Protecting Your Data

Data! Data ! Data! We are awash in data. Photos of kids, grandkids, and pets. MP3 files of our favorite music. Video files too. Writer's have their manuscripts on computers, anyone who deals in knowledge has their intellectual property on a computer. Then there are personal financial records, from tax returns to bank records, to utility bills.

If it is on a computer, IT WILL BE LOST!! Hard drives fail. Laptops get stolen, or even just dropped. A few years ago there was a news story about screenwriter Martin Scorsese having his laptop stolen. He was reportedly working on a screenplay and lost hundreds of hours work, not to mention financial records and more, when his computer was stolen. He had been very careful to keep backups on an external hard drive. It was sitting on the desk next to the computer. Yep, the thief took it too!

Another noteworthy incident occurred one day as I was walking down the street in San Francisco beside a well-dressed businessman who was carrying his laptop in a conventional laptop bag. Suddenly as he swung the bag, it came open and his laptop flew out, arced thru the air, and hit the pavement, visibly shattering into many pieces. The sudden, catastrophic loss of a laptop is almost too horrible to contemplate, yet it happens every day. Protect your data!! Hardware can be replaced. Data is more difficult.

We think of computers as devices for holding our data, but all too often they are devices for losing, or destroying data. There is nothing so unsafe as data on a single computer, especially if that computer is a laptop.

Then there are the bad guys, the intruders who want to steal our data for nefarious purposes. If someone finds your tax returns they have all sorts of sensitive information. Bank records and more are subject to being stolen by someone gaining remote access to your computer. In this case you do not lose the data, but someone looks over your shoulder, figuratively speaking, and makes their own copy. Malware infections are the usual vehicle for such loss, but there are many avenues of such loss.

We therefore have several distinct needs. Relatively non-sensitive data such as the grandkids photos may be shared but must not be lost, but at the same time, sensitive data such as Tax Returns must be kept hidden from prying eyes no matter what happens to the computer it is on. We must protect from loss, as well as unauthorized access.

There are three important tools that should be used to protect your data. The first and arguably most important tool is Encryption. Sensitive personal data should NEVER be allowed to sit unencrypted on ANY computer. Whether Mac, Linux or PC, most systems have a “Documents Folder”. This folder, or at least the part of it where sensitive data resides, should always be encrypted. It is a shame that the tools and techniques to do so are not more obvious, and more accessible to average users. In most versions of Linux there is a standard option to encrypt the home folder. Few users bother. Windows includes the ability to encrypt the “My Documents” folder, or any other folder on the system. Although you have to dig a bit to find and use it effectively. Simply right-click and select properties. Then select advanced. Place a check-mark in the “Encrypt” checkbox. Microsoft gives details in the almost impenetrable KnowledgeBase Article “Best Practices for the Encrypting File System”. It is a shame they do not make this more obvious and accessible to the average user. Still, with a little effort it can be used effectively.

The Mac too, since it is fundamentally Unix based, can encrypt the home folder, although like the PC, it is kinda hidden and not so obvious to the average user. Check the “Security” applet in the System Preferences menu. Selecting “FileVault” allows setting a password and encrypting the entire home directory. Encrypting individual folders is even less obvious, but this MacWorld Article explains the process in gory detail.

Another, more advanced solution is to encrypt an entire system. The free Open Source program TrueCrypt can encrypt an entire hard drive where Windows is installed. This is a powerful option and one I think highly of, but there is nonetheless a hole, especially in laptops, in that when suspended, the encryption is still “unlocked”. So if you leave your system unattended while “sleeping”, someone might gain access to the data therein. Despite this, the level of security added by full drive encryption is immense IF you need that much security. Encrypting an entire drive might be overkill for the average user, so before embarking down that path think carefully about your needs. But if you need it.....

Encrypting drives or directories helps immensely when a machine is stolen, but when it is sitting on a desk, logged in and accessible, the encrypted folders are unlocked. Someone who walks by the desk and sees the computer, or who gains remote access via a malware infection can still get the data. Especially sensitive data such as financial records and the like, ideally, should not be unlocked except when actually working on them. This is where TrueCrypt or 7Zip can be very helpful. Keeping data in a locked volume or archive except when actually being used greatly reduces the chances of someone gaining access to it.

Encryption is a powerful tool, but far more difficult to use than it should be. Still, I strongly suggest every user should encrypt at least the folders that contain sensitive information such as financial records and such. TrueCrypt and 7Zip are free, open source utilities that can be very useful in this regard. I strongly advise everyone to invest the time and effort to play with them and learn what they can do, and then use them. There is a little bit of a learning curb, but not much, and it is well worth the effort. The online support forums associated with each utility are very helpful to new users. Download the software and play with it and it will soon become your friend.

The second important tool to protect your data is External Storage. Always remember that ANY data that only exists on a single computer, or lone external storage device is data that is almost guaranteed to be lost. USB Flash drives are becoming ubiquitous. I recently purchased a 32 GB thumb drive that cost less than $20, and is incredibly tiny. There are also external USB hard drives that hold terabytes of data and are very inexpensive. The problem with such devices is that (a) they are easily lost, or stolen, as well as (b) easily damaged. Thus data on these devices can be easily accessed by anyone who gets their hands on it, and if they represent the only copy, the data is easily lost whether the device itself is lost, or the device simply fails. The best solution to (a) the first part is to use TrueCrypt to encrypt any data on them. Then when the device is inserted into a computer, the owner will be prompted for the password before access is granted. Without the password, there is no access. The encryption is very secure. Even the FBI or CIA cannot easily crack it, if you chose a good password. But do not forget that password! If you do, your data is lost! It cannot be recovered.

