The 7 Habits of Highly Effective Computer Users

The recent headline news of the industrial-grade hacking suffered by Sony Pictures Entertainment (currently being blamed on North Korea) has data security on the minds of consumers and corporate executives alike. Some experts theorize that a minimal amount of second-level security could have prevented the embarrassing and costly hack that has brought Sony to its knees (both in terms of reputation and money).

Hard drives crash, theft occurs, natural disasters destroy delicate hardware, viruses infect, and thousands of files are sometimes inadvertently wiped out with a single keystroke or tap of a touchscreen. In the digital domain, we seem to be our own worst enemy. Procrastination, sloppiness, ignorance, or just a lousy attitude toward disaster prevention often conspire to wipe out our most precious digital memories.

HBK11Render (1)

The sad part of this equation is that it can all be prevented. Don’t blame the hard drive crash, because you should have had a backup. Don’t blame that flood or roof leak that damaged the spare bedroom where your computer was residing, because you should have had an offsite backup.

Don’t blame the fact that your data is scattered across several devices, because you should have centralized it. And don’t blame the hacker or the virus they gifted you, because you should have been running good, current anti-malware software.

And don’t ever blame the black hat hackers who guess your pathetically weak passwords and steal your identity or siphon your bank account, because you should have created strong passwords—and then changed them on a regular basis.

Yes, all of these very common, yet very painful, digital disasters can be avoided. The TME (time, money, effort) required to secure the digital side of your life isn’t trivial. However, it’s minor in comparison to the possible (and, over time, probable) consequences of mismanaging your valuable data.

Your precious photos, home videos, and school/work documents—and the delicate devices on which these ones and zeroes are captured, archived, viewed, and shared with others—can be secured more easily than you may think. And with a boatload less effort and trauma than if you suffer a digital disaster.

1) Centralize Your Data

Store your files on a single device. No, not your laptop. And no, not even your desktop. I highly recommend a dedicated network access storage device, also known as a NAS. They’re affordable ($100 to more than $1,000 if you want to get fancy), super easy to use, and make backups a snap.

Cost? A few bucks. Effort? Minimal. Simply unbox the NAS, plug it in, and all your wi-fi and Ethernet-connected devices should recognize it.

2) Backup Your Data

Backup software costs from free (build into Windows or Apple’s OS X desktop operating systems) to a few bucks (Second Copy is a great value at only $30). Remember the three golden rules of data backups: Backup on a regular basis (this depends on the rate at which you acquire new data or modify existing files), always make two backups, and always take one copy offsite. Offsite doesn’t mean your basement. Or your neighbor’s house. It also doesn’t mean the other side of the country. It means far enough away from your domicile (or office) that a flood, tornado, or hurricane won’t affect the offsite copy.

The majority of consumers never—as in never, ever—make a single backup of their data. Of those that do manage a backup now and again, they typically never make two and take one offsite. Aside from backing up in the first place, going offsite is the number one delinquency on the part of data owners and businesses alike.

3) Have a Good Firewall

Many devices on your network may provide a firewall. According to Wikipedia, a firewall is “a network security system that controls…incoming and outgoing network traffic based on an applied rule set. A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is assumed not to be secure and trusted.” Your internet router probably provides a firewall. Your computers may each provide individual firewalls. But don’t play a guessing game. Know which devices have active firewalls, their basic configuration, and learn if you can improve things by updating the rules by which your firewalls allow and deny incoming traffic.

4) Keep Anti-Virus Software Current

The “a virus ate my homework” horror stories have been pervasive enough for so many years that I perceive most people have anti-malware software installed on most of their computers. There’s no excuse for not having a current subscription going on all computers. Why all? Well, your computers are networked by this groovy wireless technology called wi-fi. A single unprotected PC in your home is a gateway for hackers to gain access to your network and all PCs on it.

And don’t give me the excuse that anti-virus software is too expensive. My favorite (and what I use on all of my Windows computers) is Webroot. I purchased a 3-PC, one-year license for $17 on Amazon. Data security doesn’t get any easier or cheaper than this.

