Putting the Humor Back in Backups: FileSlinger(TM) Backup Reminder 05-23-08

Is this the late-late-early show or the early-early-late show? Looking at my calendar and asking myself what the chances are that I'll manage to write a second column by Friday (when I have to get up at 4:30 AM to get ready for the BACN meeting at 7:30 AM), I decided just to post-date this and send it out now.

Last week TechTarget sent me a link to an “e-zine.” I don't know why they called it that; there's no sign that you can subscribe and get new issues. It's essentially a white paper and probably the reason I got a phone call and an e-mail message from a hapless salesperson at ASEMPRA whose marketing department doesn't know enough to put a “Don't contact me” checkbox on its download forms.

Anyway, the white paper is called “New Tools for Better Backups,” and, like most white papers, it focuses on enterprise technology: deduplication, storage resource management, VM (that's Virtual Machine) Backups. The kind of thing that gives most of the folks who read this blog a serious case of My Eyes Glaze Over.

But in the midst of these articles was a full-page ad for the latest installment from the Backup Trauma Institute:

“Are you looking to gain control of your company's digital information?

“Or maybe your sanity?

“Well, you're in luck because now you can get ‘Friendly’ advice from a professional who's truly passionate about helping you manage your data — Dr. Harold Twain Weck. That's right, John Cleese is at it again as Dr. Twain Weck to give you friendly advice on your most critical digital information protection and storage challenges.”

First, if you've never visited the Institute for Backup Trauma, go check it out. This award-winning campaign for LiveVault's Continuous Data Protection services appeared in April 2005. It makes two major points: how much trouble a company can be in without reliable backups, and how problematic tape is as a backup medium.

Three years later, Iron Mountain owns LiveVault and John Cleese is dispensing advice of dubious friendliness regarding some important questions about compliance, security, and whether there is, in fact, a mountain of iron. My favorite question is “How can I get our executives in trouble?” but my favorite answer is “How do I keep Mr. Wiggles from destroying electronic evidence?” That one expounds on some really creative ways to destroy a hard drive.

Even though Iron Mountain's solutions are aimed at the enterprise and may not be immediately useful to you, the Friendly Advice Machine is an entertaining diversion—and one that makes me glad I don't have to worry about compliance, discovery, and managing millions of e-mails.

Technorati Tags: Iron Mountain,LiveVault. John Cleese,Friendly Advice Machine,Backup Trauma

I’m Crushed: FileSlinger™ Backup Reminder 05-02-08

I thought I knew what I was going to write about for this week's reminder. A few days ago, someone contacted me (through the Podcast Asylum, natch—perhaps I need to make my FileSlinger™ e-mail address easier to find on the Backup Blog) to ask about online backup, which has been the theme of the past couple of weeks.

The specific problem, however, involved an intersection of factors I don't know enough about to explain: Vista x64, Office 2007's .docx format, and Mozy, or rather why Mozy didn't seem to want to back up .docx files from a Vista x64 PC.

I don't use Vista, and don't plan to, at least not for as long as I have this particular machine. The Ur-Guru says that the x64 version isn't bad now that Service Pack 1 is available, but the overall Vista adoption rate is so low that the only pressure to “upgrade” comes from Microsoft. (Even the Ur-Guru only has it installed on one system, and that's only because the software he develops has to work on it.)

As for Office 2007, while the Ur-Guru has been using it happily for some time, none of my clients use it, and I would be creating more problems than I was solving if I switched now. So I don't know much about the new .docx format for Word files which Office 2007 for Windows shares with Office 2008 for Mac, except that it's based on XML. And while I found a number of articles and blog posts talking about the difficulty people with older versions of Office have opening .docx files, I didn't find anything that would explain why uploading them through an online backup service should be a problem.

Likewise, I found some “don't use Mozy” stories from a few dissatisfied customers who had experienced file corruption or other problems, I didn't notice anything specific to Vista. So that was the end of that idea.

This morning, however, while catching up on my C|Net newsletters, I saw an item in Gearlog that I couldn't pass up mentioning: EDR's Hard Drive Crusher, billed as “a new spin on destruction.”

Though this is by no means a data security blog/e-zine (blogzine?), I have mentioned before that if you are giving away a computer or a hard drive, you want it thoroughly erased. There have been special shredders for CDs and DVDs at least since I wrote about destroying outdated backups in 2003. And computer recycling facilities have powerful electromagnets designed for completely wiping the data off any magnetic drive.

The Hard Drive Crusher is not a home-office solution. For one thing, it weighs 85 lbs. For another, it costs $11,500. Even the Ur-Guru doesn't go through enough disks in a year to make it a sensible purchase. But it's the kind of thing your local electronics recycling center or data protection service might want to invest in, and let you use for a small fee if you don't think a magnetic wipe or repeated overwriting of the drive is sufficient.

And it has to be a pile of fun to operate if you're suffering from computer-induced frustration.

Technorati Tags: Hard Drive Crusher,Mozy,Gearlog,Aleratec,Vista x64,docx

A Real Live Backup Scam: FileSlinger™ Backup Reminder 03-14-08

It was only a few days after publishing last week's “Are You Paranoid Enough?” Backup Reminder that I heard the sorry tale of G-Archiver, a program designed to back up your Gmail account. Or allegedly designed to back up your Gmail account, anyway. A programmer named Dustin Brooks discovered that G-Archiver did something else: it sent the Gmail IDs and passwords of everyone who had downloaded it to the Gmail account of one John Terry.

The G-Archiver website claims that this was a “coding mishap” and urges users to remove the old version and replace it with a new one. This strikes me as lame both as an apology and as an explanation (I have trouble imagining how such a “feature” could find its way into a program by mistake), but at least it's better than pretending the problem never existed.

Still, I suspect that very few people who have read about said “mishap” are going to take a chance on G-Archiver again. They're probably too busy changing the passwords for their Google accounts.

Neither flaws nor deliberate scams are necessarily obvious. If Dustin Brooks hadn't decided to examine the source code using Reflector, we might all still be ignorant of the problem with G-Archiver. It takes a programmer to discover a problem at that level.

