Site icon The Mac Security Blog

Get Organized: How to Store and Archive Backups Securely

We talk a lot about backups here, because it’s so important to make sure that you don’t lose your data. Not only should you always back up your files, but you need to store and archive these backups securely. You need to think about where you store the drives, and whether they are protected from theft or disaster.

In a recent article, I discussed four types of hard drives you can use to back up your files. Today I’ll discuss how you can manage these backups, in full security. Below are 9 tips for keeping your backups organized and secure. You may not want or need to use them all, but if you use several of these tips, you can ensure that your data is safe.

  1. While it has nothing to do with backups, you should always use FileVault on your Mac’s internal drive. This ensures that the originals of your files are encrypted, so no one can access them without your password. Make sure you use a strong password, and your data will be protected.
  2. You can also encrypt your backup drives. This is a simple process; so simple, you can even do it in the Finder. Just right-click on one of your drives and choose Encrypt “DriveName.” For some reason, however, not all drives can be encrypted from the Finder. I recently bought three new hard drives, and I could only encrypt one from the Finder. It’s best to encrypt your drives when formatting them; it’s also a lot faster than doing so when they’re full of data. To do this, launch Disk Utility (it’s in the Utilities folder in your Applications folder), select a drive, then choose Erase. In the Format menu, choose MacOS Extended (Journaled, Encrypted). You’ll be prompted to enter a password and confirm it. Make sure to save that password to your keychain, and enter a hint. Without the password, you won’t be able to access your data.
  3. If you have only a handful of sensitive files to store, or if you want to securely store files on a device that’s not yours, you can make an encrypted disk image. You use Disk Utility for this, and the process is simple. You can then copy this disk image to any device or computer, and its encryption will be intact. Even if the rest of the drive is not encrypted, the disk image will be protected.
  4. You may store some of your files in the cloud, and that’s a good thing; it keeps another copy of your files in a second location. But are the files encrypted? Apple says that iCloud is encrypted, and Dropbox encrypts files as well. But be wary of other services that hold copies of your files; they may not be secure. Remember that encrypted disk image above? You can use one or more such disk images to store your files. Ever if your cloud provider or server doesn’t encrypt files—or if you don’t trust their encryption—they’ll be safe in the disk image.
  5. We’ve often talked here about having multiple backups, and in my recent article about four types of hard drives you can use to back up your files, I mentioned some small, portable hard drives you can use. These are great for off-site backups; you can take one of these drives to a location other than your home or office, so if there is a disaster in your main site, you’ll still have a copy of your files. You could put these backups at your office, or at a friend’s house, if they’re your personal files. If they’re your business files, put them at another business location, or even in a safe deposit box. In fact, individuals would do well to keep their most important digital documents in a safe deposit box, just as they keep important paper documents there. You may not have that many files; even a USB stick will do. Think of changing the off-site backup regularly; once a month, or perhaps once a week. It’s best to have two sets of drives, and swap them from on-site to off-site.
  6. If off-site backups are problematic, a good solution is to get a safe. You can get a small fireproof safe for less than $200. They’re heavy enough that they aren’t that easy to carry, and you can bolt them to the floor or to a shelf. Most safes at this price can endure one hour in a fire, and are water resistant. Put it in your garage, or your basement, or another location in your home. Unless you have a total disaster, you’ll still be able to get access to your backups. (And you may want to use the safe to store other valuables.)
  7. Change your drives every few years. As I said in my article about four types of hard drives you can use to back up your files, hard drives don’t last forever. When drives get three years old, their failure rate increases. Think of replacing your drives at around the three-year point. You’ll get more capacity for the same price, or less, and you’ll have never devices.
  8. Even if you get new drives, you should still check your backup drives regularly with disk software, such as Apple’s Disk Utility, or Alsoft’s DiskWarrior (NOTE: As of DiskWarrior 5.2, it does not support APFS formatted drives, but it works with external HFS+ drives). Regularly checking your drives helps you find errors before it’s too late.
  9. Use backup redundancy. The 3-2-1 backup plan is a great way to make sure your data is safely backed up. This involves having three copies of your data, with two on different local drives, and one off site. You may want to augment this with an online backup, at least for your most important files. You could copy the encrypted disk image I mentioned earlier to your iCloud Drive, to Dropbox, and to another server, to ensure that no matter what happens, you’ll always be able to get copies of your essential files.

When you see all this, you may think that keeping your backups safe can be a hassle, but once you get into a routine, it’s simple. While you need daily backups, or even hourly backups with Time Machine, you’ll find that weekly backups are good enough for much of your data, and if you set aside a little time at the end of every week to make the backups and rotate them, you won’t have to worry about losing files.

Share this: