When it comes to encrypting your backups, is data loss or data theft your bigger threat?
You've got a great backup strategy. You've got Time Machine, an offsite clone, and all your important but not sensitive files are uploaded to the cloud, on someone else's servers. Then disaster strikes. A fire takes out your family iMac and Time Machine and all the irreplaceable photos of your kids and your life together. You have backups, though, so you don't worry much. Until you remember all the photos you scanned — the ones that are now ashes — were still sitting in a folder waiting to be added to your online library. But, offsite! You rush out, grab the drive, come home, plug it in, and—error! You try everything you can to get it to mount but it's useless. Finally, you try data recovery. And then you remember: You encrypted the drive. There's no way to recover anything on it.
You've got a terrific backup strategy. You've got a Time Capsule, you make a clone, and everything gets automagically uploaded to the cloud. Then disaster strikes. There's a break-in and your MacBook and all your drives are stolen. You have an online backup, though, so you don't worry much. Until you remember all the photos you stored on that drive — photos you wouldn't want anyone to ever see. But, they must be safe, because there must be a login or something, right? RIGHT? You try to put it out of your mind until some time, a month or so later, you're browsing that subreddit, click on a pic, and your face ghosts. It's you. All of you.
In the course of writing about how to encrypt your Mac backups, I wanted to make sure I was doing it right, so I reached out to a few people I know who either work making backup software or work in IT and make a lot of backups. I wanted to know what was the best way to do it — just encrypt the drive and then start the backup, or was there more to it than that?
The answer I got was that, in some cases, there was slightly more to it, which is what I expected. Then I got something I didn't expect: a recommendation to not encrypt backups.
Now, I'm not paranoid, but my thinking for the last few years has been "encrypt everything!" I was surprised anyone, in today's environment, would suggest otherwise. So, I asked why.
The case for unencrypted backups
For some people, the ability to recover data is the most important thing. Whether that data consists of old family and baby pictures, tax returns or business records, novels written, or old POP email exchanged, it's a treasured possession and any loss would be heart-wrenching or legally troubling.
In a perfectly backed up world, it wouldn't be a concern. Everything would be copied multiple times, both in the real world and up in the cloud and the data would be safe against anything short of alien invasion.
But the world, especially the backed up one, is seldom perfect. Backup routines falter, drives fail, and not everyone is comfortable putting everything on someone else's servers. It's possible that, at some point, you'll find you need something, and that something will only exist on a drive or drives that have failed.
If those drives are unencrypted, you'll have several options for getting to the data, including ultra-expensive recovery services should what you need be valuable enough for you to consider that option. If those drives are encrypted, though, the only thing you'll be able to recover is some metal for recycling.
Data loss is what many experts in the backup business will tell you they see far more often than data theft. And, because of that, you're better off skipping encryption and setting yourself up to fail safe rather than secure.
The case for encrypted backups
For some people, the ability to protect data is the most important thing. Whether that data consists of personal and intimate photos and videos, private business records, code written or files from clients, it's an incredible responsibility and any leak would be embarrassing and potentially career-ending.
In an ideal backup situation, it wouldn't be a problem. Everything would be locked down, locally and on the cloud, and every bit of data would be secure against anything short of the rise of the machines.
But problems, especially backed up ones, aren't always ideal. Hackers, spearfishers, con-people, thieves and other bad actors are out there and, once something exists, there's potential for your system to be compromised and a drive containing your data to be stolen.
If those drives are encrypted, there's a likelihood your data will still be safe. Those without the time and resources of a nation state might effectively be unable to extract anything useful whatsoever. If those drives were unencrypted, on the other hand, your data would be easy pickings.
Data theft is what many information security experts will tell you is the growing threat. And, because of that, you're better off encrypting everything and making sure if anything fails it fails secure rather than safe.
To encrypt or not to encrypt
I asked this question on Twitter last week and the answers I got, given the tech-centric nature of my social community, isn't surprising. Immediate reactions were "encrypt all the things!". When I asked about data recovery, though, and people began to think about it, they had the same reaction I did — everything suddenly became more complicated.
Q: Encrypt your Mac backups because you're worried about data theft or leave them unencrypted because you're worried about data recovery?— Rene Ritchie 🖇 (@reneritchie) February 15, 2017
Simplifying it again takes some introspection. Ultimately, is your enemy human or a machine? What concerns you more, a drive failing or the contents of that drive getting out? If someone broke into your house, are the physical items and files they could steal more valuable and sensitive than what's on your computer? If someone got a hold of your backups, is what they'd find there relationship or career ending?
Those are the types of questions you have to ask yourself before deciding if encrypted backups are the way to go for you. And there are no right or wrong answers. Only right and wrong answers for you and your family. Once you make a choice, regardless of which choice you make, try not to second guess it. Also, try to never make someone else feel guilty for the choices they made. When you're left with a broken or stolen drive, it's easy to blame yourself and others. Hindsight isn't 20/20, it's devastating.
If you fear having your data lost, back up safe. If you fear having it stolen, back up secure.
Personally, I'm of the "encrypt everything" mindset, but that's a product of my life and my data. Your life and data might dictate a very different mindset.
The important thing is that you back up anything and everything it would hurt you to lose, and consider carefully anything that would hurt you if lost. Then make a plan that's easy to stick to, and stick to it.