The odds are very high that you won’t need it, and many skydivers go for years without even coming close to pulling the ripcord on their lifesaving spare.
But when you need it, you REALLY need it.
The situation is the same with computer backups.
But whereas most skydivers wouldn’t jump without a recently inspected reserve chute, way too many of us go for months or years without making a backup of our critical data.
Some never do.
And I’ve grown to suspect that nomads are both especially at risk, and especially slack about this critical chore.
Have you checked your reserve lately?
Consider the recent high-profile case of Mat Honan. Seriously, read his story.
If you live any part of your life online, it will chill you to the bone.
In summary, some malicious hackers used a shockingly easy and simple trick to take over first Mat’s Amazon.com account and then through that his Apple iTunes account, and then through that his Google and Twitter accounts. They then deleted his Gmail (erasing EIGHT years of his email archives), and then used Apple’s “Find My Phone” and “Find My Mac” remote wipe feature to in a matter of minutes completely and irreversibly erase his iPhone, iPad, and his laptop.
Among many other things, his laptop contained the only copies of the pictures of the first year of his new daughter’s life.
Irreplaceable, and erased in a moment.
And he didn’t have a backup.
As a senior editor at Wired Magazine, Mat will be the first to admit that he of all people should have known better.
But it is so easy to grow lazy, or complacent.
We all think – it can’t happen to me. What are the odds of a hard drive crash? Hackers? A nasty virus? User error? Sabotage? Theft? A spilled drink? A desk-side window left open in the rain? A cat walking on the keyboard and deleting a key directory? (Kiki did this recently!)
When you start to actually think about all the ways that there are to lose precious priceless data… the odds are actually pretty darn high that someday, sooner or later, we will all face a major tech catastrophe.
It’s not a matter IF your hard drive fails, it’s a matter of WHEN.
And hacking has gotten so automated and easy that almost every week another major site is in the news with a new huge security hole exposed and exploited.
Do you have backups? Do you have a plan for handling a catastrophe? Are you ready for the worst? Are you sure?
Backup Tips for Travelers
Here are some of our tips for keeping your bits secure while living on the road:
- Turn on automatic backups – Before you do anything else, go buy an external drive and set up “Time Machine” if you have a Mac, or some other automatic daily (or hourly) backup system if you do not.
And remember to keep your backups current. If you last plugged in your backup drive six months ago, that leaves a lot of data and memories at risk.
- Be prepared for a LITERAL crash! – This is especially worrisome for us Technomads. Consider, what is your plan if your computer and your backup HD both crash simultaneously – into an oncoming truck?
Or what if your RV fridge starts a fire and burns everything to the ground – including your backup hard drive? What about if your digital gear backpack gets soaked in an unexpected rain or falls overboard while on a ferry boat? It would make a very bad day even worse to have your computer and your backups and your home all destroyed at once.
One way to help is to armor your backups. We’ve been testing out the ioSafe Rugged Portable, which is waterproof, crushproof, and built like a tank. ioSafe also makes a desktop HD that is fireproof too. Both include forensic data-recovery services as an added bonus, just in case of the worst.
(When the next ioSafe model comes out and they send it to us for testing, they’ve invited us to get creative trying to destroy the current model we have. I aim to run it over with a bus and soak it in diesel, for starters…)
- Offsite is a MUST! – Armored backups aren’t enough – what if your computer AND backup drive gets stolen or destroyed in one fell swoop? Insurance may be able to replace the laptop, but it’s not going to replace your data. To recover from this sort of catastrophe, you need to have a backup that is stored far away and safe.
We have backup drives stored with various friends and family members around the country, and when we pass through we update these backups. This way, even if the worst were to happen we’d only lose a few months of data and photos.
In the grand scheme of things, hard drives are cheap, memories are priceless.
- Backup to the cloud, when bandwidth allows – There are some highly regarded online backup services like CrashPlan and Mozy that backup all your files to online servers, for a price. But potentially vastly more expensive than the backup service fee is the overage charges if you accidentally try to backup over a capped cellular connection. And even on an unlimited data plan, most mobile internet options would take days/weeks/MONTHS to upload a hard drive full of data, photos and video.
These sorts of solutions are more appropriate for people with fixed locations and reliable fast and truly unlimited network connections. For us nomads with more limited connectivity, we have grown to love and rely on Dropbox (sign up via this link and you get some bonus free storage, and so do we).
Dropbox works by syncing a shared “Dropbox” directory with the cloud, and it also syncs between your computers. Cherie and I keep the projects we are actively working on in Dropbox, knowing that we are always backed up to each other’s laptops and to the cloud server. If we should we experience a catastrophic event, we can buy or borrow any computer and keep on cranking on whatever projects we were in the middle of without even a day’s data loss. Dropbox also makes it easy to set up a shared synced directory to collaborate directly with friends or clients. Dropbox is cross-platform too, supporting Windows and Linux as well as Mac.
The basic Dropbox accounts are free – and we find the premium service totally worth paying for.
That should cover backups…
Reducing your Hack Risk
But how about avoiding getting hacked in the first place? It would be a bad day indeed to have your Gmail wiped out, your Facebook wall filled with scam posts encouraging your friends to wire emergency money overseas, your bank accounts drained, your credit cards maxed, and Amazon shipping garden gnomes in your name to who-knows-where.
It can happen, all too easily.
A little headache and grunt work now to protect yourself could save untold pain and suffering recovering from an attack later.
But in addition to those must-read articles, here are some of our personal favorite tips:
- Don’t EVER Re-Use Passwords – Often the first thing hackers do when they take over a site is publish the user names, email addresses, and password files for other hackers to try and exploit.
If you use the same password on multiple sites, within minutes of an attack on one site automated tools could be tracking down and taking over your other accounts to post spam or worse.
The best way to protect yourself is to NEVER EVER EVER use the same password on multiple web sites. Instead, use a tool like 1Password to automatically manage all your passwords, and to generate unique and unguessable passwords like “7y0iCT1QApu|3W_E” for every site you connect to.
Yes, this is a headache, but 1Password makes it relatively easy, and can be set up to sync your passwords between your computers and your mobile devices too. For passwords that you can’t avoid needing to type manually, you can have 1Password generate simpler pronounceable passwords too, like “shymuvyjeg”. With a little time, you might even start to actually remember a password like that.
But whatever you do, don’t use real words that can be found in a dictionary!
- Avoid (In)Security Questions – Answers to questions like “What is your mother’s maiden name?” or “What was your high-school mascot?” are often used by sites as part of their password reset procedures. Unfortunately, the answers to these questions are vastly easier to research or guess than almost any password, so this is where a hacker who is after you will often start.
In truth (just like the TSA) these sort of questions do more to give an illusion of security than to actually make things any safer online.
To thwart these (in)security questions, don’t ever give simple literal answers. If forced to answer these “security” questions, you can create random passwords as answers, or creative non-sensical answers. So you don’t forget, save these somewhere secure – just like a password. And just like a password, do NOT use the same security answers on multiple sites!
Just this week World-of-Warcraft and Diablo developer Blizzard disclosed that they have been hacked and the data for millions of users had been taken. The way their passwords were encrypted it is unlikely that hackers will be able to recover people’s passwords, but Blizzard’s entire database of security questions and answers has been taken as well. Everyone who used those same questions and answers on other sites is now horribly at risk!
Some sites let you create custom security questions instead of forcing you to pick pre-selected ones, and this is your chance to have a little fun.
(Read this link for many more hilarious examples!)
Q: Are you really who you say you are?
A: No, I am a Russian identity thief!
- Don’t Lose Your Password Archive! – Make sure that you can get at your password archive so that you don’t end up locked out of all your sites in the event of a serious crash. 1Password supports archiving an encrypted copy of its database to Dropbox, so even if our computers are destroyed we can still get at a copy of our master password file. Keeping your encrypted archive on a USB key or even printed and stored in a safe deposit box might also be a good idea.
- They Are Listening In – If it doesn’t say HTTPS (secure HTTP) in the URL (or on some browsers, show a locked padlock), your web surfing connection in that window is not secure and you should assume that anyone on your local network can listen in, see what you are doing, and steal any passwords that you type.
You may think that you are safe on WiFi in a small-town coffee shop, but what if one of the other patron’s has been hacked and his or her computer is now automatically eavesdropping and reporting new potential targets? This is surprisingly common – older generation Windows computers are notorious for being infested with spyware.
All banks (and now even sites like Facebook and Twitter) use HTTPS to protect you and make surfing even on public WiFi safe. But hardly any smaller sites like blogs or forums bother with HTTPS, and if you use the same account names and passwords on the insecure sites you are opening up the more secure sites for easy hacking too.
- Don’t Trust Big Names to be Smart / Secure – Security is a science, and when done properly data can be encrypted in such a way that it would mathematically take thousands of years for even the world’s fastest super computers to crack.
Unfortunately, all too many websites fail to take security seriously – allowing for hackers to take advantage of them. Even big names like LinkedIn make amateur mistakes, letting hackers easily steal 8 million passwords earlier this year. eHarmony also had its entire database stolen by the same hacker as well. And last year Sony’s entire Playstation Network was compromised – with more than 70 million accounts exposed! Don’t ever assume that a big bank or popular website is actually doing security right. Better to always be vigilant.
- Be aware of Phishing Scams – Don’t fall prey to phishing – which are false messages sent to you intended to trick you into giving up valuable personal information, such as bank account numbers, addresses, social security numbers, passwords and more. More than likely, you don’t have a long lost relative who just passed away in Nigeria who left you 1.25 million Euros, and you just have to provide your account number. You didn’t just win an internet lottery. PayPal likely hasn’t locked your account (especially when addressed to ‘Dear Costmuer’). You don’t have an account at a bank you never heard of that needs you to confirm your SSN right now!
Always hover over the link (or force a preview) the e-mail is wanting you to click on to display the actual URL – if it looks at all phishy, it probably is. For instance a real e-mail from Paypal will direct you to www.paypal.com, but a phishing scam might be more like paypal.phishingscamsitesrus.com.ru. If the e-mail appears to be coming from a business you have connections with and might be real, type the normal URL directly into your browser and log in yourself to see if there’s a warning message – or call customer service.
- Lock Down Your Email! – Do not be tempted to keep a simple password on your email accounts, because hackers know these accounts hold the keys to your entire kingdom. If a hacker gets into your email (whether Gmail, Hotmail, Yahoo Mail, or whatever you use), they can then request “password resets” for other sites (like your bank!), deleting the incoming reset email before you even have a chance to see it.
No matter what you do – keep your email secure. And more than anything – never use the same password for email that you use for ANYTHING else.
- Two Factor is a Good Thing – To connect to a site using “Two Factor Authentication” means that not only do you need to know a password, but you have to physically have something in your possession – making it vastly harder for hackers.
One way this works in high security sites is by using a finger-print or retina scanner, but some sites are now supporting authentication via a confirmation SMS sent to your phone. Some banks and brokerages even give out digital dongles that generate a new unique PIN every few seconds that must be entered to log in.
Google is pushing two-factor authentication via phone now, and it is a great and relatively simple way to secure all your Google-connected accounts. Read more here, and follow this illustrated guide to configure your own Google accounts to be vastly more secure than if they were protected with a password alone.
- Keep One ‘Disposable’ Password – Dealing with unique passwords for every site, service, and app you log in to is undeniably a pain in the ass. And for some sites, it really isn’t worth the effort to jump through the hoops.
Do you really care if hackers learn how many miles you have logged running with Nike+? Or what events you are tracking in the Olympics? And there are plenty of sites that force you to create an account to log in, even if you never intend to return to them again and will not be giving them any personal or financial information.
For sites where security isn’t a concern, it is actually a good idea to have a single easy to remember ‘disposable’ password that you use for quick and simple logging in. Just make sure that you NEVER use this password on any sites where you share any personal information that you wouldn’t want to be stolen and shared with the entire world.
And be careful that a site that you consider ‘disposable’ doesn’t eventually become critical. For example, a lot of people used to consider Facebook a toy, and now it is central to many lives. But how many people have changed their passwords first created years ago to now be more secure?
Online – Use Credit, Not Debit – Aside from arguments if credit cards are evil or not – they do carry one very beneficial feature. If your credit card number is ever compromised and the attackers manage to run up your credit card bill, all it takes is one phone call to dispute the charges (and probably close the account) and you are most likely in the clear.
There are a ton of consumer protection laws limiting your risk, and most credit card companies will go overboard to insulate you. On the other hand, if you have been using a debit card online and the hacker gets at it, in a matter of moments your entire linked account could be drained – and even if you do manage to get your funds returned, it might take weeks. This could seriously derail your travels, or heck, your next grocery outing. Using a debit card online just isn’t worth the risk unless you are extremely careful to limit the funds available in the linked accounts.
But if you are using credit – pay it off monthly. Debt sucks! If you don’t want an actual credit account for whatever reason, consider a refillable card to use for your online shopping instead. You can pick one up at places like Wal*Mart, fill it with some cash and use that.
- Stay Up To Date! – Every new operating system and browser release gets substantially more secure than the ones that came before it. Windows 7 and Mac OS X Lion (and now Mountain Lion) are both pretty hardened against most attacks, particularly if you keep them up to date with security patches.
On the other hand – if you are still running Windows XP or surfing with IE6, you might as well be wearing a big neon sign that says “Hack Me Now!”
If you are still using XP, my best suggestion to you is to make sure your backups are current, carefully disconnect your computer from the Internet, and then smash your old machine with a sledgehammer.
“Nuke the entire site from orbit–it’s the only way to be sure.”
The Internet is a scary place, and it is getting scarier by the day. Now even governments are starting to engage in stealth cyberwarfare!
Even amateur hacker tools have gotten more and more sophisticated – allowing even unskilled online vandals to attempt to hack 100’s of thousands of people an hour. You may think you will never be a target individually, but you can’t hide from a mass attack. These mass attacks feed off of databases of millions of email addresses and passwords, like the ones stolen from LinkedIn earlier this year.
Is all of this a royal pain? Indeed.
Forget the war on drugs, I’d rather see the government fighting a war on spam and cyber-scum.
But the Internet is too much a part of life to even think of giving up, so all we can do is lock the doors, take reasonable precautions, and hope for the best.
So – what will you do to protect yourself?
Don’t tell yourself you’ll get around to upping your security later, because you know well-and-good that later will never come.
Do it now. Start changing some passwords. Turn on two-factor. Lock your online doors.
How recent was your latest backup?
You do have a second backup stored somewhere else too, right?
Be safe out there, and remember to always double-check your reserve chute before jumping online!
Bonus: Password Geekery from xkcd, my favorite web comic: