My blog went down this weekend for a couple of hours. What I want to tell you is how I learned that after all these decades working and writing about IT, I still could have lost some data, despite having what I thought were well-thought out backup procedures. Turns out I was still exposed.
Back about 20 years ago, I had my office in a small commercial building that had a music shop and a Subway on the first floor: my office was directly over both establishments. One day there was an electrical fire in the music shop, which happened when I was out taking a walk. When I returned I saw smoke rising off in the distance, and as I got closer I realized that was my building that had the fire.
That was the day that I learned about offsite backups. Back then, I had made copies of my data on tapes — tapes that were neatly stacked at the end of my desk. Had the fire damaged my building (fortunately for all of us, it didn’t), I would have been in big trouble.
Another time I was hosting my email server at a friend’s server. The friend’s basement got flooded, and my server was ruined. Thankfully he had backups and eventually I was back in business. I learned another lesson that day: make copies of everything (including the actual emails of you, my loyal subscribers) offsite.
Anyway, back to the present day. For many years I have had a WordPress blog that was hosted at various internet providers. It currently lives at Pair.com, which is a solid provider that has exemplary customer support. I use the free tier of Uptrends.com to notify me whenever the blog or my main website goes down. I got the first email after I quit work on Friday about an hour into the outage, and promptly sent off a support email asking what was going on. Within minutes — it might have been seconds — I got a reply saying they were aware of it (good) and working on the fix (even better). Service was restored (a database corruption issue) later.
Now for years I have also maintained a shadow copy of my blog that is hosted on WordPress.com. Back when I did this, you could host a site with limited features for free. (Alas, now you have to pay a fee.) To do this, I first have to export my blog content from my Pair-based server to an XML file, and then import it to the WordPress.com server. That doesn’t take long, but I hadn’t done it in a few weeks.
Now what could I have done differently? For one thing, I could use a different hosting plan on Pair that is designed for managed WordPress deployments, and includes automatic backups. That plan costs more than my plain-Jane hosting account. Another way to approach this is to do more frequent manual backups. As you can see from a screencap of my files, in the past I was sort of cavalier about doing them, now I won’t be. I would have lost about three weeks’ worth of content had Pair not been able to restore my database.
So as you can see, I am a slow learner when it comes to backups. Many businesses are in the same boat: this is why ransom attacks are so successful, because they don’t backup everything, or as Joni sings, you don’t know what you’ve got until it is gone (I think she was talking about something other than digital data).
So the moral of my story: take the time to make the backups about the data that you care about and then think about what your life will be if something happens to the data that might not be mission critical, but is still important.
David:
Thanks for this VERY useful reminder. Cynde and I make regular backups of our home computers and keep these offsite. We always use a “father/son” strategy so we are never backing up over our only backup (which is never a good idea).
Fast forward to now; Cynde and I have taken over as webmasters for our synagogues website which is in WordPress and hosted by a very good service provider (IONOS 1and1). We have not given sufficient thought to backing up the website (either by the provider or using a WordPress plug-in). We will definitely 1) contact our provider and find out about the backups they are, or can, do of the website, and 2) look at WordPress plug-ins that do backups. Thanks again for the reminder.
Interesting Post, David. A related issue – when I read about ransomware attacks, I always wonder if the the targeted organization also has their backups compromised in some way. Because if they have clean backups the consequences might not be so dire if they don’t pay. But then there’s the related risk that sensitive information could be released by the attackers if the organization doesn’t pay
Thanks Jan and Steve for your comments. Many ransom malware versions specifically look for volume shadow backup copies and then trash them — making the case for offsite — and off network — copies more compelling. And yes, the extortion component has taken hold in their playbooks, sadly.