I am working very hard on improving my security regime.
The work is not so much on the actual performance of the work, but much time has to be spent on software research, as well as what might be called ‘risk management’--doing one’s homework & trying to predict & avoid problems before they arise.
So, after much work, I have arrived at the following, & ask those more learned & familiar with such things as to, I don’t know, “suitability”, or effectiveness of all of this
I would say that on the backup strategy front, you should be doing the folder and files backup every week, at least, and maybe just do a once a month clone of the OS, if even that. Once you have a solid base image, you should be able to rebuild the rest pretty quickly, maybe just update the base image every so often to reflect security updates for the OS and other software. Once a month is probably about as often as would really be prudent unless there's some particular reason you may need to revert EVERYTHING back at a moments notice.
So focus on the files, and just make sure to keep a good base image you can use to get a system back into service quickly.
Do you really need truecrypt? If you forget the password or the drive starts to fail, you may not be able to decrypt the drive/partition in order to get to the data. Of course, regular backups can help prevent a total loss.
I have some important financial & legal data I didn't want to have placed with IDrive. They have a choice of either default/company encryption or private encryption. You & I actually communicated here on Toms about this very matter a little while ago.
So, thinking about your suggestion there, I thought that the best thing to do was to separate these very important documents into a section of their own. I could then do a complete .zip file online backup with default encryption (the company keeps the key), & not have to worry about the encryption issue there. Just in the one place-Truecrypt--and not two. I would just have to remember to delete these important documents when I go to create a new .zip file for uploading to the online backup.
Of course, the risk is that I forget the Truecrypt password, & then I have really screwed myself. With a written copy of the password placed in a safe place, I am not entirely sure where I am going to safely keep it, & I worry I might forget where I have placed it, while avoiding leaving a note to myself in my documents in my rig. This would defeat the purpose.
This issue of password is important, & I have yet to wade through the numerous documents/articles I have about techniques for creating stronger passwords. This is a subject I have been building up to for quite some time now. So far, I have been lucky, but it is not good risk management to leave things as they are.
The drive/partition issue is therefore taken care of in this process, by not being encrypted.