Since I run three small companies, and since I utilize a decent amount of client data, and since one of my companies is a fully online business, I have to be pretty careful about protecting and backing up my data. Today I’ll describe exactly how I do this within an Alpha Male 2.0 context.

As a guy with an I.T. background, I can tell you for a fact that most small businesspeople are really terrible at backing up and protecting their data. I can give you countless examples of people who lost everything, or at least very important pieces of data, having gone literally years with no data protection or backing things up.

On top of that list are people who think their data is being backed up, but they never actually check to see that it is. I have worked with many firms who had an automated computer backup system that they thought was working, when it fact, the last time it actually fired off and backed up their stuff was a year ago or more.

Even famous authors, including the guy who wrote the Malazan series, who I seriously think is a genius, lost entire books they spent a year writing because they didn’t back up their data properly. So protecting your data is serious business.

From an Alpha Male 2.0 perspective, I require redundancy to maximize my effectiveness and personal happiness. My laptop is where I run my businesses, so it’s quite important. It is always my goal (if I lose my laptop or it dies) to recover via a back-up and fully be running within three hours. That includes the time it takes me to run down to the store, get a new laptop, get everything installed, and get all the data restored. This usually takes several days or weeks for most people; my goal is to get this done in three hours or less.

I have accomplished this goal. I know because this has actually happened to me once. Several years ago, my laptop died, as in totally dead, wouldn’t boot. Within a grand total of three hours, I had a new laptop in my hands that was working fully. Not bad.

Here’s how I’m able to do this.

Backing Up Your Data

I have three layers of backup. First, I use Carbonite as my cloud backup system. It constantly backs up my data to the cloud in the background. This data is encrypted so that even the employees of Carbonite can’t see it; only I can. It only costs about $60 a year.

Next, about twice a month, plus right before I leave for a trip, I copy my entire data structure to a portable USB hard drive on my desk. All of my data files are under just two subdirectories, so all I have to do is drag them to the USB hard drive and wait a few minutes. I use Teracopy to copy my data, since the copy function in Windows is crap.

This way, if I ever need to restore my entire hard drive, I just drag the data back from the portable, and then use Carbonite to refresh any new files in the last week or so. (Restoring data from a cloud backup can take a long time, so I’d rather just use Carbonite for new files, not all of them.)

For my third layer of defense, about once a month or two, I copy the portable backup to a second portable hard drive that I keep in a locked, fireproof safe. My usual portable just sits on my desk, which is convenient, but not very safe. It could be stolen, or it could be destroyed in a fire. People who back up to portable hard drives always seem to forget this. Therefore, I keep a clone of that drive in a locked, fireproof safe that protects it from theft and disaster.

This way, I have literally three layers of backup (cloud, desk portable, safe portable). No matter what happens, I’m covered, even if I’m traveling.

Website Backups

That covers my laptop, but what about my websites? I own about 50 different sites, and those need to be backed up too. Most of them are hosted on a virtual private server that utilizes an automated web backup system that backs them up daily, weekly, and monthly to a giant zip file. Every month without fail, I download a copy of this zip file to have an offline copy, just in case my hosting company goes out of business. I follow a similar procedure for my other sites hosted outside of this company at other locations. These local, offline copies are then backed up to my portable backups using the same procedure I outlined above.

So even if my hosting companies instantly go out of business, or my sites get hacked, or become deemed illegal, or whatever, I will probably experience two or perhaps three days of downtime, and then I’m back up. In the absolute worst case scenario, I might lose about two weeks of comments or posts, which is not a big deal, and I can’t ever envision even that happening.

Data Security

Both my phone and laptop is secured by both a password and fingerprint scanner. In addition, the entire hard drive is encrypted using Bitlocker (a feature in Windows) so if a thief or hacker were to somehow bypass the boot-level protection, he would just find a big pile of encrypted data that would be useless to him.

I also password-protect certain key files on my hard drive in addition to this encryption. So my data protection is pretty solid.

Internet Security

Internet security is beyond the scope of this article, but I thought I’d just mention a few quick basics I utilize. I have a good firewall software (I’m not saying which one), and often use a good VPN service (I’m not saying which one).