5) Have Unique, Strong Passwords

There’s a reason I dedicated a full chapter to the topic of strong passwords in my book Understanding Personal Data Security. If the state of data backup in the United States sucks, then the quality of the average password is even worse. Consider this January 2014 blog post from Slate.com: “The good news is that ‘password’ is no longer the most-popular password on the Internet, according to the latest report from SplashData. The bad news is that it’s still the second-most common—and ‘123456’ is the first.”

Wow. We’re not doing a very good job of securing our online accounts, folks. In the effort of being terse (not my strong suit), let me sum it up, according to Stanford University’s Password Requirements Quick Guide: Longer passwords are better, but shorter passwords are permissible if they are complex. According to Stanford, this means:

  • 8-11 characters: requires mixed case letters, numbers, and symbols
  • 12-15 characters: requires mixed case letters and numbers
  • 16-19 characters: requires mixed case letters
  • 20+ characters: any characters you like

Those are the requirements. But unless you were one of those kids who was actually happy with a passing grade of a C-, Stanford recommends that passwords are a minimum of 16 characters. But how does one remember such a long password? Stanford recommends using passphrases, which are combinations of common words to create a truly unique and uncommon password. An example is “windowelephantpeachrocket.” This 25-character passphrase is considerably more difficult to crack than the most popular password, “123456,” which can be guessed in about one second by even a relatively inept hacker.

For more information (and a really cool infographic), see Stanford University’s Password Requirements Quick Guide.

6) Respect Your Hardware

Ever see people sitting on their bed with their laptop perched on a quilt or blanket? Completely blocking the air intakes, which typically reside on the bottom or sides of the unit? Overheating is one of the primary ways in which delicate electronics get flakey or die. Prevent overheating by positioning your laptop on a flat surface. For desktop units, ensure that intake ports remain unblocked. Airflow is key!

In fact, here’s a cool trick: Take your vacuum cleaner hose and routinely suck out the air intake and “exhaust” of your laptop and desktop computers (desktop units should actually be taken apart and more thoroughly sucked free of dust and pet hair, if possible). Dust and hair (from both humans and pets) forms a blanket on delicate silicon chips and circuits, insulating them and holding in their heat.

This simple trick can extend the life of your computers more than you’d imagine. Do it now!

7) Avoid Distractions

If you’re trying to get work done, avoid the distraction of too much multi-tasking by closing tabs in your browser or otherwise limiting the potential pestering of social media. That ding in Facebook, saying nothing more than one of your hundreds of friends has commented on a stranger’s post, is costing you productivity. For the duration of your work, seriously consider shutting down your email, Facebook, LinkedIn, Vine, Instagram, Ello, and however else you engage in social media. Your work, career, and boss will thank you.


Curt Robbins is author of the following books from Amazon Kindle:

You can follow him on Twitter at @CurtARobbins, read his AV-related blog posts at rAVe Publications, and view his photos on Flickr.

Advertisements

North Korean Cyber Terrorism: You’re Unprepared

It was revealed yesterday, in an announcement from the FBI, that North Korea was responsible for the recent cyber attack on Sony Pictures Entertainment.

The attack resulted in the public release of thousands of confidential (and embarrassing) email messages and documents involving Sony, its executives, popular celebrities, and many of the entertainment company’s business partners—among other misappropriations of intellectual property. This included various Sony films now freely available on pirate sites. According to Patrick Mahaffey, CEO of software consulting firm Room 5, the Sony hack “may have ushered in a new era of state sponsored terrorism against civilian targets.”

the_interview for linkedinThese acts have also caused the controversial cancellation of the release of Sony’s movie The Interview, the comedy drama that was the motivation for North Korea’s actions. In the movie, the characters portrayed by Seth Rogen and James Franco are enlisted by the American government to assassinate North Korean dictator Kim Jong-un. (Spoiler alert: At the end of the film, the two American spies complete their mission; there’s a viral video excerpt trending on social media if you’re curious.)

North Korea’s actions weren’t financially motivated, but rather purely political in nature. However, they were financially impacting. Kim Jung-un’s third world, impoverished totalitarian regime just cost an American subsidiary of a Japanese company $200-300 million in lost revenue—not to mention a severely tarnished reputation. To put this in perspective, Sony Pictures Entertainment, based in Culver City, California, reported $8 billion in revenue for fiscal year 2014.

