This is a quick assessment to get a grip on how I can secure my documents, and against which risks.

Basically the core device is my laptop. I haven’t incorporated my phone yet in this overview.

Laptop
Risk: gets stolen
Mitigation: encrypt HDD, and back-up to Time Machine and/or NAS drive and/or VPS, cash reserve for immediate replacement
Current status: mitigation measures in place

Risk: breaks down / HDD failure
Mitigation: back-up to Time Machine and/or NAS drive and/or VPS
Current status: mitigation measures in place

Risk: gets read / copied while en route
Mitigation: encrypt HDD, being able to travel without documents and without being able to reveal passwords needed to trigger access to remotely restore documents to laptop
Current status: mitigation measures partly in place

Time Machine
Risk: not in sync, HDD failure
Mitigation: fix sync, restore from off-site back-up or laptop
Current status: mitigation measures in place

Risk: gets stolen
Mitigation: encrypt files, and maintain offsite back-up
Current status: mitigation measures in place

NAS drive (with archived files, music library)
Risk: not in sync, HDD failure
Mitigation: syncing process, RAID, restore from off-site back-up
Current status: mitigation measures in place

Risk: gets stolen
Mitigation: encrypt files, and maintain offsite back-up
Current status: mitigation measures partly in place (encryption not supported by current NAS, planned to replace NAS) UPDATE: NAS replaced, encryption added.

VPS
Risk: crashes
Mitigation: restore from back-up service, or restore from on-site back-ups and laptop
Current status: mitigation measures in place

Risk: gets hacked
Mitigation: encrypt files, keep on-site back-ups of files, restore from back-up service
Current status: mitigation measures in place

Risk: deleting files through syncing errors (actually happened already)
Mitigation: syncing through a local copy on laptop (scripted), one-way syncing
Current status: mitigation measures partly in place