Backup and recover from information loss
Updated20 May 2021
Table of Contents
...Loading Table of Contents...There is a common saying among computer support professionals: "it's not a question of if you will lose your data; it's a question of when." If your devices are stolen, seized, or damaged, you will need to have ongoing access to your important documents. Planning ahead can minimize what you lose. Take or consider the following steps to plan ahead.
Recover deleted or lost information
All devices
These tools do not work if your device has written new data over your deleted information. If possible, stop using your device until you have tried to recover the files (or had someone do that for you). Doing additional work on your device could write over the files you lost and make them impossible to retrieve. The longer you use your computer before attempting to restore the file, the less likely it is that the file will be retrievable.
Use the portable version of a tool like Recuva instead of installing it. Installing the software may accidentally write over the file you are trying to recover.
Linux, Mac, and Windows
- Try TestDisk & PhotoRec See this PDF with a complete guide
Windows
- Try Recuva. See guide
Learn why we recommend this
When you delete a file, it disappears from view, but it remains on your device. Even after you empty the Recycle Bin or Trash, files you deleted can usually be found on the hard drive. See How to destroy sensitive information to learn how this can put your security at risk.
But if you accidentally delete an important file, this might work to your advantage. Some programs can restore access to recently-deleted files.
Create a backup plan
Take these steps:
Organize your information
Before you make your backup plan, try to move all of the folders that contain electronic documents you intend to back up into a single location, such as inside the "Documents" or "My Documents" folder.
Identify where and what your information is
The first step to making a backup policy is to picture where your personal and work information is currently located. Your email, for example, may be stored on your email provider's server, on your own computer, or in both places at once. And, of course, you might have several email accounts.
Then there are important documents on the computers you use in the office or at home: word processing documents, presentations, PDFs, and spreadsheets, among other examples. Your computer and mobile devices also store your contact lists, chat histories, and personal program settings, all of which can be considered sensitive.
You may also have stored some information on removable media like USB memory sticks, portable hard drives, CDs, or DVDs. If you have a website, it may contain a large collection of articles built up over years of work. And, finally, don't forget your non-digital information, such as paper notebooks, diaries and letters.
Define which are primary copies and which are duplicates
When you are backing up files, it is sometimes suggested you use the 3-2-1 rule: have at least 3 copies of any information, in at least 2 places, with at least 1 copy in a different place from the original.
Before you start making backups, decide which of the files you have already assembled are 'primary copies,' and which are duplicates. The primary copy should be the most up-to-date version of a particular file or collection of files; it should be the copy you would actually edit if you needed to update the content. Obviously, this does not apply to files of which you have only one copy, but it is extremely important for certain types of information.
One common disaster scenario occurs when only duplicates of an important document are backed up, and the primary copy itself gets lost or destroyed before those duplicates can be updated. For example, say you have been travelling for a week, updating a copy of an important spreadsheet stored on a USB memory stick. You should begin thinking of that copy as your primary copy, because it is more up-to-date than backup copies you may have made at the office.
Write down the physical location of all primary and duplicate copies of the information identified above. This will help you clarify your needs and begin to define an appropriate backup policy. The table below is a very basic example. Your list may be much longer, and contain some 'storage devices' with more than one 'data type' or data types stored on multiple devices.
Data type | Primary / Duplicate | Storage device | Location |
---|---|---|---|
Research files | Primary | Computer hard drive | Office |
Human rights violations testimonies files | Duplicate | USB memory stick | With me |
Program databases (photos, address book, calendar, etc.) | Primary | Computer hard drive | Office |
Some shared documents | Duplicate | Office server | Office |
A few electronic documents | Duplicate | Burned CD | Home |
Email & email contacts | Primary | Gmail account | Internet |
Text messages & phone contacts | Primary | Mobile phone | With me |
Printed documents (contracts, invoices, etc.) | Primary | Desk drawer | Office |
In the table above, you can see that:
- The only documents that will survive if your office computer's hard drive crashes are the duplicates on your USB memory stick, shared documents on the server and the CD copies at home.
- You have no offline copy of your email messages or your address book, so if you forget your password (or if someone manages to change it maliciously), you will lose access to them.
- You have no copies of any data from your mobile phone.
- You have no duplicate copies, digital or physical, of printed documents such as contracts and invoices.
After following the checklist in this section, you should have rearranged your storage devices, data types and backups in a way that makes your information more resistant to disaster. For example:
Data Type | Primary/Duplicate | Storage Device | Location |
---|---|---|---|
Testimonials about rights violations | Primary | Computer hard drive | Office |
Testimonials about rights violations | Duplicate | USB memory stick | Home |
Research files | Primary | Computer hard drive | Office |
Research files | Duplicate | USB memory stick | With me |
Program databases | Primary | Computer hard drive | Office |
Program databases | Duplicate | External drive | Home |
Email & email contacts | Primary | Gmail account | Internet |
Email & email contacts | Duplicate | Thunderbird on office computer | Office |
Text messages & mobile phone contacts | Primary | Mobile phone | With me |
Text messages & mobile phone contacts | Duplicate | Computer hard drive | Office |
Text messages & mobile phone contacts | Duplicate | Backup SD card | Home |
Printed documents | Primary | Desk drawer | Office |
Scanned documents | Duplicate | External drive | Home |
Backup all documents | Duplicate | Office server | Office |
In the new table you will have 3 copies of information: in the computers, the office server, and home, in 2 places, and at least one copy outside the office.: 3-2-1 rule :)
Once you have written the checklist, it is time to make the back up copies.