But it doesn't take a programmer to run a product name through Google and Technorati and see whether someone else has found problems. And it doesn't take a programmer to look for (or ask about) alternative ways to back up the specific data you're looking to copy.

One commenter on the original post in Coding Horror made the following sensible point:

Why would anyone pay $30 to get a backup copy of their Gmail account when Thunderbird is free? Just connect to Gmail's IMAP server, set TB to save all downloaded messages, and do a complete sync. Not only would you then have a complete backup, but you would also be able to read and send email from TB while having it synced with Gmail.

Just about any other mail client with IMAP support should also work.

Since I don't use my Gmail account for mail, I've never bothered downloading the tiny handful of messages there into Outlook, but that's probably what I'd do, since my Outlook .PST file already gets backed up at least once a day.

It seems obvious to me that an offline mail client would be the obvious way to backup an online e-mail account, but that might not occur to everyone. But if you type “backup Gmail” into Google's search box, you'll find lots of possibilities, including instructions from Google about backing up your mail with POP. (You'll also find instructions for using your Gmail storage space to back up data from your hard drive, which brings it all full circle.)

So once again, the moral of the story is, don't hand out your passwords to anyone you don't have some reason to trust, and do your homework on new products before trying them. Backups are supposed to make your data safer, not more vulnerable.

Technorati Tags: G-Archiver,Coding Horror,Gmail

Are You Paranoid Enough? FileSlinger™ Backup Reminder 03-07-08

Now and again I talk about aspects of data security that aren't directly related to backups. I don't do it often, because I'm not a security expert, but there's more than one way to lose your data, and stories about backup tapes stolen from financial institutions and missing laptops with confidential information on them show up in the news pretty often.

The security of your backups can be an issue for everyone. If someone broke in and stole your external hard drive, would they get everything? Most small and home office users have at least some information that shouldn't be available to anyone who finds a USB key lying on a taxi seat. So we should all take basic precautions and not make it easy for those with harmful intent.

I saw an announcement about a new service called BlogBackupr the other day and flagged it as something to investigate. As a backup blogger, I'm certainly in favor of backing up your blog. (I'm not at all in favor of that awkward name; even "Blog Backer-Upper" would be more euphonious.) Before I could check the service out, however, I saw a post from Ike Pigott warning readers about a the way any provider of such a service could abuse the login and password information for your blog.

And just in case I wasn't feeling paranoid enough after reading Ike's post, I got a link to a new white paper from Bitpipe this morning: “How to Fully Protect Your Storage Environment.” (You'll have to register to download it, if you're interested.) The section that caught my eye was “Why and How Your Storage Environment Will Be Attacked,” by Kevin Beaver.

While the guide addresses enterprise storage, a few points apply to smaller businesses and home users as well:

1. Storage security does not equal redundant systems and good backups. These two elements are only part of what’s going to keep your data safe and sound, so it’s important not to solely rely on them as has been done in the past.
2. Storage encryption is not the silver bullet. Not for data at rest and not for data in transit.

The truth is, we all have to trust someone with our data sometime. Even if you run your own web and mail servers, even if you avoid online backup services, the only way to protect your data against fire, flood, and theft onsite is to move copies of the data offsite—which means it's vulnerable in transit and at its destination. And most companies providing backup and storage solutions limit their liability pretty severely.

The malicious hackers are way ahead of most of us, too. They know more ways to attack than we're aware we should defend.

So what's a sensible person to do?

If you work with really sensitive data, it's probably worth hiring a security expert. Otherwise, take the obvious precautions. If it's small and portable (and even my twelve-ton, 17-inch laptop qualifies for that category), put a password on it. And store your passwords in a password-protected program. Don't leave your data unattended. Do provide someone in your company or family with your master password in the event you are injured or killed and they need access to your data, but make sure that person knows how important it is not to hand out that information.

Check out any storage services you're thinking of using before you sign up: search on Technorati and in places like Yelp to find out what people are saying about them. One or two negative reviews is normal, but if you find pages and pages of complaints, stay away. If a storage company is making headlines because of lost or stolen data, choose someone else.

At least most of us SOHO users can comfort ourselves with the knowledge that we are just too insignificant for serious hackers to bother with. The payoff for stealing your PIN number is fairly small. The payoff for stealing millions of credit card numbers from a bank is a lot higher.

But don't let that make you careless.

Technorati Tags: BlogBackupr,Ike Pigott,data loss,security

Why Ted Loves Western Digital: FileSlinger™ Backup Reminder 02-01-08

This week we have a guest column from my colleague Ted Prodromou of Net Biz Experts. Ted and I are both members of the Executive Team for the Bay Area Consultants Network. For those who are interested, he's leading a series of free webinars about Web 2.0, and on February 8th, I'll be presenting about podcasting.

I thought my non-geek readers would appreciate a story that demonstrates that even IT experts suffer from computer disasters.

---

I'm sure you've heard it a million times, BACKUP YOUR DATA! I've heard it a million times and I've been telling my clients to back up their data for almost 30 years (am I really that old?) My friend Sallie Goetsch (rhymes with "sketch") is a backup evangelist. She is the queen of backups and constantly reminds everyone she meets to back up your data at least once a week.

Of course I backup my data occasionally. I have backup programs installed on my computer but I don't run them regularly because they take too long to run. I have tons of data on 3 computers and most of it isn't backed up regularly even though I know better.

I was running out of disk space on 2 of my computers so I ventured down to Best Buy to check out the fancy new external USB hard drives. For almost nothing I could add more disk space than I can even fill up. I ended up purchasing 2 new hard drives, one portable 320 GB drive for my laptop and a 1 TB (yes that's terabyte) drive so I could back up all 3 computers to one drive.

I ended up purchasing the Western Digital Passport portable drive that constantly syncs my data as it's created. I also purchased the Western Digital MyBook terabyte hard drive so I could back up data from all 3 computers to a central location.

