Oops, before we get to the details, let’s talk about encrypting sensitive backup data.
If you’re backing up your data locally to an external drive, here are two options. You can create a virtual encrypted disk within a file on the external drive, mount it (give it a drive letter on your laptop) and point the backup software at the virtual disk. Or you can purchase an encrypted external drive that unlocks using a password or a keypad on the drive, and backup directly to the drive.
To create a virtual encrypted disk, I recommend the free and open source software (FOSS), VeraCrypt. You can download it from:
https://www.veracrypt.fr/en/Home.html
VeraCrypt has been around for a long time and is reliable. It runs on Windows and macOS. It’s a little clunky but easy enough once you get used to it. There’s documentation on the website. You can purchase a 128 GB USB stick for less than $20. I suggest you size the virtual encrypted disk to fill the entire USB stick. You can’t resize it after you create it. This is the least expensive approach.
A multi-terabyte external drive costs less than $100. I recommend Seagate external drives. External drives normally come with encryption software built in, so you don’t need VeraCrypt to protect your data. A password is required to access data on the drive. This is a middle-of-the-road approach.
Or you can purchase an encrypted external drive with a keypad. The Kingston IronKey and the Apricorn Aegis Padlock are two examples. They’re easier to use but more expensive and can cost $200 or more. Unlock the drive with a PIN using the keypad and go.
If you’re backing up your data remotely to the cloud, and can’t choose your own encryption key, I recommend creating a virtual encrypted disk on your internal drive, using VeraCrypt, and storing sensitive data there. Sensitive data might include financial and healthcare information as well as those humiliating love letters you wrote as a teenager. The file containing the virtual encrypted disk will backup to the cloud like any other file, but your data will not be exposed.
If you use VeraCrypt to protect data that will be uploaded to the cloud, there are a few technical details to note. To ensure the “Date Modified” for the file containing the encrypted disk changes when the disk is dismounted, select “Settings/Preferences” in the VeraCrypt menu and uncheck “Preserve modification Timestamp of containers.” Otherwise, cloud backup services will not recognize that the contents changed and will not backup the file. Also consider creating several virtual encrypted disks. If the contents change, the entire file containing the virtual disk gets uploaded to the cloud. This can take time if the file is too large.
Which ever option you chose, make sure you save passwords and PINs safely in your password manager.
And if you use VeraCrypt, please consider a donation.
Now, on to the details.
Information provided in this post is subject to the disclaimer in the first post of this series.