With all the stories about government agencies and large corporations getting hacked, it’s easy to understand why there are concerns with ‘cloud-based’ backup services. If these big guys can’t stop the hackers, how safe is your data in the hands of a small commercial entity?
Random acts of hacking are completely different than targeted hacks, such as the ones you often hear about in the media. Sophisticated hacking syndicates don’t waste time on targets when they don’t know what’s on the other side. Hackers know that they can grab valuable data from government agencies and large corporations, so it’s worth the time and effort to make them a target.
The real question you need to ask yourself when it comes to backing up and securing your data is “are these backup services better equipped to protect my data than I am?” For the tech savvy crowd, the answer may be no, but for most people the clear answer is yes; these companies that make their living providing secure online storage of data are more focused on security and fighting hackers than you’ll ever be.
Any of these online services can be ‘hacked’, which would generally only provide access to a large amount of encrypted data. This would require the hackers to spend an unknown amount of time attempting to decrypt the data just to see what they were able to steal and that’s just not what smart thieves do. Keep in mind; your small data set amongst millions of others would also have to somehow become a specific target. It’s not that these online service aren’t hack-able, they just aren’t that attractive of a target.
Most people don’t encrypt their data on their own computers, but all online backup services that I am aware of do. When you use an online backup service, your files are encrypted on your own machine before they are uploaded via a secure connection to the company’s storage servers. The files remain encrypted and many give you the option of storing the only key on your own computer for decrypting your data.
While from a security standpoint, this is more secure, if you ever lose your encryption key, your backup data becomes useless without it. Some services, like Carbonite, use a proprietary file system, which adds another level of complexity if anyone is able to get past all the rest of the security.
Keep in mind; you’re balancing what is technically possible against what is most likely to happen. Using an external hard drive connected to your computer will certainly remove the risk of a hacker compromising an online service, but it’s of little use if you’re a victim of theft, fire, flooding, ransomware attacks or other more common scenarios for the average user.
The ultimate backup scenario uses the 3-2-1 method: Three copies on two different devices with one copy off-site.