If you're REALLY paranoid, TrueCrypt includes a feature called “Plausible Deniability” whereby a drive or device can be set up with two passwords. Enter Password A and you see innocuous, non-incriminating data, but enter Password B and you see the really secret stuff. This way, if someone forces you to reveal the password, you can do so by revealing Password A, and still keep your secrets. In theory you can then play dumb as to the possibility of additional data being hidden on the drive, but this won't fool everyone as knowledgeable security experts are well aware of this trick. Still, it can fool those less adept at such things and is a useful tool if you need it.

The solution to (b) the second part is simple redundancy, that is to simply have more than one copy. If you want to keep your financial records on a USB Thumb Drive, buy two identical drives, encrypt both with the same password, and keep the data identical, in sync, on both. Keep one in your safe, the other in your wallet, or laptop bag. Synchronize them regularly after any changes in the data therein.

There are innumerable tools and utilities that will synchronize data between two volumes. There is not, as far as I know, a facility within or intended to work with TrueCrypt for keeping two encrypted volumes in sync, but by mounting the two copies on a computer and using any of dozens of sync tools, we can easily keep things in sync. Microsoft offers a free utility called SyncToy which will do this nicely in the Windows world, and I am sure there are many ways to do something similar on the Mac.

For many users, simply placing their sensitive, financial other information on an encrypted volume while leaving the grandkids photos and such unencrypted is perfectly satisfactory. There is no real need to encrypt the entire drive, or even entire Documents folder. Placing those sensitive elements on an external encrypted volume, and keeping a duplicate storage device in sync is not a huge burden.

Even though we do not need to encrypt them, the Grandkids Photos need to be duplicated to an external volume, and that volume should be kept in a secure location, not sitting on a desk next to the PC. An external USB hard drive kept in a safe is one way. You can also burn the less critical material to a Data CD and place in a safe place. The important thing is to remember to duplicate everything you do not want to lose if the computer crashes or is stolen.

The third important tool you should use to protect your data is “Cloud” or Off-Site Storage. Sometimes real disasters happen. Houses burn down, earthquakes collapse buildings, and so on. Even thumb drives in fireproof safes can be lost to a serious disaster. Having a copy elsewhere is a great idea. Simply mailing a CD of important data to grandma from time to time is a great idea. Simply copying the latest batch of pictures to a Data CD or Data DVD, and dropping it in the mail solves a lot of problems. But critical financial data and the like may have more immediate needs. In today's world of ubiquitous and competitive Cloud Storage providers, it is easy to keep a few GB of data for free, in the “Cloud”. Services such as DropBox, PogoPlug, Box.net and others will gladly give you some free space, in hopes of enticing you to buy more. You can encrypt sensitive data in a Zip archive using the Open Source 7Zip archive tool, and store the encrypted file in the Cloud service.

Services such as Carbonite, Mozy, DropBox and Google Drive also provide realtime backup services for data that is changing frequently. For example I am working on a manuscript, several actually, and I keep them in a DropBox or Google Drive folder. As I update them, the changes are silently and automatically copied to the “Cloud” as well as all of my other PCs, and even my iPad. The most current version is immediately accessible everywhere.

This particular little document nicely illustrates how this works. I am writing this on my Mac, using Open Office Writer, and the file resides on my local hard drive in the Google Drive folder. On the bar at the top of my screen is a tiny Google Drive logo that tells me that I am connected to Google Drive. I hit 'Save' in my word processor and that little Google Drive icon begins to “squirm” slightly, indicating activity. If I hover the mouse over it, it pops up a text balloon that says “Syncing 1 item” and after a couple of seconds it returns to the solid icon and says “Sync Complete”. At this point I could move to my PC, and open the Google Drive folder on it, and the document, with all the latest edits will be present. Most of these services also allow for going back and recovering previous versions of a document after changes have been made. If you delete something and save the file, it can still be recovered from the Cloud service.

Sometimes there is a need to simply keep prying eyes away from your data. Perhaps it is data that is neither sensitive nor critical, but you just wish to keep it hidden from view. Folders can be hidden in Windows by simply selecting Properties and setting the “hidden” attribute. They are still there, and can easily be found by anyone who knows how to look for them, but the casual observer will not see them. Apple probably has a similar capability in their operating system as well, although if so I have not discovered it yet. There is however an easy trick for hiding a folder on ANY Unix, or Unix-like operating system. Here's how to do it on the Mac.

First let's create a dummy folder to play with. In the Finder, open the Documents folder, and create a new folder named TestFolder. Simple, easy and completely visible. Next, open Terminal. Type “cd Documents” and hit enter. Then type “ls -la”. You will see a listing of the contents of your Documents folder, including the new folder, “TestFolder”. Next type “mv TestFolder .TestFolder”. You have simply renamed the folder, pre-pending a dot to the name. Now go back to your Finder window. The Folder is GONE! Actually it is still there, but invisible to Finder. If you go back to Terminal and type “ls -la” again, it appears as “.TestFolder”, but Finder remains oblivious to it's presence. Type “mv .TestFolder TestFolder” to rename it again, and it suddenly reappears in Finder.

Note that in this case the file is neither encrypted nor password protected. It is merely hidden. Sometimes that is enough. Do not however mistake hiding a folder for any sort of real security, but obvious caveats aside, it can be a useful tool.

Remember, any data on a computer, and only on a single computer is data that is guaranteed to be lost, and any data that is stored unencrypted is data that is guaranteed to be stolen. A combination of both local external, and off-site storage, whether “in the Cloud” or simply in the hands of a trusted relative, is supremely important to prevent the former, and encryption is important to prevent the latter.