole house generator, a whole house voltage protection system and different providers and methods of Internet and phone service (cable and dish, wire and wireless).


One response to “Review of my data backup plan: everyone should have one!”

  1. Coincidentally, today’s Wall Street Journal led with a story about Iran’s extensive hacking of US Navy computers and how this raises additional questions about security of data collected by the NSA.

Leave a Reply

Your email address will not be published. Required fields are marked *