We recently learned of a human rights organization that had their offices broken into and their computers stolen. Sadly, this is nothing new. Human rights groups are often targeted for the important information they have (evidence of abuse, documentation on corruption, witness testimonies, etc). In this case, however, the organization took all the right steps to mitigate this kind of threat – their files were encrypted and backed up on devices that were outside of their office.
Information/data loss is a growing problem for human rights organizations. In addition to theft, these groups must also consider the many other threats to their information, including natural disasters, fire, lost or broken device, hardware/software failure, virus, and basic human error. This is why effective backup and storage solution is an integral part of data management and is especially important for human rights groups. Although it might require some time to develop and implement a consistent backup plan, it is worth the time and resources spent because recreating or restoring data is stressful, expensive, and sometimes impossible.
In this blog post, we wanted to share some backup best practices so that you can avoid that awful feeling of losing valuable human rights information.
Map out the information that you have
Before you can figure out the best way to backup your data, you need to know what you’ve got. What kind of information do you have, where does it live, how sensitive is it, and how important is it that you don’t lose it? Examples:
|Type of info||Where it lives||Level of sensitivity||Priority of backup|
|Grant reports||In a desktop folder on your work computer||Moderate||Low|
|Contact info for partners, allies, supporters, funders, colleagues||In your work email and on your mobile device||High||Moderate|
|Financial info (budgets, expense reports, etc)||In shared google spreadsheets||Moderate||High|
|Witness testimony||In an encrypted folder on your personal computer and sometimes on your phone||High||High|
We would recommend creating a map of these types of information. This can be especially helpful if you work with a team of people. But having a shared understanding of the risks of data loss can be difficult. For group activities that help address these questions, and steps on how to create an info map like this, take a look at this guide on LevelUp.
Make sure you have reliable access to your data
The purpose of backing up is to have access to your data, when it’s lost or damaged. Therefore it’s important to think about accessibility when choosing a storage. For example, if you travel to a place with limited internet access, your backup should be stored offline. It is also recommended to test the backup source before you will actually need it and make sure your data is accessible and not damaged.
When looking at where to store your data, there are three common options:
- Cloud (aka online) backup: one of most common backup solutions nowadays. It’s easy to use, and some services offer synchronization through a desktop application (e.g. ownCloud, Google Drive, Dropbox).
- On-site backup: this is when you copy and save your data to another hard drive (e.g. USB drive, hard drives, external drives). This is usually implemented manually, however there are options to automate the process.
- Manual backup: possible to perform both on and offline. Offline option is less common, however useful for important, physical documents. An example of online manual backup would be saving your data to a media storage service (e.g. Google apps).
Each approach has their strengths and weaknesses so it really depends on the kind of the type of information you’re working with and its sensitivity.
|Type of backup||Strengths||Weaknesses/Considerations|
|Cloud||Can be synchronized and automated.|
Generally, good usability.
Usually easy to restore information. Added value for multi-location teams.
For confidential data, files can usually be encrypted before storing online.
|Trust: you need to trust the host with your information - that they will not access it, use it, share it, delete it.
Hosting: some software can be hosted by you or by your website hosting company.
Not available offline.
|On-site||Easy and fast to save and transport data, if necessary. |
USBs and hard drives are affordable.
Doesn’t require high technical skills.
Files can be encrypted.
Provides a snapshot of the information at a certain time.
|Potential physical threat to your information (an office can be broken into, and hard drives, servers with your information can be stolen).
Potential physical damage to device (fire, flood, or technical crash).
Can be automated but not synchronized.
Snapshot of the time when copy was made but does not reflect changes/development of data.
|Manual||Useful for single documents. |
Useful for capturing the development of a document.
Good for a future reference.
Hard copy may be required for important original files, or for confidential information (for example, the content of your password manager).
|Cannot serve as a complete backup plan, because it is difficult if not impossible to manually copy and save *all* files.
Potential damage to files (fire, flood, humidity, heat, etc).
Must store in a reliable and secret location.
In general, it is recommended to have your data stored in three different places, so you’ll probably end up using a variety of these methods.
Choosing the right backup technology is another important step to ensure the reliable access to your data and protection of it. A few considerations include:
- Is the information encrypted in transit?
- Is the information encrypted at rest (in storage)?
- Is the technology open source? Has the code and security been audited by an external company?
- Do you trust the hosting company? If not, can you host the technology and information yourself?
- Is the technology affordable, if not free?
- Does your team require technical training to use it?
- Most important – any software should solve your backup challenges and not add to it.
Consistency is key
Your backup plans will only be successful if you do them! We find that successful backups are consistent backups. Get into some good habits, like backing up your most important working files every Friday. (In fact, there’s a whole community of Friday-backupers on Twitter via #FridayDiscoBackup who want to share their favorite backup tunes with you!) Or, set up your software to run automatically each week in the background. Just make sure it’s getting done on a consistent basis, and be sure to test it regularly!
How much of this information do you need to backup? You may want to include these decisions in your info map (explained above). Here are the most common options:
- Full backup: includes all your documents and data.
- Incremental backup: includes only files changed or created since the last full backup.
- Differential backup: includes the documents that have been changed and new data created since the latest full or incremental backup. As a rule, critical information should be backed up, before and after each considerable change.
Examples of backup strategies:
- For very sensitive information on witness testimonies or their personal information, you may want to encrypt the files before saving them on or offline. For example, ownCloud is open source and can be self hosted, and you can encrypt your files before storing them online.
- For a project budget you are updating every week, it might be useful to backup the latest version of the document in the cloud, after each significant change.
In conclusion, a good backup strategy will allow you to:
- Recover your data in all circumstances with minimal effort.
- Backup your information consistently and appropriately secure with minimum resources and effort. Make a plan that you can actually implement!
See you at #FridayDiscoBackup!