IT Services manages a central enterprise CrashPlan (Code42) cloud-based workstation backup and recovery service. The solution has been implemented to allow divisional IT units the opportunity to create and manage their independent organization within the central IT Services CrashPlan (Code42) instance. The divisional IT unit has full control of their organization, allowing them to configure and manage both the administrative settings and client settings to best suit its divisional backup and recovery needs.

In this article, you'll find some of the most frequently asked questions. Click any of the questions below to learn more.

---

What does CrashPlan (Code42) backup do and what are the advantages of using the service?

CrashPlan (Code42) continuously and securely saves copies of data from the computer to the cloud. This allows files to be quickly recovered in the event that a device is damaged, lost, or stolen. This service also provides the opportunity to recover files that were inadvertently deleted. If a computer is attacked with ransomware, the service allows your data to be restored from the backup.

Ransomware incidents are becoming more common as higher education institutions are increasingly targets of cyberattacks. In some cases, the institutions are equipped to recover the compromised data, while others must interrupt operations to safely restore services or even negotiate a ransom with the attacker.

An IT Services white paper, Protecting the Academic Community: The Importance of Developing a Culture of Information Security at the University of Chicago provides additional context about the security landscape in higher education and the steps the UChicago community can take to contribute to a culture of strong information security and risk management.

Tip: A valid CNetID and password are required to view the white paper. When logging, be prepared to complete the two-factor authentication process if prompted.

How does CrashPlan (Code42) work?

CrashPlan (Code42) uses a computer's built-in notification system to learn about changes to the computer's data. When files are added or modified, it compresses and encrypts the files before securely sending them to the cloud servers.

When an end-user changes a file, the CrashPlan (Code42) application detects that the file has changed and puts the file into its to-do list, to be sent to the backup destination periodically. Only the changed portions are sent to the backup destination, not the entire file. The changes are backed up in the background, creating a new version of the file.

By default, CrashPlan (Code42) uses minimal computer and network resources while the computer is being used. It uses more resources when the computer is idle. You can configure it to ensure that its network usage does not disrupt home networks.

Is it possible to control what is backed up by CrashPlan (Code42) ?

When CrashPlan (Code42) is set up, a backup set must be created. A backup set includes one or more folders that are watched for changes. CrashPlan (Code42) will check the files inside of these folders for changes and backup any changes.

Will CrashPlan (Code42) back up private data (email, browsing history, etc.)?

If a backup set includes files with email, browsing history, etc., the CrashPlan (Code42) app will compress it, encrypt it, and securely back it up to the cloud. CrashPlan (Code42) encrypts all user data before it leaves the computer for storage in CrashPlan (Code42) backup archives. No one can decrypt your data without that your archive encryption key. This key is stored by CrashPlan (Code42) .

An IT administrator can use the key to decrypt and restore data, but only to the original CrashPlan (Code42) -registered computer. Unless you permit your IT administrator to log onto your computer, they cannot see your private data.

What prevents an insider from misusing the CrashPlan (Code42) service?

All personnel with administrative access to this service are required to attend training on privacy and confidentiality, and to sign an agreement committing that use of the system will be for intended purposes only.

CrashPlan (Code42) records the details of its activities, including who performed an action and when they did so. The names of restored files are not logged.

Privileged actions are logged to an external system in case of abuse or compromise, allowing the University Information Security team to review or investigate problems. All employees who access this system are trained in how to handle confidential information.

If abuse is suspected, please contact security@uchicago.edu.

What else can I do to reduce risk and where can I go to learn more about reducing device risk?

• Make sure the devices used for university business follow the instructions in the End-User Device Policy.
• Make sure the devices used for university business are backed up.
• Consult with Divisional or Unit IT with any questions.

Is there a cost?

No, is included in the IT Allocation.

How long does CrashPlan (Code42) keep my data?

Default data retention settings can be modified by unit IT administrators or modified by individual users within their application settings. You can set how when your files can be deleted files are purged, ranging from never to one year after the file is deleted. You can also change your data retention settings to remove files after one year, after 90 days, or after one week. This can be done from the Frequency and Versions screen.

To change the frequency of file versioning:

1. Open the CrashPlan (Code42) app.
2. Select the Settings gear icon.
3. Select Backup Sets.
4. Next to the Frequency and Versions screen, select Change. If your administrator locked this setting (which prevents you from editing it), select View. The Frequency and Version screen will appear.
5. Set the preferred frequency settings:
   
   1. Back up changes every:
   2. For one week, keep a version.
   3. After one week, keep a version
   4. After 90 days, keep a version.
   5. After one year, keep a version.
   6. Remove deleted files.
      
6. Select Save once you've set your settings.

To learn more, read this CrashPlan (Code42) article Understand and troubleshoot frequency and version settings.

Where can users learn more about CrashPlan (Code42) ?

For more information, visit the CrashPlan (Code42) website.