I ran home and plugged in my new Western Digital Passport and instantly it appeared on My Computer. No installation hassles. Nothing to configure. Presto I had more disk space instantly. I installed the Memeo backup software that comes installed on the drive and I was syncing my data with the Western Digital Passport in less than 5 minutes.

Next I installed the Western Digital MyBook on my other computer and instantly I had an entire terabyte of disk space to play with. I configured a backup with the Memeo software and I was backing up 3 computers to my Western Digital MyBook in no time. In less than one hour I had all 3 computers backing up to my Western Digital MyBook and my primary computer syncing data to my Western Digital Passport. Unbelievable!

And as fate would have it, today I turned on my computer and Outlook wouldn't open. The PST database file was corrupt and the repair program could only salvage part of my data. I would have lost most of my email archive, my contact database and my calendar. Well I simply found the backup file on my Western Digital MyBook and I was back in business!

Thank you Sallie and thank you Western Digital. You are lifesavers!!

---

Reposted from Ted's Blog.

Technorati Tags: Western Digital,MyBook,Memeo AutoBackup,NetBizExperts,Ted Prodromou

What the Top 10 Data Disasters of 2007 Teach Us: FileSlinger™ Backup Reminder 12-14-07

Every year Ontrack Data Recovery posts a list of the top 10 data disasters they've had to clean up after, and every year I write something about them. I noticed a big difference between the 2006 and 2007 lists, though. Four of the 2006 Top 10 disasters were damaged laptops, two were external hard drives, and three were internal hard drives from desktop machines. Only one of last year's dramatic tales involved data stored on something other than your typical spinning-platters hard drive: the SD card in a camera that wasn't as waterproof as advertised.

In 2007, only one dropped laptop made it onto the list. Instead, Ontrack was busy rescuing data stored on USB sticks and inside of cameras. There were also three external drives, up from last year, and one set of nearly-melted CDs.

So what can we learn from this change, apart from the fact that Ontrack can recover data from all kinds of storage media?

The first lesson is that data is easier to lose than ever before, because it's more portable. USB sticks are extremely handy devices, but because they're small, they're easy to lose--or to put through the wash or drop into the baby's applesauce.

The SD cards used by digital cameras and other portable devices are even smaller, so easier to misplace. (The 1 GB card that the Ur-Guru got for his MP3 player was so small it practically required tweezers to insert.) At least people are in the habit of thinking about cameras as fragile, and there are probably a lot of ways to seriously damage a camera without actually doing any harm to the data on the card.

USB sticks, on the other hand, often take the form of key chains, and people drop or throw their keys all the time, when not actually sitting on them or tossing them to the bottom of a bag. Flash drives are far better equipped to survive being dropped than drives with moving parts, but that doesn't make them invulnerable.

As for ordinary hard drives, their lives are full of danger. ION Backup's Howie Hard Drive series of videos shows a human-sized hard drive dodging traffic at rush hour, hanging out with the punks after school, and escaping the office. In 2007, Ontrack rescued data from drives that were infested with ants, dunked in acid baths, and soaked in WD-40. (No, that was not all the same drive.)

The moral of the story is, as always, treat your data with care. In particular, be kind to your backup drives. Carry external hard drives in padded cases. Consider keeping USB sticks on lanyards or clips so they can't fall onto the pavement or into the sink. (Come to think of it, this might be a good idea for your cell phone, too--my mother dropped hers in the dishwater once.) And always check your pockets before doing the laundry!

Read the complete 2007 Data Disaster List.

Technorati Tags: Ontrack,data disasters,USB sticks,SD cards,Howie the Hard Drive,ION backup

How Much Is Your Data Worth? FileSlinger™ Backup Reminder 08-31-07

Last week the VP of Marketing at Data Risk Management contacted me in response to the backup reminder I wrote nearly two years ago about backups and insurance. My conclusion at that time was “It’s possible to get insured against the cost of losing your data, but you’re only going to be insured in the amount it would cost you to restore your data if you had up-to-date backups. If your business is out of operation for weeks or your client data is permanently lost because you have no backups, you’re out of luck.”

What the marketing VP said to me was that his company was “facilitating the data insurance market in a profound way.” I'm still not entirely sure what that means, but I took a look at the website, and what they're offering is interesting.

I was expecting data insurance the way I'd always thought of it: you pay premiums and get money if you suffer from catastrophic data loss. This is something different.

Their website explains it like this:

Insurance companies can't insure the value of your data because data loss is difficult to prove and there would be a high rate of fraudulent claims. Data Storage companies do not have the technology to safely guarantee the value of your data. If they lose your data—they might refund a few months of your storage fees.

So what's their alternative?

We store your data in the safest, most cost effective way possible. If we can't give you your data—you get a check for its full value.

And who determines that value? You do, and that's what your "premiums" are based on.

This is the tricky part. How much is your data worth? If you purchased a mailing list (a practice I advise against, but for the sake of example), then the list might be worth what you paid for it, assuming you could get the same list again from the same source. Alternately, it might be worth what it has brought you in product sales.

As for data you create, the most prudent thing might be to set its value at what it would cost to re-create it. If a client paid you $X to develop a program, write a white paper, or whatever, then you might set its value at that amount. You might need to double that amount, however, or add to it the income you would lose while re-creating it.

There's going to be some data it's not possible to reconstruct, for one reason or another. How do you value that? “Sentimental value” is an expression used to refer to items that most people wouldn't pay money for, but things with sentimental value are often irreplaceable. No amount of money can bring back your late grandparents or return your child to an earlier age to pose for a photograph. Does that mean you insure your personal items for more money, or not at all? Would money compensate you for the loss?

“Many companies value 100 MB of data at over 1 million dollars,” the site claims. All I can say is that either I have the wrong kind of data, or I'm not charging enough, because I can't think of any 100 MB of data I have that cost me and my clients that much to create, or that it would cost me that much in lost income to re-create—though there could certainly be some fairly severe implications for the future of my business if I had to drop everything to re-create something I'd lost.

