Before leaving London for a 6 month break I sold my desktop and replaced it with a MacBookPro. The MBP has become my main computer and because I'm traveling, I had to review the whole backup routine… The likelihood of having it stolen or lost on the beach is quite high (compared to having my flat broken into for instance).
After trying a few things I came up with this: I sorted out my data into two groups, sensitive data and mobile data.
Sensitive data
Stuff you really don’t want someone to steal from you.
That includes budget spreadsheets, bank statements, receipts, health documents…
- Store on local drive
- Encrypt with TrueCrypt (Windows) or Filevault (MacOs). You can forget the Filevault password, the only purpose of encrypting the data on the local drive is to prevent it from being accessed by someone who steals the laptop.
- Back-up manually to external HD with hardware encryption (such as My Passport which comes with a built-in backup software WDSmartware).
This external HD should always stay in the room, or in the hotel safe. If the main laptop gets stolen or crashes, this is the first line of defense. Of course the HD itself could be stolen that’s why data should be encrypted with a password that you remember. - Backup off-site automatically with a service that allows local encryption (such as Mozy)
Local encryption technology exists so there is no point taking the risk of trusting the cloud storage provider to encrypt the really sensitive data for you. Just don’t forget the password.
Stuff you need with you all the time, files used often and on-the-go that are less sensitive: photos, travel itineraries, hotel bookings, flight tickets, travel insurance certificate, passport scans, ebooks.
- Must be quickly synchronised across devices (iPhone, iPad, PC, MacBook, web). Dropbox is good for that. iCloud not so much...
- Encrypt the offline cache with OS encryption. Encrypt the Dropbox folder with TrueCrypt/FileVault so that the files stored offline cannot be accessed if the laptop gets stolen.
Notes:
Why use TrueCrypt for sensitive data under Windows and not EFS?
The backup systems I tried (WDSmartware and Windows8 File History) don't know how to save EFS-encrypted files. Mozy knows how to save EFS-encrypted files. But when it restores them, they're still encrypted with EFS. So if you lose your laptop and don't have the EFS keyfiles, you lose your data. I find EFS a bit cumbersome because if you're serious about testing it, you have to do a restore to a totally different system to make sure that you're able to decrypt the EFS files, save the keyfiles to USB drives, blah blah blah. I know I’ll just get it wrong so I prefer using TrueCrypt.
Don't use Mozy to save data stored on the external HD
Mozy is really bad at saving data located on a removable drive (such as an external HD). Mozy starts automatically. If the drive is not connected at the time when Mozy starts, Mozy thinks the files were deleted from the machine and it marks them as deleted from the server, which is a bit rough.
No comments:
Post a Comment