Harping on Backups

This is quickly becoming the topic I write on the most. My message: if you have valuable data that you do not want to see fall into the wrong hands, encrypt it! This means payroll, health records, transactions, email, everything that you deem valuable enough to back up in the first place.

A great article at Security Focus on some of the latest snafu's.

Here is a great idea: Just pick some simple algorithm, like Schneier's free Blowfish encryption routines, use the same key to encrypt everything, and write that key down and put it in a safe place. This way, whenever a backup tape goes missing you can relax. You do not have to figure out which California residents had data on that tape. You do not have to mail them a notice that you screwed up and lost their data, you do not have to hold a press conference and you do not have to testify to Congress. It is that simple.

Now, of course, using the same key for everything is considered pretty stupid because every employee who ever works in your IT department eventually knows how to decrypt that data. So, by using the simplest of all approaches you have just narrowed the universe of things you have to worry about down to the malicious theft of your data. That is a lot better than worrying constantly about screw-ups. Those happen.