Let's take, for example, my Outlook .pst file, where I store e-mail, contact information, and appointments. Those are all important things, which is why I back that file up frequently. I'd certainly be in trouble if I lost it all. At a million dollars per 100 MB, it would have a value of almost $6 million. Since Data Risk Management charges 10 cents per thousand dollars of value per month, that would be $600/month. I suppose that if my Outlook data were really worth $6 million, it might be worth it.

Let's look at a more realistic scenario. The minimum value allowed for data is $100 per megabyte, which would put the total value of my Outlook data at about $60,000, which would be sufficient to cover the cost of reconstructing that data from other sources, or at least enough of it to deal with the present and the future. The cost of coverage would then drop to $6/month, which is certainly within range for small and home-based businesses.

The interesting thing about Data Risk management is the way they combine data storage with insurance. By storing your data in multiple secure data centers, they reduce their likelihood of having to pay out on a claim. And by charging $1 per gigabyte for data retrieval, they help to ensure themselves enough funds to pay out if they have to. And you want a company like this to have a sustainable business model, because the biggest risk of putting your data into a startup like this is that they won't be around this time next year.

Technorati Tags: Data Risk Management, data insurance

Never Underestimate the Power of Human Error: FileSlinger™ Backup Reminder 04-13-07

Sometimes I think my readers must be ambulance-chasers, because two of them sent me links to articles about the same data loss disaster this week. (You know who you are.) The story actually dates back to March 20, and Associated Press starts it off like this:

“Perhaps you know that sinking feeling when a single keystroke accidentally destroy hours of work. Now imagine wiping out a disc drive containing an account worth $38 billion.”

Eeek! It’s a pretty horrifying prospect, even if very few people reading this e-zine are likely to get their hands on $38 billion.

It’s not the money that was destroyed, of course. Both the destruction and the creation of money are pretty much matters of consensus, or perhaps of fiat. But without the proof that the money represented by zeroes and ones in the bank is yours, it might as well not exist for all the good it’s going to do you.

The money in question belongs to the Alaska Permanent Fund, of which I’d never heard before this. Part of the fund’s mission is to ensure that Alaskans receive timely dividends. That’s just a bit difficult to accomplish when you don’t have any records of who gets what.

The story continues:

“While doing routine maintenance work, the technician accidentally deleted applicant information for an oil-funded account—one of Alaska residents' biggest perks—and mistakenly reformatted the backup drive, as well.

There was still hope, until the department discovered its third line of defense, backup tapes, were unreadable.”

I’m not sure how one accidentally reformats a backup drive, and I haven’t seen anything online (most sources just seem to reprint the AP story) to explain it. I suppose if it were an internal drive, one might choose the wrong partition to reformat—easy enough to do if they’re all the same size and their drive letters have disappeared or been rearranged (something that happens with DOS-based Norton Ghost, so that if your main and backup drives are the same size, you have to look at their contents to be sure you’re making an image of the right one). But it’s really hard to imagine accidentally reformatting an external drive.

Unreadable tapes are no big surprise. Blogger and system architect Payton Byrd uses the story to illustrate his main point that “Tape sucks as a backup medium…Even the most unreliable of today's hard drives will be much less susceptible to failure as [sic] tape.”

In the end, the fund was able to get its data back—because it still had the original paper forms it had scanned in to create the database. Re-entering the data cost them $200,000.

Back in 2005, I wrote about a similar thing which happened to a client of mine on a smaller (though proportionally just as significant) scale. While the business owners were overseas, the backup server stopped working. Then the main server messed up. They came home to find a month’s worth of customer transactions gone up in smoke, and spent $10,000 on data recovery, hardware replacement, and re-entering the data from the paper printouts the CEO had taken it into her head to start collecting in the previous year.

In my client’s case, the problem was one of hardware failure—compounded by the fact that no one in the office thought to report the problem with the backup server to anyone who could have done something about it.

The single biggest cause of data loss is human error. Is there anyone reading this who hasn’t accidentally deleted a file, or copied over something they meant to keep, or even thrown an important paper into the recycling bin? The Windows recycle bin and the Mac trash can give us at least some opportunities to retrieve items we didn’t mean to get rid of, but just as there’s no such thing as a child-proof container, there’s no such thing as an error-proof system.

And if there’s anything the least bit wonky about the hardware or software, it just makes it that much easier for us to mess up. I love my computer, but for some reason the “Shift” and “CTRL” keys tend to stick. This caused me no end of bafflement and trouble until I realized what was going on. I would end up actually rebooting my computer because I couldn’t do anything and all my keyboard commands were messed up. Now I’ve clued in, and if the keys I press do something funny, I whack the “Shift” key and see whether that fixes it, and if it doesn’t, I hit the “CTRL” key. Usually one or the other will set things to rights.

Probably the only thing more dangerous to our data than we are ourselves are our pets and children. The cat once managed to shut my laptop down by walking across it. I’m still not sure how she managed it, because she was nowhere near the power button. And I’m sure the inside of the machine is full of cat hair, which no doubt will combust one day. (Well, maybe not, because the drive doesn’t get all that hot, but my computer repair guy is decidedly reproachful on the subject.)

So what can we do? There’s only so alert and careful we can be, but there are a few precautions to take. Set any program you work with regularly to autosave on a frequent basis. (And practice hitting that CTRL-S (Windows) or Command-S (Mac) key combination to save manually, until it becomes a reflex.) Set up automated backup systems and check them to make sure that they’re working. Use good-quality backup media and store them in protective containers away from heat, dust, moisture, and cat fur. Send or put copies of your most important data in a secure off-site location on a regular basis. (It’s much easier if you set up a routine, e.g. “On the first of each month I have to put all this onto CD and take it to the safe-deposit box.”)

And if anyone asks you to do hard drive maintenance for a fund worth $38 billion, just say no.

The Halloween Backup Reminder: Wanna See Something Really Scary?

