190: Encryption and Backup: Aaron Traffas

FTP190-WebCover.png

Auction professionals spend a lot of time working on their laptops and never know when disaster might strike. In this episode, host Aaron Traffas looks at preventative measures that can save both time and stress when, not if, a computer is broken or stolen.

Subscribe on iTunes | Google Play | Stitcher

Today’s Sponsors
Global Auction Guide

Episode Links
http://www.auctioneertech.com

The Fast Talking Podcast is a small business building podcast as seen through the lens of auctioneers and auction professionals. Focusing on social media, marketing strategies, finance, operations, human resources, and time management, we provide focused discussions on important topics weekly.

-----

Episode 190: Transcription

Hello and welcome to the  Fast Talking Podcast. My name is Aaron Traffas and I'm excited to once again be your guest host for today's episode. We auctioneers store large amounts of important and sensitive information on our laptops. What happens to our work if our computer is broken or, worse, stolen? We'll examine two crucial preventative measures that will save us both time and stress in just a moment after a word from our sponsor.

[sponsor]

I wrote the article that inspired this episode recently for the Colorado Auctioneers Association quarterly newsletter which, this quarter, is focused on technology. After making sure we're using strong passwords, which was the topic of my last appearance on the Fast Talking Podcast, I feel that backup and encryption are the two next steps auctioneers need to make as we strive to make sure our data is secure and our work is safe.

It was 2007. NAA Conference and Show was in San Diego. My bags were packed in my truck. I swung by the office to grab my computer and other electronics that I'd need for the week in California. As I walked out the door for my two hour drive from Manhattan, Kansas, to the Kansas City airport, I realized I'd forgotten something. I sat my computer bag on the ground next to my pickup's passenger door and went back inside. When I returned, I got in my truck, cranked the wheel to the left and backed out, only to realize that my front tire just rolled over my laptop bag. My computer — and my mood — was crushed. I had unfinished work for upcoming auctions that I'd planned to do on the plane and I had no time before my flight to prep another computer. It made for an interesting and uncomfortable trip.

Broken hardware is one thing, but what if I'd lost the computer? What if instead of picking up pieces off the ground, I was instead unsure of where it was? Had it fallen into malicious hands? Were all the accounts that I'd logged in to now at risk of being compromised? It's always better to know a computer is destroyed than to wonder if someone is combing through the data.

The scenario is simple — at any time, you can suddenly lose your laptop. In order to make sure that the only cost to you is the value of the hardware, it's crucial that your computer is encrypted and backed up properly.

Encryption

Computer encryption can get very technical very quickly, but for our purposes it simply means a way of scrambling the data on the computer's hard drive so it can't be read by anyone who doesn't have the password. The password to login to Windows isn't enough, as it's fairly trivial to bypass. The correct solution is called full disk encryption, where everything on the computer is encrypted for everyone who doesn't have the password.

For many years, the right answer for encryption was a product called TrueCrypt. It was free software and the encryption was bulletproof. A few years ago, the TrueCrypt project closed down. Luckily it's successor, called VeraCrypt, is also free and based on much of the same code base as TrueCrypt. Since it's open source, third parties have been able to audit the software to make sure there aren't backdoors or other ways for criminals or governments to bypass the encryption.

Operating systems have their own versions of encryption. Windows has BitLocker and Apple has FileVault. While I'll always prefer a free and open source solution over one from an operating system provider, these solutions may be a good fit in some situations.

Many modern laptops also provide built-in encryption options on the hardware level. Many of these might work as well as VeraCrypt, though there's no way to guarantee there isn't a backdoor. Sometimes, a laptop's password simply prevents the laptop from booting up and doesn't actually encrypt the data. This means someone could simply remove the hard drive and put it in another computer to access your files. Make sure if you're using a built-in password function on your laptop that it's actually encrypting the data.

Only by using full disk encryption can you rest assured that if your computer falls into the wrong hands, all your data about your auctions, customers, clients and personal accounts won't be at risk. Entering a password every time you boot your computer is a small price to pay for that peace of mind.

Backup

Encryption prevents the bad guys from getting your data, but what about losing your work? If you drive over your laptop with the front wheel of a diesel pickup, how do you get your files off of a hard drive that's in pieces on the ground? In addition to the possibility of losing your computer, new viruses called ransomware actually encrypt your files and make you pay a ransom before giving you the key to decrypt them. A good backup solution can mitigate a ransomware infection by allowing you to restore the unencrypted versions of your files.

There is a frequently recited rule of backup called 3-2-1. You need three copies of your data, on two different mediums and one needs to be offsite. Simply buying an external hard drive and copying your files there is better than nothing, but it's also grossly insufficient and inefficient. A good backup solution will run continually in the background, copying versions of  your files offsite as you create them, so you don't notice it until you need it.

In much the way that TrueCrypt was the best answer for encryption, there was also a best answer for backup called Crashplan. Crashplan allowed users to backup to friends for free. I wrote on my AuctioneerTech blog in 2012 how this was a perfect backup solution that didn't have a monthly fee like most of the backup services. Unfortunately, a few weeks ago, Crashplan  announced that it's discontinuing its free version in October 2018. While I've been hunting for a replacement, it's unlikely that anything will be as simple as Crashplan to use without a monthly fee.

There are still myriad subscription backup services. Some of the best known are Carbonite, Backblaze and Mozy, and each has a different pricing plan based on the amount of data to store and how many computers will be using the service. As you shop around for the best  deal, pay attention to the cost to get your data back. In 2011, I lost 2 terabytes of data that was backed up with Mozy. Only then did I learn that they charged $.50 per gigabyte to restore the data, and I had to come up with the $1000 within 30 days before my files were deleted.

In the auction business, like any business, time is money. Some backup solution is better than nothing. In my search for a Crashplan replacement, I've found a lot of negative comments about Carbonite and a lot of positive comments about Backblaze, so if I were looking for a simple turn-key subscription backup service, I'd probably start with Backblaze.

Wrap-up

In summary, disaster happens when we least expect it. We need to take steps now to ensure that when, not if, we lose a computer, it might cost us money to replace the device but it doesn't cost us time to recreate all our work or, worse, cost us sleep worrying about who might have our data and what he or she might be doing with it.

And now, here's a word from our sponsor.

[sponsor]

I'd like to thank Andy for giving me the opportunity to guest host the Fast Talking Podcast this week. The show is built for you, the fast talking nation. We're always looking for suggestions and feedback, so if you have an idea for great topic or guest you think would be a good fit, leave a comment on  fasttalkingpodcast.com or find us @auctionpodcast on Twitter or facebook.com/fasttalkingpodcast. My blog is auctioneertech.com and if you'd like to contact me personally, find me on Twitter @traffas or, better yet, email aaron.traffas@purplewave.com

With that, we want to thank you  for gifting us with your time. As always, be sure to like, favorite and share this podcast in whichever venue you choose to listen. We enjoy creating this podcast for you and strive to share this industry we love with more and more people each week. I'm Aaron Traffas. Thanks for listening. Now go sell something.