The Dangers of Online Backup Services

Many publications, including a few our own articles, recommend using cloud services for backing up information. Last week we had a call from a customer who lost a bunch of documents precisely because he was using an online backup service. How is it possible, and how can you protect yourself from this to happen? Read along to find out!

Contents

1. Your Cloud Backup Can Destroy Information
2. Making Cloud Backups Safer

Your Cloud Backup Can Destroy Information

When you back up your data into the cloud, you’re effectively relying on someone else to take care of your information. Not only do you give the online service permission to read all your files; you’re also allowing the service to sync information. But what is that ‘sync’ thing you’re agreeing to when installing Dropbox or allowing Microsoft OneDrive to take care of your documents by using your Microsoft Account as a login?

Effectively, by enabling cloud sync, you’re giving permission to the cloud service to add, modify and delete files on your computer. While this is a great thing of convenience when working with data from multiple computers, it’s unfortunately rather likely for your authentication credentials to leak, especially if you log in as a guest from untrusted computers (Internet cafes or Web kiosks at the airport). If a malicious person hacks into your cloud account or simply steals your login and password, your files in the cloud can be compromised. It’s even worse than that! A malicious person who hacks into your account can simply delete all files from the cloud, and those same files will be deleted from your computer.

Another scary scenario happened to one of our customer a couple months ago. Some time ago, he set his laptop to sync with the cloud to allow his documents sync freely between his desktop computer at home and his laptop on the go. As time passed by, he decided to purchase a new laptop, handing down the old one to the kids. Can you sense the problem? The kids needed more space on the laptop’s hard drive to install games, and simply deleted the entire Documents folder. Fine, since the data was backed up in the cloud anyway, and there was a copy of all files on the desktop… Wrong! Moments after the kids deleted the folder, the cloud sync picked up the changes and deleted those documents from the cloud. Step two: the cloud sync app on the desktop computer picked up the changes in the cloud and wiped the Documents folder on the desktop computer.

Boom! What once appeared to be a bullet-proof backup scheme just caused exactly the opposite: the complete loss of all synced data. We were able to help the customer by selling him our Office Data Recovery tool which was able to recover almost everything from the desktop and extracting the rest from the kids’ laptop. There is no chance to recover deleted files from the cloud once the wipe has been committed.

Making Cloud Backups Safer

So what can you do to secure your cloud data against hackers, and to protect your files from being accidentally deleted? There are a few simple steps that help tremendously without adding too much extra burden.

1. Set up two-factor authentication (if you haven’t already). Two-factor authentication will ensure that no one can have access to your cloud data if they don’t have access to the secondary authentication factor – even if they steal your login and password. If two-factor authentication is enabled, you (and everyone else) will have to enter a single-use password sent to your mobile device or generated in a mobile app. If you don’t have one on you, many implementations of two-factor authentication allow pre-printing lists of single-use codes for emergency (e.g. you can print a list of 10 codes for signing in to your Google account). Note that you’ll have to deal with two-factor authentication just once on a new device (or until you sign out of the service if you’re using a guest PC). Two-factor authentication helped reduce account theft by more than 80%.

2. Maintain an offline backup. Is it really that difficult? Most cloud services will only provide a limited amount of storage space (5 to 15 GB depending on the account). That can be extended to maybe 30 GB of free space if you sign up for additional services (e.g. automatic picture upload in OneDrive). Just spend some $25-30 to buy a fast, reliable 64 GB USB flash drive and back up your files periodically. Need more than 64 GB? Spend $60 and get a 2.5″ portable hard drive (WD, Toshiba etc.) which gives you 2 GB of space. Bundled with a USB3.0 interface, these backup drives will allow transfer rates of about 100 MB/s, making the backup really fast. Don’t forget disconnecting the drive and storing it in a safe place after you’re done with the backup!

3. Maintain an automated backup of your personal files via Windows File History. If you have more than one hard drive in your computer, or if you simply plug a flash drive into a spare USB port, you can set your Windows 8.1 or Windows 10 PC to automatically backup copies of your personal files onto that drive. Open All Settings -> Update & Security -> Backup, and under “Back up using File History” click “Add Drive”. Add a USB drive (or an external/internal hard drive), and copies of your files (such as documents) will be saved there. The best part here is that you’ll have access to multiple versions of the same (e.g. if you saved the file while editing). These backups are not automatically deleted if you erase a file.

Alternatively, you can activate this feature through classic Control Panel via Control Panel\All Control Panel Items\File History

4. If you hand down your computer, sign out and delete your Windows account first. If you’re giving away a mobile device, delete your account (Google, Apple, Microsoft etc.) and perform a full factory reset before you give it away.