So, let's start with the axiom: all people are divided into those who have already lost data, and those who have not yet. What is data? Texts, tables, drawings, photographs and everything else that was acquired by back-breaking labor. Modern hard drives and other media are quite reliable, but by themselves they do not protect against data loss.
1. What are we defending against?
- Physical failures: dead hard drive or SSD media.
- Logical failures: accidental deletion or incorrect edits, application damage, file system failure.
- Viruses that destroy data (both classic vandals and modern encryptors).
- Complete loss of the computer (fire, flooding, theft, seizure by the police, etc.).
It is important to understand that one single solution will not protect against all threats. For example, hardware failure protection protects against (1) but not (2) - (4). In addition, some of the solutions used by professionals at home are unreasonably expensive or difficult to use (yes, I know how cool it is to connect a NAS via iSCSI, but try to suggest this solution to your grandmother). Therefore, you will have to apply several solutions at the same time.
2. What is required?
- Additional hard drive in the PC (it is highly desirable that there are at least two of them).
- (32/64/128 ). USB3 ( , , - , ).
- DVD-RW.
- Google Drive, Microsoft OneDrive .
3. ?
We create backups of data both on external media and in the cloud. There must be at least two such copies (in addition to the original).
Data in the cloud and on flash drives must be encrypted, unless you intend to show them publicly. You do not know who and how has access to the cloud, as well as how and where they can leak as a result, for example, of a hacked cloud provider. A flash drive can be sown banally, or it can be stolen. Axiom: all non-public data outside your apartment must be encrypted. This is not difficult. This point will be underlined again in the relevant sections.
4. Where do we start?
The first and very important step: analyze and restructure your data.
A common mistake at home is using My Documents and the desktop to store data. You should definitely not do this. First, these locations are part of an individual user profile. In certain cases (such as a complete reinstallation or reset of the OS, the need to format the system partition), it can be lost along with all the data. Secondly, the mess in these locations makes it impossible to quickly and efficiently create backups.
To store data, you should create separate directories, completely independent of the operating system. If your computer has only one C: drive, it should be reduced to a reasonable minimum (optimal for Windows 10 - 80-100 GB) using Disk Management. We give the vacated space for a new section - D :.
On the new section, create folders for storing data. Two categories should be distinguished: changing and non-changing (archive). For what? The approaches to copying this data are different.
- Changing: various documents (articles, reports, presentations, graphics, etc.) The size of folders with such data usually does not exceed several gigabytes. If more, think about the structure again.
- Unchanging or rarely changing: for example, a photograph or a library.
In fact, you can introduce a finer gradation (for example, add a category of infrequently changing data - archive), but for simplicity we will focus on these two.
Download and install 7-Zip or similar archiver on your computer. The archive format must support encryption of both content and file names (file names cannot be encrypted, for example, in a zip archive).
The last thing you need to get ready is to install an additional hard drive in your PC and format it as E: On a laptop, this is usually not possible, so you will have to skip this step. Alternatively, you can use an external always available hard drive (home NAS, USB hard drive, etc.) along with it, if that's acceptable to you.
Before continuing, consider a very important question: how much of your work can you afford to lose? No backup system provides complete protection against data loss. The only question is how much you will lose. For someone, the loss of even an hour is critical, while for someone a week or even a month will suit. The frequency of creating backups in the next steps directly depends on the answer.
5. The first defense: no one is forgotten and nothing is forgotten
How? By running a program in the background that creates a mirrored online copy on another disk.
What for? We protect against physical and logical failures on the main disk.
What? All data categories on PC.
Important! The method does not protect against viruses and computer loss.
There are many programs on the Internet that allow you to mirror data on a second drive. Backup tasks can be performed either manually or automatically. Here, however, I will describe the simplest way, relying only on the built-in OS tools: the robocopy command and the Task Scheduler.
a) Create on disk E: a text file with the extension .cmd. We write in it a set of robocopy commands in the format
robocopy D:\_ E:\_ /xo /e /purge
The command completely synchronizes the contents of the working and backup folders, copying changed files to the backup folder and deleting from it those that are not in the working folder. Possible problem: due to inconsistencies in encodings, robocopy may not recognize the Cyrillic folder name. In this case, you will have to name the folder in Latin. On the desktop, you can make a shortcut to it, named in Russian.
