Backing Up - A Sample Strategy | PCSPECIALIST

Backing Up - A Sample Strategy

ubuysa

The BSOD Doctor
Moderator
Pretty much everyone knows that they should be backing up their data. But why do we do it?

No, it's a serious question. The backup strategy that you select depends entirely on what you're backing up and what you want to protect yourself against.

Some examples....

If ransomware is a big concern then backing up to cloud storage would be a good idea. But Windows has to be running to use cloud storage so cloud storage cannot be used to backup Windows. In addition, cloud storage works well where you have a high bandwidth Internet connection, but for those with significantly slower connection speeds cloud backup takes forever.

If you have a big NAS box and data loss is a concern then setting the NAS box up as a mirroring RAID array would be a sensible solution. That's what RAID was designed for after all. But in a home PC with just one or two drives, RAID is an overly complex solution. In addition, if you need to protect yourself against accidental erasure or updating of data then a RAID mirror won't help you at all.

If backing up your Windows system drive is important to you, so that you don't have to reinstall everything again in the event of a failure, then a local USB attached hard drive is the ideal solution. On the other hand, if ransomware is also a concern then a USB attached HDD will be encrypted along with everything else and so won't help.

What should be clear by now is that there is no such thing as a universal ideal backup strategy. Your backup strategy depends on what it is that you're backing up and what you want to protect yourself against.

I'm not going to try and describe every possible backup scenario and strategy here. What I will do is describe how I backup my system and data, why I use this strategy, and what the principal threats are that I'm securing my system and data against.

First of all then, the why. What threats am I trying to protect myself against?

1. Ransomware. The cyber-criminals behind ransomware don't really target end users much at the moment, but if it becomes harder for them to extort money from corporations they may well move on to end users.

2. Stupidity on my part. Deleting the wrong file, updating or overwriting a file that I didn't intend to. Making a system change that turns out to be a big mistake.

3. Malware. I used a layered security defence so it's hard for malware to get onto my system, but through my own carelessness or stupidity I may allow it in. Restoring a system backup is quicker and more reliable than trying to remove the malware.

4. Mishandling when the case is open. It's not that hard to destroy an M.2 SSD if you're not careful.

5. An act of God. Electronic stuff breaks and it usually breaks at the worst possible moment. If the stuff that breaks is a data storage device then I want to ensure that I don't lose all the data on there.

You'll notice that of those five reasons, three of them are to protect against my actions. The end user is by far the biggest risk to your data and system, so taking backups to protect your PC against you is the biggest reason for doing it!

Next, the how. What tools do I use to backup and why?

Backing up user data is pretty straight-forward, it's just a bunch of files, so almost any file copy tool to copy your data to an external HDD (or to the cloud) will do.

Backing up Windows is much more difficult because Windows opens many of its files with exclusive access, which means that a simple file copy backup tool cannot read them. Instead you need a disk imaging tool, these use the Windows Volume Shadow Copy Service (VSS) to take a snapshot of the drive and they then write that snapshot out to a disk file, usually on an external HDD.

The file copy tool I use is SyncBack (note that I use the SyncBack SE paid for version because I have files that use Greek file names and the free version won't handle those). This is a file synchronising tool that copies files to an external HDD, but it only backups up those files that have changed since the last backup, so it runs quite quickly. SyncBack is very configurable, I only back up the files and folders I really need and I also ensure that a file that is deleted on my PC is retained in the backup for 30 days in case I want it back. SyncBack runs every night so that my user data backup set is never more than 24 hours old.

The disk imaging tool I use is Macrium Reflect. This can take many different types of backup; differential, incremental, grandfather-father-son, or just simple full backups. I take a full backup of my system drive every night to the same external HDD and I keep the last seven images so that I protect myself against my stupidity over the last week. Macrium Reflect automatically deletes the oldest image each time it runs, it also allows a backup image to be mounted as a virtual drive, so I can access individual files and folders in the backup image should I need to.

I have discovered through experience that partitioning the external drive gives better performance. The user data, which is mostly in many small files, performs better when written to an NTFS formatted partition. The drive images, which are single and very large files, perform better when written to an exFAT formatted partition. I thus have two differently formatted partitions on the external HDD.

Because a permanently connected backup drive can be encrypted by ransomware my external HDD is connected to the mains power via a USB controlled switch - from Cleware in Germany. I schedule the HDD to switch on just before the Macrium Reflect and SyncBack tools run and then I schedule the HDD to switch off when they're completed. The external backup drive is thus only online during the backup. To make absolutely sure it can't be encrypted by ransomware I disable the Ethernet adapter before the HDD is switched on and only re-enable the adapter once the HDD is switched off (I user nicrcmd to do that). This means that even if ransomware is running at the time of my backup run, it can't 'phone home' to get the unique encryption key.

The whole backup process is controlled by a batch job that runs at 6am every morning on a schedule via the Task Scheduler. It's actions are these:

Disable the Ethernet adapter
Switch on the external HDD
Wait two minutes for the HDD to come online and settle.
Start the Macrium imaging backup job and wait until it's finished.
Start the SyncBack backup job and wait until it's finished
Switch off the external HDD
Enable the Ethernet adapter

This gives me a local copy of my data (vital if the Internet is not available and I can't get to cloud storage) and the ability to restore my Windows system to any day in the last week. It also means that the external drive is protected from ransomware attack.

For belt-and-braces reasons, and because just as you never have only one copy of your data, you also never rely on just one backup strategy, I also synchronise all my user data in the cloud. I use Google Drive to do that and pay for 2TB of storage, even though I currently use less than a third of that. The (new) Google Drive for Desktop tool does a very god job of keeping my critical data synchronised in the cloud.

My user data, which is irreplaceable of course, is thus in three places; on my PC drives, on my backup drive (which is normally offline) and in the cloud. As I mentioned right at the start, this isn't the only possible backup strategy by a long way and it may well not suit your needs, but it might give you some ideas for your own backup strategy.
 
Top