On December 15, CNNMoney reported that parent company Sony’s stock had fallen 10 percent due to the incident. Then, on December 17, the FBI announced that it considered the hacking incident a national security threat. On December 19, the event elicited public statements from President Barack Obama, who said that Sony Pictures “made a mistake” in cancelling the release of the film and that the United States would respond to the attack “in a place and manner and time that we choose.”

According to Reuters: “‘North Korea’s ultimate goal in cyber strategy is to be able to attack national infrastructure of South Korea and the United States,’ said Kim Heung-kwang, a defector from the North who was a computer science professor and says he maintains links with the community in his home country.”

The general tone among Americans has been that Sony (and, by extension, Hollywood) spinelessly caved to the influence of a rogue dictator. Echoing the President’s comments, social media has been abuzz with anti-Sony sentiment, and even calls for boycotts.

I would argue that North Korea’s actions amount to a terrorist act on the part of a communist totalitarian nation, in the form of a cyber attack that, akin to an act of war, brought Japanese Sony, American-based Sony Pictures Entertainment, and American partners like Snapchat to their knees. I would also argue that this event can be—in the long run—good for us. Here’s why.

It’s easy to become too internally focused when you’re in one of the most technologically, culturally, and economically advanced nations in the world—and a shining example of democracy and progress, despite all of our internal bickering and ideological and religious contention.

the_interview_3_for_linkedinFortunately, we have organizations like the FBI, CIA, and the military’s various internal counter cyber-terrorism groups. Before you laugh and begin schooling me on how none of these organizations can be trusted (and bring up torture and waterboarding), remember “same team” (and 9/11, if you have a short memory).

This isn’t the time to be pointing out how the family dog crapped on the rug a few times. Rather, we should be thankful that Rover keeps the house safe from intruders and kills pesky rodents before they begin living in the garage or digging into that 50-lb bag of bird seed. It’s our bird seed, dammit, and Rover—rug pooping and all—helps protect it from thieves.

North Korea’s recent acts of cyber terrorism are a wake-up call not only to large corporations like Sony, but also to middle class Americans. Although I’m certainly not an expert on this topic, I don’t think it was a wake-up call to our government’s security agencies or the military. I believe they’re in the loop on this one.

Kim Jong-un for linkedinWe middle class consumers, however, are sloppy with our data and online accounts. Our passwords suck, most of us never backup our data, and asking us about our firewall is like inquiring about the pH balance of our lawn; we simply don’t know. And, all too often, we don’t give a damn. Again, we’re too busy dealing with social media, work headaches, and our kids to bother with the likes of password strength and data backups. As Americans, we’re pinnacle procrastinators. Watching The Voice or True Detectives is more important to us than personal data security. We prove it every day.

The revelation of North Korea’s cyber attack on Sony Pictures proves that we’re much more vulnerable than we think. If a black hat hacker anywhere, foreign or domestic, wants to steal your identity, copy or corrupt your data, or blackmail or embarrass you, even a moderately talented cyber thief can do so with relative ease. The reason it hasn’t happened to you is because you haven’t been targeted. At least, not that you’re aware.

According to Daniel Solove, a research professor of law at George Washington University Law School, “All of our personal data is at significant risk. At home or at work, your personal data is at risk. Whether in the cloud, or on your computer, or in an email, your data is at risk. The internet wasn’t built for security; it is a very risky zone, like wandering a minefield.”

Computer and networking technology, along with the common skills of hackers, have evolved to the point that, regardless of motive, these cyber bad guys can swoop in, steal or corrupt your data, and leave almost no trace. You may have been hacked and have no idea. The IT departments of major retailers like Target, Home Depot, and Neiman Marcus have been hacked and suffered the theft of point-of-sale data for tens of millions of customers. And, in some cases, they barely learned that it happened. If $100 million IT departments are vulnerable, what do you think can happen to you and me?

the_interview_2_for_linkedinThe reason most of us haven’t had our data or personal home networks compromised is simply because we’re not big targets—not because our data or networks are secure. If a frustrated, psychotic co-worker, spurned lover, mean ex-husband, angry neighbor, or pissed-off friend really focused on messing with your data, they could do so with relative ease. It just might involve hiring a savvy teenage nerd to make it happen. Don’t assume, because a person doesn’t possess computer skills, that they can’t be responsible for a data attack on you and your family.