To back up to your local devices
Store the backup on something portable so that you can take it to a safe location. External hard drives, CD/DVDs or USB memory sticks are possible choices. Some people use CDs or DVDs for this, since the risk of overwriting and losing your backup is lower. Blank CDs may be cheap enough to allow you to use a new one every time you make a backup.
If you are backing up your mobile device to your computer, your next step should be storing that backup to an external device. Set your device to back up automatically.
Because your files often contain the most sensitive information, it is important that you protect your backed-up files using encryption. You can learn how to do this using tools built in operating system like BitLocker, FileVault or LUKS in our How to protect the sensitive files on your computer guide and in the VeraCrypt Guide.
Linux
- Most Linux distributions include a backup tool. Ubuntu has a built-in tool called Déjà Dup which allows you to back-up and encrypt your files See this guide to Déjà Dup.
Mac
Windows
Consider whether or not you should backup to "cloud" services
Learn why we recommend this
When you hear someone call a computer service "the cloud," think "other people's computers." Cloud services like Google Drive, iCloud, Dropbox, and NextCloud store your backups and other data on servers (computers) owned by those companies. This means your adversary would have a lot of time to access those machines without you noticing they had done so (unlike devices in your possession, where you would be more likely to notice suspicious activity). So it is likely better to make a local copy of your valuable data.
However, if there is a strong likelihood that your all devices or workspace will be destroyed, or your backup may be found and seized, it might make sense to encrypt your data and then store it in trusted cloud services.
Consider whether you would prefer to use a service that encrypts your data for you as part of its service (called "end-to-end encryption" or "zero-knowledge" services) or encrypt your files yourself and then back them up to the cloud.
Protect your files before you store them on cloud services
- Get Cryptomator and use it to protect files you want to store on the cloud service
- Alternately, use VeraCrypt to create an encrypted volume. Then copy it to the cloud.
Learn why we recommend this
If you are worried about someone (like hackers, or the owner of the service) accessing files you have stored in the cloud, you can protect them using encryption.
Encrypted cloud services
If you decide to keep your files in the cloud, consider using one of the following zero-knowledge, end-to-end encrypted options:
- Mega.io (15 GB free; then paid)
- Sync (5 GB free; then paid)
- PCloud (paid plans, specifically pCloud Encryption)
- SpiderOak (paid plans)
- Tresorit (paid plans)
To back up to cloud services using your device's built-in tools
Android
iOS
Mac
Windows
Back up email
- You can use an email client program (like Thunderbird) to regularly view and back up your email on your device. The Thunderbird Guide explains in detail how to set up Thunderbird to use your existing email address, download your email, and possibly delete it from the server. Most email services provide instructions on how to set up other software to receive your mail (search your email's settings for instructions on POP3 to delete your email from the server, or IMAP to keep it on the server).
Back up smartphone to computer
- To back up the contacts, text messages, settings and other data on your mobile phone, you may be able to connect it to your computer with a USB cable. You may also need to install software from the website of the company that manufactured your phone.
Android
- Move files from your android to your PC
- If you find it difficult to backup all different type of information from the Android phone to a computer you can backup to Google's cloud services using your device's built-in tools. Please note that your information will be saved on Google owned server.
iOS
- Backup your iPhone to your computer
- Make sure to 'Encrypt local backup' with a password.
Scan and back up print documents
- When possible, scans (or photograph) all of your important papers. Back up the scans or photographs along with your other electronic documents, as discussed above.
Set a backup schedule
- To back up all of the data types listed above, you will need a combination of software and processes. Make sure that each data type is stored in at least two separate locations.
Practice recovery
- Once you have made your back ups, test to make sure that you know how to open files and use them again. Remember that, in the end, it is the restore procedure, not the backup procedure, that you really care about!
Establish procedures for coworkers
- If you are working in an office, write up and share procedures for all staff to reliably and securely back up files. Communicate the risks that losing your data could have to your ability to do your work. It may help to work together to fill out a grid like the one above to identify all data that passes through your office.
Other considerations
When you are making a backup plan, think of it in a larger perspective: "how can I recover from a disaster and keep working?" Your plan should not just be about your files, but also about:
- software you use, and the licences for it
- how you can replace equipment if it is lost, destroyed, or confiscated
- having a place you can go to continue working in a crisis.
Planning for this may mean setting aside money to recover from a loss. For example, you might consider writing this amount into a grant.