The New Oil logo Dark Mode

Protection: Backups

Backups are probably not a foreign concept to most of us. Even if we don't keep them ourselves we've heard of them, had that them preached at us, and kicked ourselves for not keeping them when our computer suddenly dies unexpectedly or our phone finds its way into the wash.

To develop good backup habits, first you need to decide how much space you need. If you're only worried about backing up important text files and financial documents, you probably don't need more than a few gigabytes. If you'll be backing up videos and pictures, you'll want something more in the hundreds of gigabytes or few terabytes range.

Next, you'll need to decide how often you need to back up and how far back you need to keep your backups. This will play a part in deciding your storage size. Even if your one-time backup is small, keeping weekly copies can add up quickly. Decide if you want to keep a specific amount of backups (ex: six-month's worth of weekly backups) or just the most recent however-many it can hold (or less), with the oldest ones being deleted to make space for the newest ones.

Third, you'll need to decide if a cloud-based or a local storage solution is better for you. Clouds have the advantage of being safe from local disasters: burglaries, fires, etc. If your home gets robbed or floods, a cloud will probably be unaffected by that. But on the other hand, you do run the risk of data breaches, or the service disappearing one day without warning if you pick a smaller, newer service.

Finally, come up with a system. Windows and Mac have features that allow you to automate the backup process including frequency, which files to include, and where to store them. Mobile devices will have to be backed up manually. These are fine systems to put in place, just remember to make sure your encrypted storage location is unlocked if encrypted so the backup is able to take place. If you decide to manually handle your backups, be sure to set regular reminders so you don't forget.

The 3-2-1 Rule

The 3-2-1 Rule is a good rule of thumb when considering how to organize your backups effectively. You should have 3 copies of your data - 2 backups plus your daily-use copy. You should have 2 separate formats for your backups - such as an external harddrive and a cloud copy. Finally, you should have 1 of those copies offsite - again, a cloud copy or a USB at a friend's house - in case of physical damage or disaster at your location.

Using Veracrypt to Secure Your Backups

If your backup solution is a local hard drive, I discussed using Veracrypt in the previous section to encrypt your device. But what if you want to create a secure cloud backup? A best-case solution is to self-host a Nextcloud server so you have complete and total control of the data on a trusted, open source platform. If you're not tech-savvy enough or don't have the resources, a similar option is to select a provider) who is zero knowledge. If for some reason this option doesn't suit you, my next recommendation would be using Filen. Filen is an open-source, zero-knowledge cloud service that functions similar to Dropbox. They offer 10 gigabytes of storage for free and have paid tiers that offer more storage and features. If you plan to use Proton, you may also consider paying for acces to ProtonDrive. ProtonDrive is currently in beta-testing and possibly unstable, though I personally have experienced no issues. It does not, however, offer a desktop app for easy file sync the way Filen does. ProtonDrive will be open-sourced once it moves out of beta. If for whatever reason none of these options work for you, here's my advice on how to use Veracrypt with a mainstream cloud provider.

Generally speaking, I would advise against using Google Drive, Dropbox, Apple iCloud, or similar services simply because they can see that you have an encrypted container in your storage space, and we don't know if someday they'll decide to take an anti-encryption stance and delete it or your account. Furthermore, Google Drive and Apple iCloud use weak encryption standards in some cases. Filen, ProtonDrive, and Nextcloud (when properly configured) can't see your files and therefore are unlikely to be swayed into action based on what's in your account. But if for some reason you decide to stick with another non-privacy-oriented service, I have two suggestions. The first is Cryptomater, an open source tool that allows you to encrypt each individual file and sync it with the cloud. It works for Google Drive and Dropbox, and is generally well-regarded in the privacy community. If you aren't using one of those services or otherwise don't want to use Cryptomater, then consider the following strategy:

First, figure out how much storage you have. Google Drive offers 15 gigabytes for free, Apple iCloud offers 5 gigabytes for free, and Dropbox offers 2 gigabytes for free. Next, make sure you have installed the service's file sync application. This is typically an app that will create a folder on your computer, and that folder acts as a real-time sync between your account and your computer. It's designed to make working directly from the file in your account effortless.

Now open up Veracrypt, select the "Tools" menu, and choose "Volume Creation Wizard." Pick "Create an encrypted file container," "Standard VeraCrypt Volume," then click "Select File" and navigate to your Google Drive or Dropbox folder. Once in the folder, you'll have to makeup a nonexistant file name. Anything works, from "Backup" to "veracrypt_containter" or whatever you want. Once you hit "save," it should you the file path. Continue onward, make sure you've selected "AES" and "SHA-512" for your algorithms (these are the default so you shouldn't have to adjust it), and then move on. The next screen will ask you for a volume size. Ideally, I would say use as much as you can. If you use your Dropbox or Google Drive for other sharing purposes, maybe leave a gigabyte or so free for that, or maybe only use the exact amount of space you require for your backup strategy. Either way, decide what storage size is appropriate for you, then go to the next screen where it requires a password. From there, it's pretty self explanatory. Just answer the questions and it will pick the best formats and such for you.

If you follow these steps, you should have created secure, consistent backups that will protect you in the event of a lost, stolen, or damaged device, or even the dreaded ransomware.