Build a Robust and Secure Backup Solution for your Mac 💻

The following article describes how I’ve set up a system for Mac backups that is robust and secure. The importance of doing this correctly came to the fore of my thinking after my brother had his laptop stolen. In the event of a need to restore from a back up you need a system that is robust – you don’t want to find that your backup is corrupted or otherwise of no use right when you need it. Also, in the event of theft you want to be confident that even your backups cannot be used to provide confidential information to the thieves. If you are using FileVault on your internal HDD then you have already made a security-conscious move with your data, therefore having secure backups will be all the more important to you as you don’t want a thief to easily bypass the encryption on your internal HDD by simply restoring from an unsecured backup.  If you’re not using FileVault then you should be – follow this link to find out how to set it up.

I have a MacBook Pro with a 500 GB HDD, so the below is a description of how I have recently established my system for backing up that Mac. In addition to that I have an extensive archive of educational videos that I’ve created and need to store somewhere (approx. 350 GB). My HDD is nowhere near large enough to accommodate those, so my backup solution includes keeping redundant backups of that archive (along with some other files). If you have a different size HDD and different archive requirements you can alter your backup disk sizes accordingly.

The system begins with three external disks. I have a 2.5″ 500 GB portable disk (Toshiba), a 2.5″ 2 TB portable disk (Western Digital, WD) and a 3.5″ 2 TB desktop disk (Hitachi). Some time ago (about 18 months to two years ago) I read an excellent article evaluating HDD’s to find the most reliable brands. Since then the article has been updated so it doesn’t have the same information when I read it but it’s still worth a read. In the article I learned that Hitachi drives are the most reliable (in the storage range they considered). Hence I have one in my system and I advise you to get one too if you can. If that is not possible WD now own the hard disk arm of Hitachi and WD drives faired well in the analysis so WD are a good brand to go with.¹

Whichever brands you settle on, I would advise using at least two different brands and one drive should definitely be a 3.5” desktop drive as 3.5” drives are inherently more reliable than 2.5” drives. In my set up I use the different drives as follows:

  1. The 500 GB 2.5″ drive is set up as a Time Machine backup disk. I take this drive with me to work for frequent Time Machine backups at work and at home.
  2. The 2 TB 3.5″ drive has two partitions. One partition is set up with the well renowned Carbon Copy Cloner, CCC, by Bombich Software. This disk remains at home on my desk to make bootable backups whenever I am at the desk. I also have a 128 GB SanDisk micro SD card permanently mounted on my MacBook for additional storage and CCC backs this up to the 3.5″ drive also. The second partition is used as a standard external hard drive for permanent archiving.
  3. The 2 TB 2.5″ drive is used as an external hard drive with no extra software for making second copies of the archive files stored on the 3.5″ drive.

Once you have your three drives you need to format them correctly. In order to make your backups secure they need to be encrypted. So open up Disk Utility should be the first option when you type “disk” into Spotlight, Alfred, or Launchpad. Alternatively open up the Applications folder in Finder and then locate Disk Utility in the Utilities folder. Formatting the drives is easy if you are starting with blank drives. I wasn’t starting in that position so I had to move files to another drive, format one drive and then transfer files back to it so I could format the other drive. This is time consuming if you have to do it but it is important to get it right.

When you have a drive ready to format connect it to your Mac and it’ll show up in Disk Utility. Make sure that you are viewing devices in the Sidebar and not just the volumes in Disk Utility – select View All Devices in the View menu (so that you get the right formatting option). Select “Erase” as the procedure that you want to do on the device. You are then presented with some options. Choose “GUID Partition Map” as the Scheme you want to use and “Mac OS Extended (Journaled, Encrypted)” as the format. This option means that a password will be required to access anything on the drive. Combined with use of FileVault this provides a secure platform for your computing – extending encryption to your backup. Of course there are people/organisations that could bypass the encryption and access your data but the thief who steals your computer for a quick buck is (probably) not one of them.² Disk Utility will prompt you for the password you’d like to use to encrypt the drive.