If desired, you can complicate the command by adding, for example, saving the copy protocol to a file. Robocopy /? help you.
b) In the Task Scheduler, we create a new task, which consists in calling this cmd file. How often the assignment is executed depends on the answer to the question asked in the previous section: how much of your work can you lose? Keep in mind, however, that if you need to revert to an older version of the file you just changed, copying it too often may already be overwritten. Look for balance.
Important! Check the box to execute the task regardless of whether you are currently logged in.
Generally speaking, there is an alternative solution: specify robocopy parameters directly in the job parameters, dispensing with the cmd file. However, this will only allow one folder to be copied in one job, making management more difficult.
This method can be used even if you do not have a second hard disk, but there is enough space on the existing one to create an additional partition (i.e. C :, D: and E: will be on the same physical medium). However, this does not protect against disk failure.
6. Second protection: I carry everything with me
How? Offline copies of data archives on external flash drives.
What for? We protect ourselves from all threats.
What? Changing data only.
Important! You can easily lose a USB flash drive, and someone else can find the lost one. All data on the flash drive must be encrypted.
Important! The USB flash drive for backup can not be used for other purposes. Never connect it to other computers, for example to transfer data from your home PC.
This method is very simple:
a) Create a complete archive of the data folder using 7-Zip or another archiver. When archiving, be sure to select the encryption options for both content and file names.
b) Copy the archive to two or more removable flash drives.
Why two? Because one flash drive can suddenly die or be lost just at the moment when you need data from it. The likelihood of the simultaneous loss or death of two flash drives, combined with the need for recovery, is so small that it can be neglected.
In addition, one flash drive can be kept at home in a desk or in a safe, and the second one can always be carried with you (we protect ourselves from fire, flooding, search in your absence). If possible, one of the flash drives should be kept outside the apartment (for example, at work, if the company's policy allows you to bring your own media, or in your mother-in-law's closet).
Finally, you can keep on a flash drive not only a new archive, but also several previous versions of it. This will allow you to pull out an old copy of the file, which has long been overwritten in other places. For example - if a rarely used file got corrupted a month ago, but you just noticed it when you tried to open it.
How often? On the one hand, it depends on the answer to the same question: how much can you afford to lose? On the other hand, you should not be too zealous, especially if you store several consecutive archives. For frequently changed data, it is probably sufficient to make an offline copy once a week, while for archived data, it may be enough even once every six months. To simplify the situation, you can think over the folder structure (where what data is stored) in advance in order to make separate archives for different categories of data.
Note for advanced. In this section, we create a complete copy of the data. Even if the file hasn't changed since the previous cycle, it will still go into the new copy, taking up space. There are also other backup methods: differential (only files that have changed since the last full backup) and incremental (only files that have changed since the last full or incremental backup). They can significantly reduce the volume of backups, but they complicate their management and data recovery. They are usually used in corporate automated systems. However, in some situations, they may well be used at home. If interested, search engines can help you.
7. Defense three: Big Brother remembers you
How? Copying archives to a cloud drive.
Why and what? The same as in the previous paragraph.
Having the archive copied to a flash drive, we also copy it to the cloud storage (such as OneDrive). Likewise, you can keep several consecutive archives of the same folder there.
Why bother with flash drives if you can just copy files to the cloud? Quite simply: data in the cloud is often synced to your computer. If a virus or attacker gains access to your computer, it will delete or encrypt data in the cloud, just like on the local computer. In addition, data in the cloud (especially in the free one) does not belong to you. You don't know who and how can access and delete them. You can also trite lose access to your account due to password loss, hacker break-in, or coercion to reveal your password by law enforcement agencies. The flash drive in the mother-in-law's closet is not subject to these problems.
