In light of the recent hacking catastrophe of Mat Honan, there has been a flurry of articles discussing the requirement to have a good backup plan in place and what makes for a good backup plan.
Backing up
I’ve already detailed my backup architecture here, but there are a few things that I see people adding as an absolute requirement for any backup plan, notably a cloud component.
Several cite very useful services like Backblaze and Carbonite which are definitely good approaches if you don’t want to construct something as complex as my system. The cloud component isn’t an absolute necessity, but it brings the advantage of ensuring that recent changes have a copy outside of your local environment.
Dropbox is also often cited as a backup solution, but it’s important to remember that Dropbox is a sync tool, not a backup tool. That said, because of the way that Dropbox works, by keeping local copies of files in sync across different machines, it behaves in someways like a backup since you can lose a computer and simply by relinking to your Dropbox account, you get the files back.
On the other hand, if your Dropbox account is hacked and the hacker deletes your files, they will be deleted across all of your computers. Now this problem is somewhat alleviated by the fact that with Dropbox you can restore missing or older versions of files, but if you’ve lost control of your account this may not be an option.
But since you have local copies of these files, your regular backup plan will ensure that your local backups (Time Machine, SuperDuper, CarbonCopyCloner, Retrospect etc.) will have the history of these files.
And I need to mention a shout-out to Retrospect here for anyone that needs a really good corporate backup solution that scales from really small to quite large. It has been largely replaced by Time Machine in most personal and SOHO environments, but Time Machine doesn’t scale terribly well once you have more than two or three computers hitting the same server. And if you want to consider archiving to tape, then it’s absolutely the best way to go.
Anti Hacking
The other part of the story is avoiding getting hacked, and ensuring that your cloud services are well secured. A few basic principles:
-
Use complicated passwords
-
Use a password management tool to keep track of them (I like 1Password)
-
Don’t ever use the same password on different sites or services
-
Use any advanced security features offered (Google two factor authentication for example)
If you are building corporate web applications, there are affordable two factor authentication services like Duo Security that you should be looking into to avoid a personal hack spilling over into your work environment.