The real risk is not having it plugged in.
There is a risk, yes.
But:
- It’s a small risk.
- There are ways to mitigate the risk.
- There’s a greater risk at play if you don’t leave it plugged in.
Let me explain.
Become a Patron of Ask Leo! and go ad-free!
Leave the backup drive plugged in
The risk of leaving your backup drive plugged in is much smaller than the risk of forgetting to back up at all. Use good security tools, practice safe habits, and let backups run automatically. Some backup programs have additional features to protect your backups from malware (specifically ransomware).
The risk
Let’s say your machine becomes infected with malware. That malware is designed to harm not only data on your machine’s primary hard drive but also any connected drives (internal, external, or in some cases even networked).
Ransomware, for instance, is malware that encrypts all the data it finds and then holds it for ransom. Many people are concerned that ransomware could thus encrypt your backups.
The reasons I characterize this as a “small” risk include:
- Most ransomware has shifted to targeting larger enterprises. Individuals appear to be less impacted by ransomware of late.
- Most ransomware focuses on smaller files like documents and photos, which it can encrypt quickly with less chance of being detected until it’s too late. Backups are large files.
- Most malware does not seek out external drives.
- Most malware performs other malicious behavior, such as installing keyloggers or other ways to compromise online accounts, or crypto-mining.
“Most” is not all, of course. I’m not saying there’s zero risk. I’m just saying that in the grand scheme of things, it’s not a big risk.
Related
Will Ransomware Encrypt Backups?
A full-image backup is still the best defense against ransomware. But what if your backup gets encrypted? I'll look at the likelihood of that happening and make some recommendations.#21259
Mitigating risk
Ransomware is just malware. There’s a good chance you’re already mitigating the risk significantly.
- Run good security software and keep it up to date.
- Make sure your security software is updating its database of known malware and behavior regularly (usually daily).
- Connect to the internet through a router acting as your firewall.
- Don’t click on links you aren’t 100% certain of.
- Don’t open attachments you aren’t 100% certain of.
- Don’t install software you aren’t 100% certain of.
That’s it. Do the things you know you should be doing anyway.
- The chance of malware making it through is small.
- The chances of malware making it through and wreaking havoc are small.
- The chances of destructive malware making it through and going after your external drive are smaller yet.
A small risk of a small risk of a small risk means it’s a very small risk.
I have one more mitigation, but first, we need to talk about the more critical risk.
Related
What Backup Program Should I Use?
Backing up your computer's data is critical. The best program is whatever you'll actually use.#1894
The risk of not keeping your backup drive connected
As you probably know by now, I’m a huge believer in backups. To be more specific, I believe strongly in automated backups: backups that, once set up, happen automatically without much further effort on your part.
Automated backups, of course, require that the external drive on which your backups are to be placed is connected to your computer.
The alternative is to connect the external drive only when performing a backup. This implies that the backup process, and that physical connection and disconnection, are performed manually. You have to do it.
More concerning, you have to remember to do it and take the time to do it.
The risk is simple: you’ll forget. Trust me, you will forget, or something else will come up to prevent you from performing the backup.
And while I’m not a huge believer in fate and Murphy’s Law, it does seem to happen that you’ll find you desperately need your backups immediately after having forgotten to create them.
That, to me, is a much higher risk than malware coming along and trashing the backups you’ve created because you left the drive attached.
One more mitigation
The good news is that backup software manufacturers understand that people have this fear, regardless of the practical risk it really represents. As a result, some offer additional mitigation.
Macrium Reflect calls it Image Guard. EaseUS Todo has what it calls Security Zone. Other tools have similar features.
The common thread is that backup images and files are protected from tampering. Period. Even the owner of the backup can’t modify, or perhaps even see, the backups created with these features enabled. And if you can’t, malware can’t. The only way to access the backup files is to use the tool that created them.1
Whether it be a file permissions setting, some kind of fancy partition setup, or something else, the important thing about these features is that your backups are inaccessible to malware.
Do this
- Back up.
- Automate your backups so you don’t have to remember.
- Leave your backup drive connected.
- Practice safe computing.
- Consider enabling additional protection features like Image Guard, Security Zone, or equivalent tools.
There’s just no reason to disconnect your backup drive.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Podcast audio
Footnotes & References
1: Occasionally, the backup software includes specific exceptions. I’ve not tried it, but my understanding is that Macrium Reflect allows the Windows tool RoboCopy to copy backup images.
I use Macrium Reflect and have Image Guardian turned on. On impulse, I tried to copy one of my incremental backups to another drive using “Copy To Folder” in the context menu in File Explorer. Image Guardian was fine with that. When I attempted to use “Move To Folder”, Image Guardian immediately popped up to block the action.
It appears that Image Guardian will allow copying files if the “Allow Robocopy to sync and move backup files on protected volumes” box is checked in the Macrium Image Guardian Settings. Learned something new. Thanks, Leo.
That’s because Image Guardian blocks all attempts to alter those backups. You can’t alter or delete those files except with the Macrium Reflect program, even if you try using the Administrator account. You can copy them, but you can’t modify or delete them. Macrium Image Guardian makes this question a non-issue. EaseUS Todo paid has a similar feature.
I’ve been using Image Guardian since it was introduced and am familiar with how it works. What I didn’t know about and hadn’t thought to try was copying an image backup to another drive.
It can be useful for archive purposes in that I can connect another drive, copy an image file from my backup drive and then set the second drive aside or store it in a secure location. I usually connect an additional drive and run a system image backup using that drive as the destination drive and removing it when the backup is completed.
The drive I use for regular backups is large enough for three full image backups, including incrementals (14TB). Now I plan to copy the image files to another drive for archival purposes in case I need something from more than two months ago.
The neat things about IG is that it protects from modification or deletion, but you can still read and copy the image.