Statistics from a variety of sources indicate that the majority of Americans never (as in never) backup their data. Surveys and metrics also indicate that our passwords—even for things like bank and investment accounts—are pathetically weak. Do you have any “password1234” passwords in your collection? How about a derivation of your name (or your pet’s name)? Do you use the same password, or a slight variation, on all of your accounts? I know; it makes them easier to remember. It also makes you extremely vulnerable to hacking.

There’s plenty of books and resources available to help you improve your data security. I won’t push my book, because the point is simply to get you to improve your personal data security, not necessarily buy something from me. But do something.

james franco for blogCyber terrorism and hacking activities, from governments, large corporations, and individuals, are only going to increase. We’re all susceptible, from Sony Pictures to your next door neighbor. However, there are many things you can do to help prevent digital disaster that results in identity theft, public embarrassment, and financial loss.

Learn about what you can do. Make a plan. Execute it. Maintain your efforts. Be diligent.

Take it seriously.

Did you, or one of your friends, ever run a car out of gas? Wasn’t there a feeling of incredible stupidity and regret? Wasn’t there a realization that a brief stop at a local gas station could have been made oh-so-easily, preventing the embarrassment and expense of your negligence and oversight?

Well, get ready. Because the Sony Pictures hack by North Korea is only the beginning. Organizations and individuals that aren’t prepared will, sooner or later, suffer.

Try not to be one of them.

curtsig2 - trans
Curt Robbins


Curt Robbins is author of the following books from Amazon Kindle:

You can follow him on Twitter at @CurtRobbins, read his AV-related blog posts at rAVe Publications, and view his photos on Flickr.

Understanding Password Vaulting

securityIn my continuing series of excerpts from my new book Understanding Personal Data Security, I’m covering password generators and password vaulting. In the previous post, Password Basics, you learned that not only should you have a completely different password for each of your online accounts, but that you also should change those passwords on a regular basis (every six months, actually).

Nobody does this. And it’s understandable why. Most of us have a dozen or more online accounts—from Facebook and LinkedIn to our office workstation, bank accounts, email, and Dropbox. How can one possibly maintain strong passwords that are necessarily complex (and, therefore, difficult to remember) for each and every online account? And then change them every six months? If this is what’s necessary to properly protect our data, accounts, and identity from malicious hackers, how can we achieve such a daunting, impractical goal?

The answer lies in password vaulting. Apps that perform this function are also known as password managers. I’ve thrown in a section on password generators to help ensure that you’re vaulting a strong, difficult-to-crack password in the first place.

curtsig2 - trans
Curt Robbins


Password Generators

Password generators are websites, applications, or mobile apps that help you create strong and randomly generated passwords. Good password generators follow all the rules of strong passwords, including length, sophistication/complexity, and uniqueness.

Examples of good password generators include Norton Identity Safe Password Generator, random.org, the Strong Password Generator, PC Tools Password Generator, Sticky Password, and the Free Password Generator.

The password generator at random.org, when instructed to create a strong password of 20 characters in length, produced “KAm3S6DFSwra2w4z8mVt.” Note that this password contains no recognizable words or number segments (such as “sandwich” or “78910”). The problem with this password? It’s difficult to remember. This is where a password vault app that remembers for you is an indispensable tool.

vault-960

If you have to choose between a difficult-to-crack password and one that’s easy to remember, always choose the strong password and leverage either your memory or a software tool to help you. A password that’s easy to remember but cracked with little effort is basically worthless. Let me say that again: Basically worthless.

Password/Passphrase Vaulting

Password vaulting is the practice of storing many different passwords or passphrases behind a single, strong “master password,” typically via a software application (sometimes called a password manager). This is good practice because it’s a security compromise to use either the same password—regardless of its strength—on multiple accounts or to write them down on physical paper.

