Your backup drive needs a backup plan: Three ways to safeguard the data

Files on your backup drive may be as vulnerable as those on your PC, unless you take some important precautions.

Congratulations on backing up your PC--but you aren't as safe as you may think you are. Files on your backup drive can be just as vulnerable to disaster as files on your main system are. Most recently, CryptoLocker demonstrated that an external drive connected to a PC--a secondary hard drive, for example, or an external USB hard drive used for backup--could fall victim to ransomware just as easily as the PC on the other end of the cable.

"A lot of people got burned by CryptoLocker because their attached backup drives were also encrypted by the Trojan," says Dwayne Melancon, CTO of enterprise security company Tripwire. "CryptoLocker encrypts local data files, but it also looks for attached storage devices, network shares, and other storage locations connected to your computer."

+ ALSO ON NETWORK WORLD Storage companies to watch +

Don't let a CryptoLocker-style catastrophe happen to you. Here are a few options for protecting your backup drive against such attacks.

Disconnect your backup data

Marc Maiffret, CTO of security software firm BeyondTrust, sums up the most common-sense solution: "Make sure to back up to a media that can be removed physically from your system and stored offline."

This approach is less convenient, of course, but it's a good habit to form for a couple of reasons. First, it moves your backup data out of harm's way if ransomware ever infects your PC. Second, if you store the backup media in a fire safe--or better still, offsite in a safety deposit box, the backup may survive even if a natural or unnatural physical disaster destroys the original data.

One option is to back up your data to less-volatile media such as recordable CDs or DVDs. Once a recording session is finalized, the data should be safe from malware threats even if the disc remains in the drive. The downside of using optical discs is the media's much smaller storage capacity compared to a modern hard drives, meaning that performing a full backup may require multiple discs.

Back up to the cloud

Rather than backing up locally, consider using the cloud. Cloud backup applications generally run as a background service that the system doesn't view as an attached or networked drive. As a result, malware threats are unlikely to spread directly to cloud backup.

Most modern backup systems use a proprietary storage format for further protection. "This makes the backed-up files unable to be read or written to by common malware," says Paul Lipman, CEO of Total Defense, which sells online backup services as well as antivirus and security software. "It doesn't mean it's impossible--it's just highly unlikely. Malware generally works by attaching to existing files on the system; and in cases of proprietary storage formats, the malware would not be able to infect the backup directly."

Note, however, that most cloud backup services automatically sync and update data. If your local PC is compromised, you'll want to disable the service to prevent the compromised data from overwriting your good backup data.

Back up multiple versions

The most effective way to safeguard your backup is maintain more than one copy of your data.

There are two ways to do this. First, most security experts recommend backing up your important data to more than one location. For example, back up to an external USB drive that you disconnect when it's not in use, and also use a cloud backup service. That way if infection or physical disaster compromises either backup, you'll still have a good copy of the data.

The second way is to maintain version histories of your files: Save multiple backups from different points in time, and choose a cloud backup service that stores more than just the most recent backup, so you can restore data from a time before the compromise occurred.

"I go a step further and also create several generations of local and off-site image backups of my computer, so I can quickly restore one of them if my system is lost, compromised, or otherwise unusable," Tripwire's Melancon says.

Your backup drive needs a backup plan. Without one, you're not much better off than if you'd never backed up in the first place. Follow one of the methods laid out here to ensure that your backup will be there--in readable form--when you need it most.

This story, "Your backup drive needs a backup plan: Three ways to safeguard the data" was originally published by PCWorld.

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies