You know that you need to be backing up your computer (and other devices). Using an online backup service is a good way to do this automatically.
But how secure are online backups?
Let’s see how to use a feature offered by some backup services to ensure that only you can access your data by learning how to set up a private encryption key for online backups.
With IDrive, you can backup unlimited PCs, Macs, iPhones, Ipads, and Android devices into a single account securely. Files and folders will be synced in real-time across all the devices.
The Threat To Your Online Backups
You run the risk of losing the data on your computer (and other devices). Here are a few ways:
- Lose the device
- Device is stolen from you
- Ransomware encrypts your data
- Device dies (stops working)
- Device is destroyed in a natural disaster (fire, flood, etc.)
A backup you keep in your home isn’t good enough, because that backup could be destroyed at the same time as your device, by many of the same causes listed above. So, it’s wise to use online backups (sometimes called cloud backups).
When you install backup software on your device, most software will create an encryption key for you. The creator of the backup software will store that key with your account. Because the key can decrypt your data (make it readable), this gives the company the ability to access your data!
You may think, “I trust the company, so what’s the problem?” Maybe you trust the company itself, but do you trust every one of its employees? And what if the company is hacked? Or what if a government (one in your country or a foreign one) wants to see your data? For these reasons, it’s best to use your private encryption key.
Private Encryption Key for Online Backups To Increase Your Security And Privacy
Instead of letting the backup software create your encryption key, and letting the backup company store that key, you should create your private encryption key and store it yourself. Different companies have different terms for this. You may see it called private encryption key, user-owned encryption key, user-defined encryption key, custom encryption key, or something similar.
When you create a private encryption key, your data is encrypted with that key. So if you’re the only one with the key, you’re the only one who can access your data! That means employees at the backup company can’t, hackers can’t, and governments can’t. (Note that encryption can be broken by those with enough resources and time. But that shouldn’t stop us from protecting our data.)
Your encryption key is like a password, so you should make it strong, just as you’d make a password strong. That means making it long (the more characters, the better), with a variety of character sets (uppercase, lowercase, numbers, special characters).
Now, this is important! If you lose your encryption key, you won’t be able to access the data you’ve backed up. Remember, the backup company doesn’t have your key, so they can’t help you. You must store your key somewhere safe. I recommend putting it in your password manager (I like LastPass).
LastPass helps you remember and manage your secure passwords all in one place. Never forget a password again.
When choosing a cloud backup service, read the security and privacy sections of their website. Look for the words encrypt and key. Also, check their privacy policy to see how they handle requests from law enforcement.
Why?
What if you’re not trying to hide from law enforcement?
Well, it’s not necessarily about hiding from law enforcement. The reason it matters is that if the company can give your data to law enforcement, that means the company can access your data, which means any rogue employee at the company, or anyone who hacks the company, can also access your data. So if the company says it can’t give your data to law enforcement, that usually means the company itself has no access to your data. For example, the IDrive Privacy Policy states,
If we provide your files to a law enforcement agency as set forth above, we will remove encryption from the files before providing them to law enforcement only if a default encryption key is used. We will not be able to decrypt any files that are encrypted using a user-defined encryption key.
In other words, if you choose the default option (let the software create your encryption key, and let the company store it), the company can access your data and provide it to others. But if you use your private encryption key, they can’t.
As important as they are, security and privacy aren’t the only criteria to consider in an online backup service. Here are some other questions to ask, about the company and its service:
- How will my data be secured at rest (in storage)? How will it be secured while traveling (in transit)?
- Can the company see my data?
- How long has the company existed? How long has it been providing online backups?
- How do customers rate and review the company and service?
- How much storage do I get?
- Does the backup software run on all the operating systems my family uses?
- What happens when I delete a file from my device? Does it stay in the backup? How long?
- How many of my family’s devices can I back up?
- How many versions of each file are stored?
- What’s the cost?
IDrive is a cloud backup service that lets you create your private encryption key. Because of this, as well as the combination of other features and cost, I like IDrive as a provider. I also like SpiderOak, a company known for its strong stance on user privacy. Other backup services let you use your private encryption key. Here’s a list of a few I’m aware of:
I know there are others, and if there’s one you recommend, please leave a comment!
If you’re interested in IDrive, you can use this link to get 25% off your first year!
If you use an Apple iOS device (iPhone or iPad), you have the option of using Apple’s iCloud to back up to Apple’s servers. iCloud uses a private encryption key. According to Apple,
Your data is protected with a key derived from information unique to your device, combined with your device passcode, which only you know. No one else can access or read this data.
In addition to using your private encryption key, you should take other steps to protect your online backups. Those include using a strong password on your account, enabling two-factor authentication, and setting good security questions and answers.
Private Encryption Key for Online Backups – Further Reading
- The best online backup services for 2020 (pcmag.com)
- IDrive® ensures strong security and privacy (idrive.com)
- Questions on data security in online backup, secured access and more (idrive.com)
- No Knowledge, Secure-by-Default Products (spideroak.com)
What You Should Do
- Choose a cloud backup service with strong security and privacy protection, which allows you to set your private encryption key.
- Set a private encryption key for your backups, and securely save it.
- Take other steps to protect your backups (strong password, two-factor authentication, security questions, etc.).
With IDrive, you can backup unlimited PCs, Macs, iPhones, Ipads, and Android devices into a single account securely. Files and folders will be synced in real-time across all the devices.
BackBlaze provides astonishingly easy and low-cost cloud storage for your files. You can automatically back up your Mac or PC files and access them anywhere.
Sync makes it easy to store, share, and access your files from just about anywhere. It also provides privacy protection with end-to-end encryption, ensuring your data are safe and secure in the cloud.
Carbonite helps protect personal and business data from common forms of data loss. It also offers excellent defense against ransomware attack, hardware failure, and even for device loss or theft.
I just got iDrive and chose a private encryption key. I’ve installed the client on 2 Windows PCs so far. While testing out the backup and restore functionality, everything works nicely but I noticed that the client doesn’t ask me for my private key anymore no matter how I log out, sign out, disconnect, shut-down, restart, etc. What gives? Is the private key stored on my PCs now? This means one unattended computer can allow access to the data from all other sources. Please help.