Important! Always make sure the archive copy has been successfully copied to the cloud.
8. Fourth defense: the mirror of eternity
How? Copy to external DVD-R discs.
What for? Balance the price and reliability of storing bulk data.
What? Large data that is immutable (such as photos).
In the modern world, information carriers are quite cheap. Nevertheless, in situations where the volumes of even personal data such as photo and video archives can freely reach terabyte sizes, recording on a DVD-R matrix is ββstill out of competition in terms of price / volume ratio. For recording, you can use free software like ImgBurn. Given the fact that many models of modern system units, as well as laptops, do not support built-in DVD drives, you may need to purchase an external one with a USB interface. At the same time, there is no need to chase the data transfer rate especially: the main limitation is the speed of writing to disk. USB2 is sufficient.
Those who generate such amounts of data already know about DVD-Rs, so here the method is given for the kit only.
Important! DVDs are not resistant to fire and smoke. Store them in hermetically sealed containers or individual plastic envelopes. The container with the central spindle should be positioned so that the discs are vertical. Otherwise, they can simply stick together (especially if you leave them alone for several years), and the carrier layer will be damaged when they are separated.
9. Fifth defense: who are you?
How? Controlled write access to data folders.
What for? To make the working dataset as safe as possible.
What? Any data on the scratch disk.
This method does not apply to backup. On the contrary, it is designed to maximize the protection of operating data from viruses that steal and encrypt data. It is specific to Windows 10 computers protected by Windows Defender Antivirus (free, built into the OS).
Important! It is strongly not recommended to keep two or more antiviruses operating in real-time protection mode in one operating system. If you want to use this method, but you have a different antivirus installed on your computer, you should uninstall it and enable Windows Defender.
The main problem with protecting against encryption viruses is that they act on your behalf. They have the same access to the files as you do. If you are unlucky enough to catch a fresh encryptor, not yet known to the antivirus, it can do whatever it wants with your data. Even NTFS access control (if you know what it is) and antivirus heuristics won't save you.
Therefore, in new versions of Windows 10, the built-in antivirus has an option that allows you to delimit access at the process level. In other words, you can allow write access to the document folder for the MS Office package, but not allow everyone else. A scrambler virus usually creates its own process, and therefore when trying to change something in a protected directory, it will be stopped by the antivirus, even if it does not know that it is a virus.
Data access control in Defender is initially disabled, it must be enabled manually. By default, the My Documents folder and a few other predefined locations are protected. You need to add your folders manually.
Important! Each time a new process detects access to a protected folder, Defender will ask you what to do with it. Questions appear in the Windows notification bar. In a full-screen application (for example, in games), they may go unnoticed. Until you explicitly allow the application to access the folder, the application will report errors during recording (for example, the game will not be able to save), and sometimes it will not, but the save will still not happen. Although it looks like a fair amount of hemorrhoids at first, the system subsequently stabilizes, and it becomes necessary to answer questions less and less.
10. Brief summary
So, we have four backup methods and one additional protection:
- mirrored copy on another disk / partition;
- archive on a flash drive;
- archive in the cloud;
- mirror copy to DVD;
- Windows Defender file access control.
The methods described above are as primitive as possible to simplify the task. However, no one bothers (and even strongly recommends) using them to build more complex backup strategies. And the main thing here is the classification of the available data, which only you yourself can come up with.
At the same time, it is not at all necessary to use all available methods to protect each category of data. For example, installation packages of programs that can be downloaded from the Internet at any time do not need to be protected at all, or you can only enable mirroring for them. At the same time, it may be worth using the full arsenal for some categories of important data. For example, store many sequential archives - each on its own flash drive, hidden in several different physical locations (especially important for those involved in political activities in Russia). The decision is entirely up to you.
Oh, and don't confuse data backup with fault tolerance. Although in some ways they overlap, on the whole these are completely different tasks.
Good luck. I wish you never have to check how reliably you really protected yourself.