'Tis the season when folks hang skeletons in their windows and visit haunted houses, and it only seemed right to get into the spirit of Halloween by providing some computer-related horror stories. Back in 1998, Geek Culture’s Mind Numbing Magazine™ created a clever introductory page for the computer horror stories they hoped to collect:

It can happen to anyone, even you. One minute you’re fine, working away on your faithful computer, the next minute you’re living a nightmare! Somehow, for no apparent reason, your most trusted friend has turned against you with every silicon fibre of its being:

• Months of work has disappeared in a nanosecond.
• Everything that defines you as a geek is gone. Perhaps forever.
• And to top it all off, your backup Zip™ drive is now click-click-clicking itself to death.

The idea didn’t catch on, though you can find plenty of people recounting their own tales of electronic woe online. In most cases, there’s nothing spooky, eerie, or cinematic about computer disasters. Most data loss disasters happen without special effects, though the DriveSavers Museum of Disk-Asters has some pretty spectacular photos of the kinds of physical damage computers can suffer.

I’d certainly be horrified if I came home to find my laptop a burned-out shell and my external hard drives scorched and melted. And right now it would take something that destroyed my whole office to deprive me of my business data. But that would be enough to do it, because I still haven’t found a really effective off-site backup solution for myself. And it *is* fire season in California.

Nevertheless, hard drive failures and human error are far more common than earthquakes, fires, and floods. So…you wanna see something really scary? How about a $2000 data recovery bill for a week’s worth of work lost when a laptop died on the way back from a business trip. Or coming home from a vacation in Europe to discover that the server died without anyone noticing and the backup tapes were useless? A year and $10,000 later, that company still has data that has to be re-entered by hand from printouts.

If it’s important, back it up now. If it’s really important, back it up offsite as well as locally. Then it won’t matter if your computer plays tricks on you.

FileSlinger™ Backup Reminder 05-12-06: Will They Be Bidding on YOUR Data?

This week’s topic isn’t precisely about backups, but it’s of sufficiently mind-boggling importance that I felt compelled to write about it, and it does tie in nicely with last week’s discussion of data theft.

Idaho Power Company sent 230 SCSI hard drives off to Grant Korth salvage to be recycled—without erasing the data first. Eighty-four of these drives, which were packed with confidential company information, appeared for sale on eBay.

Oops.

Simon Garfinkel of Harvard’s Center for Research on Computation and Society has been buying used hard drives on eBay since 2001, just to see what he can see. And what has he seen? Thousands of credit-card numbers, and enough other information to trace the drives to their original owners.

Oops.

Last spring a student bought a hard drive once owned by the police in Brandenburg, Germany, for a mere 20 euros. The information on it should only have been accessible to high-level police and intelligence employees.

Big oops.

Now, the sellers of these drives don’t necessarily know what’s on them. If they did, they’d either use the information themselves or ask a hell of a lot more money for them.

There are people who sell or recycle their computers without making any attempt to erase the data, whether through oversight or ignorance. But what’s more common, according to Garfinkel and others who analyze these drives, is insufficient purging of the drives, even when corporate regulations mandate either complete destruction or degaussing of any drives before they can leave the premises. (Degaussing is a technique involving powerful magnets which essentially causes a hard drive, or other magnetic media, to forget everything it ever knew.)

Reformatting your hard drive before giving your computer away will certainly protect you against casual discovery of your passwords, Quicken files, confidential client records, and so forth. But unless you actually overwrite the erased drive with new data, a skilled hacker can still retrieve and reconstruct far too much information. Installing an operating system and tons of programs does a tolerable job of overwriting, as I learned once to my dismay, but to be absolutely certain you have to do a multiple overwrite with meaningless random patterns of data.

That no longer necessarily falls into the “Kids, don’t try this at home” category. There are several commercial software products designed to do this (see the CNET article below for more details), including iSafeguard Freeware for Windows.

So unless you want your data being sold on eBay, make sure you wipe your drive clean before giving away, selling, or recycling your computer or the external drive you’ve been using for backups.

Of course, if the drive has suffered the kind of crash that means even the data recovery specialists can’t get anything off it, you’re safe.

Source Material:

ComputerWorld: “Idaho Utility Hard Drives—and Data—Turn up on eBay”

TechWeb: “Buyers Scour eBay for Data-Rich Hard Drives”

CNET: “Skeletons on Your Hard Drive”

The Register: “Police Hard Drive Sold on eBay,”

The Ur-Guru's Laptop Alarm

After reading today's Backup Reminder, the Ur-Guru suggested I post a link to the Targus Defcon 1 Ultra Notebook Security System that he uses.

Why is it that I have to post everyone's comments myself? C'mon, folks, it isn't that hard. Really.

FileSlinger™ Backup Reminder 05-05-06: There's Data Protection, and Then There's Data Protection

Last week Faithful Reader Mike Van Horn suggested that since the real purpose of backup, and therefore this newsletter, is protecting data, I should talk about protecting data in other ways, specifically the issue of securing computers against theft.

Unfortunately, I know nothing at all about this subject, apart from the fact that when the Ur-Guru needs to leave his laptop in a hotel room, he puts it in his unbreakable Samsonite suitcase and then uses a cable with a combination lock and alarm to secure said suitcase to a large piece of furniture, like a bed.

I’ve owned and traveled with laptops since 1994 and never had one stolen, possibly because I don’t let them out of my sight (or, usually, grasp) unless locked in the trunk of the car. Mostly, though, I think I’ve been lucky. Actually, I know I’ve been lucky, as on a couple of occasions I’ve managed to leave the house unlocked when I went out, but came home to find all my possessions where I left them.

Iron Mountain hasn’t been so lucky: they just lost more backup tapes. Just because the storage giant acquired LiveVault and its Continuous Data Protection technology doesn’t mean all its data-storage customers have switched from tape-based to disk-based backup. But I’ve talked about the vulnerability of tapes in trucks before (in the March 4, 2005 backup reminder), and nothing much has changed on that front, so I won’t repeat myself here.

Instead I’ll replay my generally-uneducated answer to the theft question and then ask readers for their input.

