“Well, that’s a good thing,” I said. “Where do you keep your backups?”
“On my external USB drive.”
“That’s encrypted, right?” I asked.
He blinked and looked away. “No.”
Doh! If a cracker is able to access his PC and that drive is connected and turned on, my friend could be toast. If someone breaks into his house and steals the drive, my friend’s identity could be stolen. Depending on what is actually stored on the hard drive, full backups can contain lots of personal information–information that is much more valuable than mere passwords. Think about it: if you have the user’s name, address, SSN, pet photos, you-name-it, you’re in Fat City; you can easily assume the identity and recover usernames and passwords.
Few people encrypt their data, much less their backups. They should, but they don’t. Some backup programs allow you to make encrypted backups. If this option is available take advantage of it. The most secure plan would be to both encrypt your data and encrypt the backup for a double layer of protection. Then, take the backup media offline and store it in a secure place.
And that is Golden Rule #10: When using external removable media for backups, either encrypt the backup files or make sure the media is taken offline after the backup has been completed.