Consider installing such a password vault app on your smartphone, because this is the device you will typically have with you at all times. Some password management software and services offer cloud-based syncing across multiple devices, meaning you can access your passwords from any device, including a laptop or tablet. However, this also potentially compromises your security because your passwords are being stored in the cloud (personally, this makes me nervous and is something I don’t do).

fire damage for blog

With a password vault, you need remember only a single strong password to access all of your others. By not having to worry about your ability to remember all of these complex passwords, you can create much stronger and completely unique passwords for all of your accounts. Many security experts would say this is the only practical way to ensure strong passwords on all of your online accounts—especially those that you update religiously every six months and that are truly complex.

Recommended password vaulting apps include LastPass (free or premium accounts available for all platforms), Password Genie ($15/year for desktop computers, mobile apps available), Dashlane (well-reviewed, with both free and $30/year premium editions), RoboForm (which offers both password management and form filling functions for $10/year), KeePass (freeware), DirectPass (from Trend Micro, free for up to five passwords, $15/year for unlimited), Sticky Password ($12/year), and Norton Identity Safe (warns of weak passwords and is free).

Your Password Challenge

Your challenge is creating and using passwords and passphrases that are easy for you to remember (or easy to access, such as with vaulting) while being very long or complex and difficult to crack. The use of password vault software obviously negates the need to remember passwords.

However, not all passwords need to be easy to remember. For example, your home wi-fi network password can be very difficult and long, because you input it only once, for the most part. A workstation login ID and password you type into your computer at work a dozen or more times per day, on the other hand, needs to be easy to remember and practical to type in at a moment’s notice (like with your boss hovering over your shoulder asking for data). These are very different types of passwords in terms of your need to memorize them and the frequency with which they are input.

Stanford University Password Rules

Stanford University in 2014 revised its password rules, encouraging students, staff, and faculty to utilize passphrases, not passwords. I’m a big fan of the Stanford password rules. They’re a great compromise between practicality (your ability to actually remember the password) and effectiveness (how well the password/passphrase keeps out hackers). If everyone simply followed these rules, their data and accounts would be much more secure.

stanford-password-policy-640x2000

In a nutshell, Stanford relaxes the strictness requirements of passwords/passphrases as they increase in length. For example, shorter passwords (eight to 15 characters) must include a mix of letters, numbers, and punctuation symbols. Passwords longer than 20 characters, however, feature no restrictions (they don’t require the use of mixed case, numbers, or symbols) because their length alone gives them the strength they need. Stanford’s standards are listed below.

  • 8-11 characters: Mixed case letters, numbers, and symbols
  • 12-15 characters: Mixed case letters and numbers
  • 16-19 characters: Mixed case letters
  • 20+ characters: No restrictions

According to tech site Ars Technica, “By allowing extremely long passcodes and relaxing character complexity requirements as length increases, the new standards may make it easier to choose passwords that resist the most common types of cracking attacks.”


Curt Robbins is author of the following books from Amazon Kindle:

You can follow him on Twitter at @CurtARobbins, read his AV-related blog posts at rAVe Publications, and view his photos on Flickr.

Personal Data Security: Password Basics

securityThis post is an excerpt from my new book Understanding Personal Data Security, which covers centralized data, backups, strong passwords, and malware protection. The following is from Chapter 4: Passwords.

Also check out the previous posts in this series, including Personal Data Security: Backups, 3-2-1 Backup Rule: Get Offsite, and Personal Data Security: NAS.

curtsig2 - trans
Curt Robbins


Basic Password Rules

There are some basic rules that will help prevent hackers from stealing your passwords, gaining access to your online accounts, or stealing your identity. While following these rules doesn’t guarantee that your accounts won’t be compromised, it vastly improves the resiliency of your online accounts and protects you about as much as possible.

You’re creating what is known as a “strong password,” meaning it has a mix of letters (both lower and upper case), numbers, and symbols and is of a minimum length.