Mike’s Question:

“I've done a few Google searches on security kits for computers. I'm surprised at the paucity of good solutions. Laptops have cable locks with flimsy connections to the computer that I've been told can easily be broken off. With larger computers, you can encase them in metal, like Robocop, or else super glue a D-ring onto the case, to which you can attach a cable and lock. Why aren't computers designed with a better security connection?”

My Answer:

“I don't know whether people prefer to have insurance, or what. Some people have systems with removable drives, so they can take their data home at night. (Complete computer towers and servers are bulkier to shift than laptops.) Of course, data centers have security guards at the doors and keep the machines in wire cages, with nothing but dumb terminals out in the open.

“The less accessible your machine is for thieves, the less accessible it is for you or your IT repair staff. Most modern tower machines can be opened with a simple latch pull, and unhooking the drive and the various boards is a trivial effort. That makes taking the whole tower away rather beside the point, particularly if it’s your business data they're after and not just salable parts--though they can still realize a substantial profit on anything they rebuild from the components they take from you.

“I think protecting your computers is a bit like protecting your car. A garage that thieves can't get into is going to do you a lot more good than a car alarm.”

One thing I didn’t think of at the time is that there’s a difference between protecting your data and protecting your hardware. Good encryption can protect your data from all but the most skilled hackers even if all your hardware gets hauled off in a truck. (Without off-site backups, though, you may not have any more access to your data than the thieves do.) But encryption, like locks and steel cages, makes working with the data yourself more trouble. This is part of why most of us only encrypt a few files at best. I password-protect my Quicken files and the PDFs of my tax returns, as well as invoices and contracts. I also password-protect sensitive client data, and my own collection of passwords. But anyone stealing my computer or my XHD would still get some pretty comprehensive information about me.

Mike asked what I’d heard from other readers on the subject of protecting computers against theft. Nothing, so far—but I’m hoping that will change. Any of you with experience in this area, please send your recommendations to sallie@fileslinger.com or post them here on the blog (click the little link below that says "comments").

See you next week with more backup news!

FileSlinger™ Backup Reminder 2-3-06: The Mother of All Computer Errors

Today we have another reader contribution, a cautionary tale from writer Noreen Braman:

It may take some convincing, some kicking, screaming and foot-dragging, but when a writer finally gets “computerized,” she soon forgets what life was like without one. Gone are the days of carbon paper, correction fluid and endless retypes. They are quickly replaced by long nights in front of a blank screen, instruction manual in hand.

Shortly after I was finally able to decipher the installation procedures and start working, the six o’clock news began reporting evil computer virus stories. While my mind filled with visions of mysterious gremlins that could wipe out my entire hard drive, I managed to do it all by myself.

Suddenly, my computer had amnesia, and didn’t recognize me, my commands or my files. As the blood drained slowly out of my head, my writer friends’ warning echoed in my ears. “It says in the book to make backup copies,” but I was too busy writing to listen. I had purchased a tutorial to learn the intricate workings of the computer, but never opened it. After all, I know how to drive my car, but not how to fix it. Ditto for the washer, the microwave and the VCR. To me, a computer is just another household machine.

Before pulling the plug, I called a friend with a similar setup.

“You know that stupid computer move we talked about, the one that could wipe out everything?” I began.

“You didn’t,” he answered. “Don’t do anything else, don’t turn it off, I’ll be right over.”

I hung up the phone with a sweaty hand. In my panic, I HAD turned the computer off and on, several times. As I sat and waited for help to arrive, I silently berated myself for joining computer-dependent society. Vicious computer viruses, poised to strike at any minute were chillingly able to wipe out more than a few short stories by a small-town writer. They could delete bank balances, credit records (well, maybe not such a bad idea) perhaps my very existence (I’m sorry, Ms. Braman, according to our computer you were never born.”) I remembered the story of the disgruntled employee, who before quitting, installed a secret program in his company’s computer. Six month after his departure, all the financial records evaporated. There was no way to determine who owed the company money, and customers didn’t come forward, despite please in the local newspaper. The company was forced into bankruptcy.

Back in the 60s, when the President’s Physical Fitness Awards had us all huffing and puffing in grammar school gym class, there was a prophetic commercial running on TV. A robot-person carried a television, from which the face and voice of a real person issued commands. However, the robot either rebelled or malfunctioned, because it abandoned the TV-person who was left to shout commands to the air. The tag line at the end of the commercial said that if you didn’t keep your body in shape, someday you might not have one. Since then, I’ve been wary of depending too much on technology.

All this came back to me as I waited for my friend to come over with a magic wand to make things all better. I concluded that wiping out my hard drive was just what I deserved. After all, I was getting too comfortable with this computer stuff.

As it turned out only a “simple” installation of the operating system was required. My programs and my work were still there, hiding in a parallel computer dimension. My computer-literate friend made me promise to make backup copies and never try to delete anything until I had completed the tutorial that was gathering dust on my shelf.

And I did promise to do it, eventually. After all, I still had some stories to print out, some banners to make for the kids, and a couple of games to try. Yessiree, I’m sure glad my computer is working. I can’t imagine what I’d do without it.

© Noreen Braman

Yes! I finally have a book out! and here is my new blog
See my photos and columns at: Noreen's Digital Dreams

Send in your own backup story and I’ll post it here.

FileSlinger™ Backup Reminder 1-27-06: Three Cautionary Tales

Today’s Backup Reminder comes courtesy of faithful reader Mike Van Horn (mvh@businessgroup.biz).

Here are my three favorite cautionary tales, from my own clients:

1. Pat religiously backs up to his external hard drive. One morning he comes to work to discover that his securely locked office has been broken into. Bypassing the locked door, the thief pounded a hole through the sheet rock wall with a hammer. Pat's computer was stolen—along with the attached hard drive back up.


2. Marge has an automatic backup system that mirrors her office's central server. When the main server went down, she confidently went to the backup server, only to discover that it was not operating. When she asked her office manager about this, the response was, "Oh yeah, I noticed awhile back that the server over in the corner was acting strange, but I forgot to tell you about it. What was that one for, anyway?"


