Why Everybody Needs Off-Site Backup

A fire swept through the University of Hawaii's financial management office in a portable wooden building at its Manoa campus. The Honolulu Star-Advertiser reports (via Chronicle of Higher Education):

The building houses computerized and paper records for payroll, vendor payments and student loans for the entire 10-campus, UH system of about 60,000 students and 7,000 to 8,000 faculty and staff, said UH spokesman Gregg Takayama.

"Some of the records are backed-up on an off campus site, but most are not," Takayama said. "We won't know the impact until they're able to get back into the office and determine what kind of computer records and paper records can be salvaged. For now it's a bit too early to say what the immediate impact is.

This is a reminder of one of the biggest gaps in computer security -- absence of remotely stored duplicate records. It's well known that home users are negligent even about on-site backups; almost 90 percent don't back up regularly, even though most have lost data, according to a study reported in 2011. But one backup isn't enough. Fire and storms regularly destroy backup drives, business and personal. Corporations often maintain mirror sites that can be completely up to date in case of disruption. After September 11, many universities also realized the importance of data continuity planning.

The CEO of Cantor Fitzgerald, the trading firm reborn after grievous losses in the September 11 World Trade Center attack, was interviewed by the Telegraph:

Much has changed in the 10 years that have passed, not just for Cantor - which suffered more than any other company on 9/11, losing 658 of its then 1,500 global employees - but for Wall Street as a whole. For [Howard] Lutnick, the biggest lesson he thinks the Street at large has learnt is the need for back-up.

"People need serious back-up. They need multiple counter-parties for all the things that they do, they shouldn't just rely on one monopoly, they should have alternatives."

He argues that this lesson has made "the finance industry stronger and more sustainable", hinting that it might not have survived the credit crisis had it not been for 9/11.

Is the cloud the answer? Storing all vital data on remote servers is probably more secure than using your own computer -- that is, if you are sure that your host has state-of-the-art backups of its own and won't be compromised by cyberattacks. Since even the Defense Department finds the latter a challenge, I remain skeptical. The big disadvantage for those of us with more than 100 GB or so of data -- and most new laptops have 320 or 500 GB drives -- is the time it takes for a full initial backup to one of the remote services like Mozy and Carbonite. These companies have admirable records and reasonable subscription prices for peace of mind. But their FAQs generally avoid discussing how long initial backups generally take given most home and small business users' slow upload speeds -- weeks of 24/7 operation for larger drives.

Even if you believe one of those services is best, you will still need to back up religiously during those initial weeks. It's a bit like the story dentists tell: "'Do I have to floss all my teeth?' 'Only those you want to keep.'" So take it from a survivor of two PC failures and try this system. Get two or three external portable hard drives with room for all the data you expect for the next few years. (Most thumb drives degrade with frequent use and are unsuitable for long-term storage.) Get disk-imaging software that makes a bit-for-bit copy of everything on your drive. Test if after you first use it and regularly thereafter. Keep one drive at home at all times and another at a remote location like your workplace or a family member's house -- encrypted if there's a risk of theft. Get into the habit of making a full backup whenever you're away for two hours or so. Swap the remote and home drives as often as possible. I've been using Shadowprotect, which allows copying backed-up files to another computer; there are also Norton Ghost and Acronis. Since civilians like me are likely to want support in doing a restoration, be sure to know in advance whether there's an extra charge.

Computing peace of mind is simple: Just stay paranoid and compulsive.