  • Make a Strong Password: Use a minimum of 16 characters that are a mix of upper and lower case letters, numbers, and symbols. Don’t use easy-to-guess phrases, such as “iloveyou” or “MaryHadALittleLamb.” While “MaryHadALittleLamb” has both upper and lower case letters and is of appropriate length, it lacks numbers and symbols. Also, hackers look for common phrases, using dictionaries and even terabytes of Wikipedia and Bible content as a “check against” list. Guess it’s time to change that “yabbadabbado123” password.
  • Change Your Password Frequently: You should change your password/passphrase every six months. This is the rule few people follow (simply because it’s a hassle), especially if all of your online accounts feature unique passwords. Nobody ever said protecting your accounts and data was a total cakewalk.
  • Use a Unique Password on Each Account: Nobody likes this because it’s such a pain (especially when you should change all passwords with such frequency). This is where password vault software comes in handy. In 2014, nearly no one has only one or two online accounts. A dozen or more accounts is not uncommon. As you’ll learn below, password vault apps that store all of your passwords in a single password-protected program or app are a solid strategy for keeping several long, strong passwords at your fingertips.
  • Tell Nobody: This means nobody. Putting effort into creating strong passwords that are difficult to crack and then simply giving them away to a friend or co-worker is stupid. Even if your friend/family member has no malicious intent, they can easily get sloppy and expose your password to others (like by writing it on a sticky note and slapping it on their computer monitor!). There’s no reason for anyone else to know your passwords. It’s simply antithetical to the cause!

Even if a hacker doesn’t get your password from you or your devices, the bad guys can compromise a password database held by a service provider (your bank, email service, large retailers like Target or Amazon, social media like Facebook or LinkedIn, etc.). Once the hacker has gotten into the password database (often by breaking its encryption), they then have to guess the passwords. Something like “P@ssw0rd1” will be guessed in mere seconds. Regardless of the quality of your home or office firewall or the security of the individual devices you use to access your accounts, the password itself must stand up to the most robust cracking attempts that will most likely be perpetrated on the organization with which you have an account.

Strong Passwords

You have already learned that the strength of your passwords is determined by their length, complexity, and lack of predictability (why you don’t want “maryhadalittlelamb” or “ILoveNY”).

The password “Tr0ub4dor&3” seems like a relatively strong password on the surface. Although it’s too short (only 11 characters), it features both lower and upper case letters, numbers, and a symbol. However, a hacker with a computer capable of producing 1,000 guesses per second (an old computer can do this) will require only three days to guess this password. Compare this to “correcthorsebatterystaple,” a passphrase that requires 550 years to crack (at the same rate of 1,000 guesses per second). And this passphrase doesn’t even include upper case letters, numbers, or symbols! By adding these elements, you would have a passphrase that, for all practical purposes, is nearly impossible to crack (unless it’s the NSA trying to get it) and relatively easy to remember.

Longer, more complex passphrases are also more difficult for others to steal through simple observation. Sometimes, passwords are nefariously obtained by the act of observing the owner type them. Short, simple passwords and passphrases can be learned by watching the owner input them only once or maybe a few times. If someone really wants your password, they may even use a wi-fi-based webcam or security camera to record your keystrokes! Don’t underestimate the lengths to which a hacker or enemy will go to steal your information, identity, or money.

One of the best ways to understand strong passwords is to consider weak examples. Weak passwords include those that:

  • are shorter than 16 characters
  • include personal details such as your name or the name of a family member, a pet’s name, your street or address, your birthday, etc.
  • include complete words or sequential number strings (like “qwerty” and “12345678”)
  • lack a mix of upper and lower case letters
  • lack numbers
  • lack symbols

Curt Robbins is author of the following books from Amazon Kindle:

You can follow him on Twitter at @CurtRobbins, read his AV-related blog posts at rAVe Publications, and view his photos on Flickr.