3. Joe had not one, but two redundant back up systems, under the watchful eye of his IT manager, Bob. When one of these malicious viruses corrupted the main system, Bob tried to restore it from the back up, but instead infected the back up as well. Then, while trying to maneuver the second backup server into a better position, it accidently fell off the cart onto the concrete floor, damaging its hard drive. Five minutes, three systems destroyed! Bob was really indignant when he was fired.

Could this happen to you? If so, take a minute now to think about what you can do to prevent it. If not, why not? Post your answers here!

FileSlinger™ Backup Reminder 12-9-05: The Case of the Self-Destructing Database

Just to prove that Mac users can have computer disasters too, here is the story of how a colleague lost his Entourage database (and a chunk of money) but gained liberation. I’ve compiled several e-mail messages into one narrative, but think he tells the story better than I could—including the unexpected up side.

I was using Entourage X (part of Office X for the Mac) and its upper limit for its database (combining address book, calendar items, categories and e-mail boxes) was 4GB. That was the magic number for size past which it asked to rebuild.

When it tried to compress itself at my command, I ran out of disk space on a partitioned hard disk.

Double-Whammy. Each retry further damaged the data.

Drive Savers took 10 days but couldn't fix it. They gave me a range dependent upon how successful they were. I'd used them once before, and pled poverty as I was doing a non-profit newsletter at the time. It ended up costing almost $500 for restoring an old version.

I was sooooo close to running a backup when this happened it could have been backed up. I was also within hours of a long 3 day train trip where I was planning to purge thousands of files and archive old e-messages.

Blah blah blah.

So I lost recent contacts, years of old e-mails.

I upgraded to a newer version of MS Entourage that allows bigger DBs though that might just enable me to repeat my harmful behavior of saving files I never really needed, used or will use.

It's springboarded me to clean up, on and off my computer, and purge lots of stuff.

It's liberating. I wish I'd done this sooner.

The pain is gone and I have improved my backup schedule and built additional redundancies into my actions.

I am using Retrospect for backups and write scripts, then back up to removable drives.

If you have a story of data loss—or data salvation—that you’d like to share, just pass it on to me and I’ll be happy to include it. Real-life stories are much more interesting—and credible—than press releases and laboratory tests.

Guest Article from KRS Edstrom: Computers as Monasteries

KRS Edstrom wrote to me recently with her experience of a computer crash which has made her a backup convert.

---

Computers: Our New Monastery?

My computer recently crashed resulting in 35+ hours of tech support and "new found friendships" in India. Not even in the crazy beginning stages of teenage puppy love have I talked so long on the phone. During those hours I believe I also found new levels of frustration, as in: "My life is passing - and I'm on the phone to India!"

Interestingly, as the hours and days passed, I seemed to actually settle into this Siberian monastery training, and in doing so, two mini miracles took place.

First, during one of the particularly non-productive sessions, I slipped into about 45 minutes of blissful peace. I remember feeling complete surrender in the moment and thinking something like "This is all there needs to be. This is exactly as good a place to be as any." I actually scribbled on a torn scrap of paper, perhaps in an attempt to secure the moment, "I'm so happy about just being me." Corny as it sounds in words, that scrap of paper is plastered on my wall as a reminder of my sweet merge with Now.

[Having said that, let me assure you that while I think "suffering offers exquisite lessons" is a certain punch line to this life, be it known that I am currently on a computer backup rampage that may border on radical. I seek to avoid the same lesson twice.]

Second, although still struggling with language barriers, I finally connected with one of the head techs (at about the 30 hour mark). While waiting for something to load, we started talking about his world - what he ate for lunch, his nostalgia for the "back then" of his country that he never knew, his walks by the sea to "download" and his closely knit tech team. He told me that just a few days previous many of his top techs were injured or killed in an auto accident on their way to a much-anticipated vacation together. He was in the car behind the one hit and could only watch helplessly.

His department was now struggling with the "empty seats" next to them while trying to pick up the slack for being short staffed.

My little computer world and goal list were suddenly yanked into perspective as my heart sprang open to envelop his cubicle. This 22 year old and I talked about the tragedy for the next 15 minutes. I felt such grace from him soaking into me as I tried to offer what solace I could. Had my computer not crashed I wouldn't have arrived in this impactful chance encounter.

[Note to self: Trust the forks in the road and soften into where they lead.]

KRS Edstrom is an author, syndicated advice columnist and lecturer who has appeared on CNN and ABC TV. Her products offer solutions for healthful, conscious living. For her free "Mindful Living Update" ezine, sign up on her website: www.AskKRS.com or e-mail KRS@AskKRS.com.

FileSlinger™ Backup Reminder 9-2-05: Backups in the Air, on the Air, and Underwater

It seems like everywhere I turn these days I hear about backups. I was reading The Everything Guide to Writing a Book Proposal and there, on page 198, under the heading “Protecting Your Professional Image,” is a warning to back up. “One writer, two days before she was due to turn in several chapters to her editor, found that the diskette she had been using to store her work had been damaged somehow, and all those beautifully written chapters were inaccessible.”

Backups in the Air

Early in August, one of my faithful readers (and have I ever told you faithful readers how much I appreciate the fact that you read what I write every week?) told me about an article in Southwest’s August Spirit Magazine entitled “Backup or Else.” Spirit Magazine doesn’t have an online edition, and I didn’t do any flying in August, so I thought I might end up missing it. However, one of my useful geek connections did fly Southwest in August, and discovered that the article was in fact the same one that appeared in the September 6 edition of PC Magazine. As a computing professional, I get PC Magazine for free, and I’d actually just cut that article out. You can read it online, and I urge you to do so. Among other things, it contains two important points in the “Best Practices” sidebar:

1. “If you encounter file problems, the most recent backup of that file may have the same problems. So don’t be too quick to overwrite the older backups.”
2. “Typical consumer backup products don’t save open files. So if you never close your mail file, or you keep a status-report spreadsheet open all the time, it may never get properly backed up.”