I use a complex cipher for most of my passwords, meaning they are impossible to guess, but reasonably easy for me to remember. Every website, service, and app has a completely different password. Most people use the same password (or two or three) for everything. This is very stupid in today’s age of cyberinsecurity.

There are about 15 special passwords that must be even more secure than this, so for these, I use the free Symantec Password Generator to create really long, insane passwords, and change them every 60-90 days.

If you’re an entrepreneur, make damn sure you take your data protection seriously. Most people don’t.

26 Comments on “How I Protect My Data

  1. No Encryption on mobile phone data?

    As general rule for data security:

    First-level Protection doesn’t mean any shit, if the physicality doesn’t belong to you anymore.

  2. There are about 15 special passwords that must be even more secure than this, so for these, I use the free Symantec Password Generator to create really long, insane passwords, and change them every 60-90 days.

    How do you ensure that those generated long, insane passwords to keep in safe place?

  3. Somehow I wonder… If only you wanna to bet $10,000++ (just like in your other blog) << I like your confidence>> in those “default” security products of Microsoft, after all how it becomes easily either using just cheap trick or rather more “professional” service to subvert that b1tL0ck3r protection.

  4. Good god MiratapA. Paranoia much? You’re an example of what I was talking about when guys go overboard with this shit.

    No Antivirus?

    Just standard Defender. Viruses aren’t the problem they were in the 90’s (today the problem is malware), particularity if you never click anything weird or immediately hard shut down your computer if you ever get one of those fake “you might be infected” messages or “you need to update your adobe” messages, which I do. I’m an extremely heavy computer for the past 25 years straight, and I’ve never received a virus. I regularly clean my stuff with CCleaner and scan with Malwarebytes, etc.

    No Encryption on mobile phone data?

    No. I haven’t found a good option for that, and most of the stuff on my phone is cloud based anyway, not locally stored data.

    Are those TWO portable hard drives for regular backups securely encrypted too?

    The active one, partially (several directories are encrypted). The one in the safe, no. Those drives never leave my house but my laptop is constantly outside of my house, so the level of protection is different.

    it becomes easily either using just cheap trick or rather more “professional” service to subvert that b1tL0ck3r protection.

    In the real world, what are the odds that someone is going to break into my home and steal my laptop and bypass the boot security and spend all the time and effort to decrypt my bitlocker? Am I really that important?

    I follow the 2% Rule. I strongly suggest you read what it is here.

    Paranoia is not the path to happiness.

  5. How do you ensure that those generated long, insane passwords to keep in safe place?

    That’s a good question and I don’t think I want to answer that publicly, but I have a system for protecting that.

  6. I learned this lesson the hard way, thankfully at a time when I didn’t have anything irreplaceable on my computer. The hard drive itself died, so I couldn’t even pull it off once I got a new computer.

    I started keeping everything on Dropbox. It actually took longer to buy a new computer than it did to get it back to the way I had my old one (buying a new one was surprisingly tough, it crashed at night and the 24-hour stores didn’t have much selection, and the first one I went to the next day had to get the one I wanted delivered that afternoon). It also makes it easy to access everything from both my phone and computer.

  7. Hey – I know someone who works in the hacking industry (for the good guys, not criminally) for securing companies data and websites.

    I was told that backing up to a cloud service that offers encryption was useless if that company ever gets hacked (which can happen).  He told me make sure that I was encrypting my files, and then sending them off to the cloud, for double encryption.

    Are you doing this?

     

    I tried with one online service, and they were unable to consistently backup the encrypted files (or packet, as its called)

  8. Hmm.. I don’t wanna burst the bubble. BUT the first time your data sent to the internet, your privacy is gone.

    I know it’s shocking and so fucking unbelievable. But as a Data & Server Administrator myself, I could tell you that there’s no such thing called as privacy(and I’m not insane last time I checked).

    I actually could easily read your “encrypted” data, by manipulating how encryption “in our server” work. Remember that for an authentification going; the process is done at our system before you can access your data/privacy.

    We had your data, and it’s safe in the box and so called protected; only you have the key to open. Sure, but dont forget that we control how the “door” specified in our home, even we can modify it on the fly(imagine software and/or server update-upgrade, for purpose or not ?).

    The only barrier here is LEGAL. And as long as we use the data for private thing and don’t going out(eg; selling the data) we’re just gonna be fine(read: For Private RESEARCH).

    P.S. Look at how some of the buffon Internal admin of Twitter doing foolish thing recently, AND how many people surprised that they(Twitter) could do such thing so easily (read DM, delete tweet, copy tokens, etc).

    How is it likely that you could trust your entire privacy for FREE?!! Or Even for < $100 and believing that the company would give a fuck for your privacy?!!

  9. (I forget to mention) In security there’s called a Risk/Cost – Risk/Benefit – Benefit/Cost (ratio) analysis. Which mean practically speaking it’s still OK to Trust “public” providers service, as long as your not someone who’s categorized High Profile(which in the case that cost of breaking a Cloud Server is outweigh the risk & at the same time it has more benefit in doing so)

    So don’t be too paranoid.. although my message here is that it still can be done; and nothing impossible for someone/organization who has resources + enough given time.

  10. The 2% Rule is this:

    If a particular negative result has a less than 2% chance of occurring, don’t worry about it. Don’t even think about it. Proceed.

    How do you square that with your recommended level of cybersecurity?  I assume both being hacked or catastrophically losing all your data at once is way under 2%

  11. One correction to something I said above – I am encrypting my phone. I thought I wasn’t but I am.

    I was told that backing up to a cloud service that offers encryption was useless if that company ever gets hacked (which can happen).  He told me make sure that I was encrypting my files, and then sending them off to the cloud, for double encryption.

    Are you doing this?

    Jesus. No. 2% Rule again.

    I don’t wanna burst the bubble. BUT the first time your data sent to the internet, your privacy is gone.

    Correct, but I view privacy and security as two different things. I have zero expectation of privacy, as I’ve said before. I don’t mind because I have nothing to hide due to an outcome independent Alpha 2.0 lifestyle, and I never break the law. I don’t give a shit if some of my private data or email is sitting along with millions of others deep inside a Google server somewhere. I care more about a human being actually hacking into my financial accounts and stealing my money (or example). Once is privacy, the other is security; two different things (though I realize there is some overlap there).

    We had your data, and it’s safe in the box and so called protected; only you have the key to open. Sure, but dont forget that we control how the “door” specified in our home, even we can modify it on the fly

    2% Rule again. What are the odds someone is actually going to spend the time and effort to do this to me personally? I put it at 0.01% or lower. Therefore I don’t care.

    Which mean practically speaking it’s still OK to Trust “public” providers service, as long as your not someone who’s categorized High Profile

    Correct. If I was a A-list celebrity or nationally known politician, I would have a different opinion on this. But I’m not, and no one reading is, so it’s not relevant.

    How do you square that with your recommended level of cybersecurity?  I assume both being hacked or catastrophically losing all your data at once is way under 2%

    Incorrect. The odds of losing all of my data from a hard drive crash or losing my laptop or something like that are well above 2% in my lifetime. So are the odds of being hacked not by a human being, but by automated software. Therefore, I take the time and effort to prevent these things.

    The odds of me being hacked by an actual human being, who takes the extreme amount of man hours and money to steal and then decrypt my data? Beyond minuscule, so I don’t worry about that. You shouldn’t either.

  12. I know that in the last article Caleb, you said you don’t think Linux makes sense for you right now, but in the future, or for anyone who is interested in a laptop custom built for security, I’d like to recommend Purism (website: puri.sm).

    I don’t work for them, and I haven’t bought one of their laptops (yet), but they’re a “social purpose corporation” (essentially a non-profit) that is explicitly trying to make hardware (laptops and phones) that offers as much security as is possible in this day and age. For example the laptops have kill-switches for the webcam and microphone, so that its impossible for example for someone to hack your webcam and record you (because you can literally cut power to the webcam).

    I’m probably buying their laptop soon and pre-ordering the phone, but I just figured that for anyone who’s interested enough in the topic to read this article (and you, Caleb), this could be something worth looking into.

  13. Good idea fingerprint protecting your laptop.  The silk road dude got caught with his laptop open and logged in as administrator.  Life in prison.  Might have been a tougher case if his laptop was locked long enough for his lawyer file a motion to protect it.

     

    I dont think he did anything illegal either, but the cia seized the server in iceland and they made an example out of him.

  14. FWIW, I quit Carbonite because I thought they were very deceptive. They gave you this whole “install our stuff and don’t worry anymore.” What they didn’t tell you is that by default they didn’t back up video files (presumably because they were very big.) So if you had believed them, had a hard disk crash, only then would you find out that all your movie files were gone forever. It was deeply dishonest, and it was also extremely hard to get around — you have to go in and explicitly tell it to back up each movie file individually.

    It might be different now, but I felt their advertising was so dishonest I will never use their service again. If you have video files and use Carbonite, you might want to check that they are actually backing them up.

     

  15. What they didn’t tell you is that by default they didn’t back up video files

    Never, ever, ever just install a backup program and let it go, regardless of what their marketing says or doesn’t say. You must always go through every setting to make god damn sure its backing up exactly what you want. Backup is too important a function.

  16. I am concerned about data on my phone but easy of use is very important to me. I dont like to have to enter a long password every time for example.

    Likewise, I am conscious about risks associated with easy to guess passwords and using same passwords for multiple platforms but again easy to use is very important, and if too many passwords are hard to remember or its hard to remember what password I used for what service that is also not ideal.

    Is there some technique or method to optimise this?

  17. On a somewhat related and unrelated note, is there some kind of nice tool or app for tracking dates/girlfriends? I am thinking of something like portfolio tracking for investments tools but for dating (since its kind of about portfolio diversification in both cases and when you have many its useful to track it in a graphical way…).

  18. Is there some technique or method to optimise this?

    Get a phone with fingerprint unlocking. Very secure, and you never need to type a password. You just touch the back and it’s on; takes less than one second.

  19. Get a phone with fingerprint unlocking

    What if you get your finger bitten of by a dog and you have to make an emergency call?

  20. Never, ever, ever just install a backup program and let it go, regardless of what their marketing says or doesn’t say. You must always go through every setting to make god damn sure its backing up exactly what you want.

    Not quite. The proper approach is not “am I doing backups correctly?” but rather “am I doing restores?”. The only way to test a backup system is by doing a restore, not by looking at some checkboxes somewhere.

    What if you get your finger bitten of by a dog and you have to make an emergency call?

    You unlock the phone by your PIN or password, of course.

  21. yeah just this week i had to factory restore my iphone and I didn’t back it up, so i lost all my Google authenticator codes that I use for 2 factor authentication, however only a few are a giant pain in the ass to get back.

    I store all my category strong passwords in an excel spreadsheet that is password protected with a strong password that only exists in my head.

    apparently the .xlsx version of excel is near impossible to hack, should look into this more.

    dope article thanks Caleb0r

  22. I store all my category strong passwords in an excel spreadsheet that is password protected with a strong password that only exists in my head.

    apparently the .xlsx version of excel is near impossible to hack, should look into this more.

    The one problem with that is that Android devices don’t support xlsx passwords. But for a computer option that’s fine.

  23. I store all my category strong passwords in an excel spreadsheet that is password protected with a strong password that only exists in my head.

    Feels like too much work for what its worth, but a good option.

    Get a phone with fingerprint unlocking. Very secure, and you never need to type a password. You just touch the back and it’s on; takes less than one second.

    Yes I have that on iPhone but then when I get a message I cannot just swipe or click on the message I have to use the touch button.

    Also to make it really efficient I would need to assign a lot of figer prints from most of my fingers and then there is a security concern that someone could download my finger print data from the phone. That is quite dangerous in my opinion.

  24. Yes I have that on iPhone but then when I get a message I cannot just swipe or click on the message I have to use the touch button.

    Correct, or else the security function would be useless. And really, how hard is it to touch a button instead of swipe?

    Also to make it really efficient I would need to assign a lot of figer prints from most of my fingers and then there is a security concern that someone could download my finger print data from the phone. That is quite dangerous in my opinion.

    2% Rule.

Leave a Reply

To leave a comment, enter your comment below. PLEASE make sure to read the commenting rules before commenting, since failure to follow these rules means your comment may be deleted. Also please do not use the username “Anonymous” or “Anon” or any variation thereof (makes things too confusing).

Off-topic comments are allowed, but Caleb will ignore those.

Caleb responds to comments in person, but he only does so on the two most current blog articles.

Related Posts

Begin typing your search term above and press enter to search.