Personal Data Security: Backups

Today’s blog post is an excerpt from my book Understanding Personal Data Security. It’s straightforward and a very quick read. It covers four areas of personal data security: Centralized data, backups, passwords, and viruses/malware. Below, you’ll find a section from Chapter 3: Backups.HBK11Render (1)

Future blog posts will provide excerpts from the other core chapters of the book, including Chapter 2: Centralized Data, Chapter 4: Passwords, and Chapter 5: Viruses & Malware. Also check out Personal Data Security: NAS and 3-2-1 Backup Rule: Get Offsite.

curtsig2 - trans
Curt Robbins


Scary Stats

In 2011, website Backblaze conducted a data backup survey, learning that only 7% of respondents performed daily backups. It also found that 35% of computer owners never backed up their data. 51% of owners backup less than once a year. 31% of PC users have lost all of their data files. According to photographer Peter Krogh, a vocal proponent of regular backups, there are two groups of people: Those who have already suffered a storage failure and those who will experience one in the future.

In 2012, anti-virus company Trend Micro released a study of 1,000 Americans that revealed that 40% of them never—as in never-–backup their data (results very similar to those revealed by the Backblaze survey). If their hard drive crashed tomorrow, nearly half of all people would lose everything. Interestingly, half of respondents reported being married. Yet, 83% of those married didn’t have a backup of their wedding photos (they can’t all be on the verge of divorce)!

In August 2014, it was reported that Russian hackers had amassed a database of 1.2 billion (as in billion) stolen user names and passwords and had gained access to half a billion email accounts. According to Hold Security, the combined attacks reached every area of the web and more than 400,000 websites. The New York Times hired an independent security expert, who verified the authenticity of the stolen account information. “Before, we were amazed when 10,000 passwords [went] missing,” said Alex Holden, Hold Security’s chief information security officer. “Now we’re in the age of mass production of stolen information.”


If you haven’t suffered a data failure (and with it, forever lost some precious memories of loved ones and special occasions), try to avoid being one of the sad people who are good at conducting regular backups because they have experienced such digital disaster. If you haven’t suffered a loss, take it from one-third of your friends, family, and co-workers: It sucks. The relatively minor investments of time and money you will make in educating yourself and securing your data can prevent all of the heartache of those who have suffered “catastrophic data loss.”

external USB backup drive

Regardless of the efficiency of your backup plan, don’t be afraid to spend some money on the best hardware you can afford (in the case of backups, this would be the NAS [Network Attached Storage] and internal and external disk drives). Again, you’re protecting your cherished digital photo albums and home videos—not to mention other important files, like legal documents, school papers, and heirloom family recipes.

Secure Backup Rules

Following the simple rules below will help you create a successful backup plan that can be executed on a regular basis. Should disaster strike and your primary hard drive craps the bed, these rules will also help ensure a smooth and successful restoration of the data from the backup device or service.

  • Backup either daily, weekly, or bi-weekly (depending on how frequently you create or acquire new data).
  • Create two backups, one for onsite storage and one for offsite.
  • Determine and strictly adhere to an offsite storage schedule.
  • Do not encrypt or compress your backups.
  • Automate your backup(s). This is child’s play with the available software. Do not assume you will run a manual backup with regularity and passion. You won’t.
  • Even if you have very little data to backup, don’t use a USB flash drive, which is slower and less reliable in the long run than hard disk drives.
  • Perform incremental backups (described below).

Assume the hard drive (or drives) on which you store your important personal data crashes tomorrow. Will you lose data? How much? This is really the litmus test. If your primary data storage (called your master data or primary copy) crashed and burned an hour from now, how would it affect you? If this happened to the majority of people, they would lose most or all of their data. In other words, most people have either zero backup or an old, out-of-date copy.

ethernet switch - cropped

 

Local vs. Cloud Backup

There are two primary types of backups: Local (comprised of both onsite and offsite copies) and cloud-based. Local backup simply involves copying your primary data to a hard drive hanging off a computer sitting on your home network or a redundant drive in a RAID 1 NAS. Cloud backup means using your broadband connection to upload your data to be backed up to a remote server somewhere on the internet. Dozens of companies offer consumer-grade online, or “cloud” based backup services. To learn more about cloud-based backup, see the Cloud Backup section below. [Sorry, you’ll have to buy the book for that one.]


Curt Robbins is a technical writing consultant and instructional designer who is author of the following books from Amazon Kindle:

You can follow him on Twitter at @CurtARobbins, read his AV-related blog posts at rAVe Publications, and view his photos on Flickr.