There’s also a review of BounceBack Pro, which I want to compare to Pam’s experience once she’s finished setting up her ABS drive.

Backups on the Air

A few days ago I was listening to the Kickstartnews Revue Podcast, and what should I hear but several reminders about backups. The show’s hosts had suffered from a flooded basement which delayed their podcast production, though they were fortunate enough not to experience serious data loss. (This brought up the topic of insurance coverage and the circumstances under which policies will cover you for data loss, in particular loss of third-party data. I’ll be interviewing a colleague on just that subject for next week’s column.)

Backups Underwater

Flooded basements are common anywhere people have basements (they are rare here in California). Common causes are heavy rainstorms, pipes which freeze and break during winter (something else which is rare here in California), and sewer backups (which can happen anywhere). If you have a basement family room or a home office in the basement, then your far-from-waterproof electronic equipment is at risk. I’d recommend storing your backup media or XHD in a place less likely to get wet, say a middle floor of the house (as the attic or top floor is more vulnerable to roof leaks). That also applies to your choice of a place to put the backup server or network drive. Don’t put it next to the window, either--says Sallie whose computer is usually resting under the window all night. (Maybe I should rearrange my room.)

Flooded basements are minor-league problems compared to what’s happening in Mississippi and Louisiana thanks to Hurricane Katrina. In cases of real disasters, just keeping your backups out of the basement isn’t enough. In fact, your off-site backups better be a very long way off site.

I have to admit my own backups wouldn’t save me from a disaster on that scale, and it’s making me think I’d better create some DVDs to send to my parents for safekeeping, not to mention backing up any critical working files to my website. Hurricanes, tornadoes, and earthquakes, though responsible for only a small percentage of the data lost in any year, are the answer to the question “Why would anyone pay a monthly fee for online backup services when external drives are so cheap?”

Do you know someone whose data was drowned in Hurricane Katrina? DriveSavers data recovery service is offering to waive its $200 attempt fee and cut prices by 1/3 for Katrina’s victims.

Next week: “Do your backups meet the requirements of your company’s liability policy?” featuring Charles Wilson of RiskSmart Solutions.

Learning the Backup Lesson the Hard Way

Backup has been a hot topic in the ComputerWorld Blogs since July 31st, prompted by the saga of Joel, who lost the customer's data on July 28th.

I sympathize with Joel, because I've lost customer data too—though in my case I had made a backup, but it didn't work. Apart from the probability of losing both your client and your fee, losing someone else's data is guaranteed to make you feel even worse than losing your own data.

And even IT professionals neglect to back up their data sometimes, as the CW bloggers admit. When was the last time you backed up yours?

Hope for Bank of America

Cashing in on the recent highly-publicized disappearance of Bank of America backup tapes, GST, Inc., of Lake Forest, California, has announced the release of a host-to-tape on-the-fly data encryption appliance called SafeDATA™. The product pages on the company's website include a handy 12-page presentation explaining what SafeDATA™ is and why it's a necessary addition to tape backup systems.

SafeDATA™ is about the size of an external hard drive, but with a starting price of $17, 250, it's not likely to appeal to the SOHO market. Most home-based businesses and independent professionals don't use tape backups anyway, and encrypted hard drives can be purchased for far less money.

But I hope Bank of America's IT department is rushing out to buy them. I don't want it to be my financial data that falls off the back of a truck.

Source: BusinessWire, March 7

FileSlinger™ Backup Reminder 3-4-05: Banking on Backups

Lost backups seem to be the theme of the week. There was the break-in at Lasso Logic (see my March 2 Backup Blog entry), where some enterprising thief (or competitor) made off with the backup servers, for instance. But the big scandal is the disappearance of more than a million SmartPay® records somewhere between Bank of America and its backup facility.

SmartPay® is a General Service Administration program to provide charge cards to government employees and contractors. Bank of America is one of five financial institutions responsible for these accounts, and the missing backup tapes contained customer and account information for 1.2 million government employees, including senators Patrick Leahy and Elizabeth Dole.

If verifying tape backups is rare, encrypting them is even rarer. I don’t normally encrypt my backups, and neither do most people I know.

On the other hand, I keep my Quicken data, my passwords, and any proprietary or financial information about my clients in encrypted files. Doubtless any really professional hacker could still break into them, just as such a person could figure out my Windows Logon password easily enough. But it’s enough to keep casual burglars and curious visitors out of my files.

And if I can do that much, you’d think a bank would realize it needed to encrypt its backup tapes. Banks are, after all, the most obvious targets for large-scale data theft. Bank accounts belonging to the government are, if possible, even more tempting targets. (After all, whose card would you expect to be able to charge more to, mine or Uncle Sam’s?)

I personally find the fact that it was those particular tapes which were stolen highly suspicious, and the disappearance raises a great many questions about other aspects of the transport and security of Bank of America’s backup tapes. Do they send them in armored cars with guards? If not, why not? Pound for pound, the information on those tapes is worth more than cash. If so, then how did the tapes get mislaid? Was this an inside job? Do I need to take my money out of Bank of America? (But if I do, would it actually be any safer elsewhere?)

One hopes that this incident, and certain other recent highly-publicized cases of data theft, will cause financial institutions and other corporations to re-evaluate their backup policies. Continuity Central has some suggestions, including using RFID tags, bar codes, or even GPS locators on the tapes for better tracking, encrypting the tapes, and not using tapes at all. All of those sound like good suggestions to me.

Small and home office users probably don’t need to go as far as bar codes, RFID, or GPS, but I strongly advise you to password-protect not just the backups of any sensitive information you have, but the files themselves. Outlook PST files, ACT! databases, and Quicken and QuickBooks account files can all be password-protected. And your passwords themselves should be password-protected. (There are several freeware products for this, and others which will generate random passwords with as many characters as you want.) If you have lots of sensitive data or many people have access to your office, you definitely need a logon password, and might want to consider a LockBox drive for your backups.

And you might just want to ask your bank what it’s doing to keep your account information secure.