Screen Shot 2018-03-05 at 22.24.25
Encrypted Format to use

Once you have correctly formatted and encrypted your drives, select the one that you will use for frequent Time Machine backups and plug it into your Mac. When you plug it in your Mac you will be prompted to enter the password for it – input your password and tick the box to save the password to your keychain. (There should be no security risk by saving your password on your computer because if someone gains access to your computer then what advantage do you have if they do not also access your Time Machine backup?) Your Mac should then show a dialog window asking if you’d like to use that disk to make a Time Machine backup. Click “Use as Backup Disk”, then follow the instructions and Time Machine will start making backups.

IMG_0060.png
This should pop up when your drive is mounted

I think it is wise to use different software to Apple’s Time Machine for the backup on a second disk. Time Machine is an excellent application but you’ll never know about a bug until you need to restore from a backup by which time it is too late. My recommendation is to use an excellent app called Carbon Copy Cloner (CCC) made by Bombich Software. CCC backups have a feature that sets them above Time Machine backups in my opinion – they are bootable.³ In the event that your internal hard drive gets fried you can boot up straightaway from your CCC backup. With this set up you are preempting bugs from ruining backups in either Time Machine or CCC and you benefit from the unique features of both TM and CCC backups.

If you are following my setup for assigning disks to backup function then this second disk will be your large capacity desktop hard disk. In that case partition the drive so that you have about 700 GB available for the CCC backup on one partition and the rest can be used for archiving large files so they’re not taking up space on your internal drive.

How to partition a hard disk

1. Mount the disk on your Mac and launch Disk Utility.
2. Set the view to Show All Devices (press ⌘2 or use the View menu).
IMG_0062
3. Select the “device” for your hard drive in the sidebar. Don’t select the “volume” (volumes are displayed under their device)IMG_0063.png
4. Then click Partition in the toolbar.
5. Click the “Plus” button at the bottom of the window to add a new partition.
Screen Shot 2018-03-05 at 22.31.33.png
6. Resize the partition you will use for backups to be a bit larger than the internal hard disk you are going to backup.
For instance for my 500GB internal drive I created a 700 GB partition.
7. Ensure that archive partition has the encrypted format in the Format field.  The partition for the encrypted CCC backup needs to be set up differently.  So follow Bombich’s instructions on how to set up an encrypted backup here
8. Click Apply and Disk Utility will partition the drive.

The third disk is used for creating a redundant archive of your large files. Do this so that if your desktop hard disk should fail you still have copies to fall back on. When you copy files to the desktop disk make sure you also copy them to the third disk and vice versa.

At this point you have now established a back up solution for your Mac and any large files that is robust (if one device or app fails you’re still covered) and secure (even if your backup disk is stolen here is still an encryption barrier to keep that data safe).

If you’ve followed my scheme up until how I hope you find it to be a useful solution for your backup needs.  If you have any comments or suggestions add them below or on Google Plus, alternatively you can email me at danwilsonav@gmail.com.

Update 16/3/2108

Some feedback I received suggested that a flow diagram would help readers better understand the backup solution I’ve described above. So here is the diagram:


Footnotes
¹ In the original article someone added a comment with additional information looking at failure rates over time. They noted that if WD drives failed they tended to fail almost as soon as you got the drive. That suggested that WD drives are most likely reliably built but poorly shipped. So if you manage to get your WD drive running after purchase it is likely going to last well. And of course that may have changed since the original article publish date – hopefully for the better!

² There probably are people or organisations who have the resources and knowledge to crack encrypted drives or bypass the encryption but the question is do they have the motivation to crack the encryption on your drive? Cracking into encrypted drives is possible but very difficult, time consuming and therefore expensive. Unless you are a person of significant influence or a known terrorist you can probably be confident that your data will be safe. Keeping data secure is really about using methods that make it impossible for the average person or even a skilled person to access your data.

³ A further advantage of CCC over Time Machine is the ability to back up multiple hard drives. Time Machine can only back up your internal hard drive (as far as I can see). CCC can make backups of external hard drives that you mount on your Mac. In my case this proves to be extremely useful for making backups of a 128 GB micro SD card that I have continuously mounted to my Mac. Find out more about using micro SD cards for continuously mounted storage expansion here.

Advertisements