Backup and encryption

Posted on 25 November 2017 | by Aaron Traffas, CAI, ATS, CES
This entry is part 2 of 3 in the series Security

Security

This article was the subject of Fast Talking Podcast episode 190 and appeared in the Colorado Auctioneers Association‘s quarterly newsletter.

It was 2007. NAA Conference and Show was in San Diego. My bags were packed in my truck. I swung by the office to grab my computer and other electronics that I’d need for the week in California. As I walked out the door for my two hour drive from Manhattan, Kansas, to the Kansas City airport, I realized I’d forgotten something. I sat my computer bag on the ground next to my pickup’s passenger door and went back inside. When I returned, I got in my truck, cranked the wheel to the left and backed out, only to realize that my front tire just rolled over my laptop bag. My computer — and my mood — was crushed. I had unfinished work for upcoming auctions that I’d planned to do on the plane and I had no time before my flight to prep another computer. It made for an interesting and uncomfortable trip.

Broken hardware is one thing, but what if I’d lost the computer? What if instead of picking up pieces off the ground, I was instead unsure of where it was? Had it fallen into malicious hands? Were all the accounts that I’d logged in to now at risk of being compromised? It’s always better to know a computer is destroyed than to wonder if someone is combing through the data.

The scenario is simple — at any time, you can suddenly lose your laptop. In order to make sure that the only cost to you is the value of the hardware, it’s crucial that your computer is encrypted and backed up properly.

Encryption

Computer encryption can get very technical very quickly, but for our purposes it simply means a way of scrambling the data on the computer’s hard drive so it can’t be read by anyone who doesn’t have the password. The password to login to Windows isn’t enough, as it’s fairly trivial to bypass. The correct solution is called full disk encryption, where everything on the computer is encrypted for everyone who doesn’t have the password.

For many years, the right answer for encryption was a product called TrueCrypt. It was free software and the encryption was bulletproof. A few years ago, the TrueCrypt project closed down. Luckily it’s successor, called VeraCrypt, is also free and based on much of the same code base as TrueCrypt. Since it’s open source, third parties have been able to audit the software to make sure there aren’t backdoors or other ways for criminals or governments to bypass the encryption.

Operating systems have their own versions of encryption. Windows has BitLocker and Apple has FileVault. While I’ll always prefer a free and open source solution over one from an operating system provider, these solutions may be a good fit in some situations.

Many modern laptops also provide built-in encryption options on the hardware level. Many of these might work as well as VeraCrypt, though there’s no way to guarantee there isn’t a backdoor. Sometimes, a laptop’s password simply prevents the laptop from booting up and doesn’t actually encrypt the data. This means someone could simply remove the hard drive and put it in another computer to access your files. Make sure if you’re using a built-in password function on your laptop that it’s actually encrypting the data.

Only by using full disk encryption can you rest assured that if your computer falls into the wrong hands, all your data about your auctions, customers, clients and personal accounts won’t be at risk. Entering a password every time you boot your computer is a small price to pay for that peace of mind.

Backup

Encryption prevents the bad guys from getting your data, but what about losing your work? If you drive over your laptop with the front wheel of a diesel pickup, how do you get your files off of a hard drive that’s in pieces on the ground? In addition to the possibility of losing your computer, new viruses called ransomware actually encrypt your files and make you pay a ransom before giving you the key to decrypt them. A good backup solution can mitigate a ransomware infection by allowing you to restore the unencrypted versions of your files.

There is a frequently recited rule of backup called 3-2-1. You need three copies of your data, on two different mediums and one needs to be offsite. Simply buying an external hard drive and copying your files there is better than nothing, but it’s also grossly insufficient and inefficient. A good backup solution will run continually in the background, copying versions of your files offsite as you create them, so you don’t notice it until you need it.

In much the way that TrueCrypt was the best answer for encryption, there was also a best answer for backup called Crashplan. Crashplan allowed users to backup to friends for free. I wrote in 2012 how this was a perfect backup solution that didn’t have a monthly fee like most of the backup services. Unfortunately, a few weeks ago, Crashplan announced that it’s discontinuing its free version in October 2018. While I’ve been hunting for a replacement, it’s unlikely that anything will be as simple as Crashplan to use without a monthly fee.

There are still myriad subscription backup services. Some of the best known are Carbonite, Backblaze and Mozy, and each has a different pricing plan based on the amount of data to store and how many computers will be using the service. As you shop around for the best deal, pay attention to the cost to get your data back. In 2011, I lost 2 terabytes of data that was backed up with Mozy. Only then did I learn that they charged $.50 per gigabyte to restore the data, and I had to come up with the $1000 within 30 days before my files were deleted.

In the auction business, like any business, time is money. Some backup solution is better than nothing. In my search for a Crashplan replacement, I’ve found a lot of negative comments about Carbonite and a lot of positive comments about Backblaze, so if I were looking for a simple turn-key subscription backup service, I’d probably start with Backblaze.

[amazon_link asins=’B00J2EZJM4′ template=’ProductCarousel’ store=’aarotraf-20′ marketplace=’US’ link_id=’f6651eb1-d209-11e7-9d23-41c91cc34f67′]

Backup and encryption

In summary, disaster happens when we least expect it. We need to take steps now to ensure that when, not if, we lose a computer, it might cost us money to replace the device but it doesn’t cost us time to recreate all our work or, worse, cost us sleep worrying about who might have our data and what he or she might be doing with it.

Series Navigation

Proper password managementUse a VPN for security and privacy

This entry was posted in services, Security, featured and tagged , , , , , , , . Bookmark the permalink.

Aaron Traffas, CAI, ATS, CES

twitter.com/traffas | aarontraffas.com | aarontraffasband.com

Aaron Traffas, CAI, AMM, CES, is an auctioneer from Sharon, Kansas. For the last 22 years he's worked for Purple Wave. Aaron served as president of the Kansas Auctioneers Association in 2017 and on the National Auctioneers Association Education Institute Board of Trustees from 2009 through 2013. He is a past instructor at CAI and co-wrote the original ATS and AMM designation courses from NAA. An active contract bid caller, he has advanced to the finals in multiple state auctioneer contests. During the summer, Aaron operates a farm in south central Kansas. Aaron is an active singer and songwriter and the Aaron Traffas Band's latest music can be found at aarontraffasband.com as well as Spotify, Apple Music and Amazon.