Practical Encryption: Backing Up Your Data

Scenario: Like most law firms, your data is growing day by day and you want to make sure you’re both (a) backing up that data, and (b) keeping the data secure.

Typical Solution: While most lawyers have developed good habits regarding backup, the security of that backup file is rarely discussed or addressed.  Files are often simply copied to an external drive or burned onto DVD/CD.

Problem: There’s a tendency to view backup files as something separate and distinct from your active files, and as a result, to worry less about the security of that data.  But data is data and you’re just as vulnerable to a data breach on your backup data as you are on your primary device.

Solution: It’s difficult to give a single solution to backing up securely given that each firm’s backup strategy is different.  But in general, there are a few things you can do:

  • If you’re doing a one-off backup of a file or small set of files, consider using a simple encryption tool like TrueCrypt to place a copy of those files inside an encrypted volume.  You can then backup that volume to an external drive or DVD.
  • Consider a cloud backup tool that includes in-transit and at-rest encryption.  Mozy, for example, offers a backup option that allows you and only you to hold the decryption key.  Data is encrypted locally before being copied to the web for backup and therefore vendor has no way of accessing the data.  Just don’t lose your password!
  • Look in your backup software settings for encryption options.  Many of the tools used for automatic backup, particularly those that ship with external hard drives, offer an option to encrypt the backup file. The options may be disabled by default to make the software slightly easier to use.

– By Joshua Poje

This post originally appeared on Law Technology Today