Arggh nooooo!
While there is no technical need to encrypt a Time Machine backup even if your MacBook Pro is itself encrypted, there is a very, very important logical case for your Time Machine backup also being encrypted.
- Your MacBook Pro is encrypted = good 🙂
- Lets say the worst happens you either lose your MacBook or it is stolen, because it is encrypted the miscreant will not be able to access your files = good 🙂
- Lets say you have a portable hard disk you use to backup your MacBook and keep it with your MacBook in the same bag so you can do backups and restore them wherever you are, lets say this Time Machine backup drive is not encrypted, this laptop bag with both your MacBook and the Time Machine backup in it is again lost or stolen, not only have you lost the MacBook but you have also lost the backup, while the MacBook is encrypted preventing the miscreant from accessing it they will be able to access the backup on the Time Machine drive = bad 😟
- If however the backup drive is also encrypted then the thief will still not be able to access the contents = good 🙂
- Lets say you have a MacBook and it is (supposedly) safe in your house, and you have a Time Machine drive also in your house and once again the Time Machine drive is not encrypted, a thief could take just the Time Machine drive and still have all your unprotected data = bad 😟
For people working in roles that involve using customer data it does not matter where it is kept you have a moral and legal responsility for protecting that data. If this is just your own personal files then there is no absolute need to encrypt your laptop and equally no absolute need to encrypt the backup. However if you have the need to encrypt your laptop - which you obviously decided you have, then equally there will be an identical need to encrypt the backups.
Note: You can with Time Machine now have more than one backup drive defined, so for laptop users a drive left in the home/office and another one that you keep with you is a good approach. Remember to encrypt both though!
Apart from the above, the reason I feel so strongly about this is that some commercial Full Disk Encryption products do not have the ability to encrypt external drives. (I am looking at you CheckPoint and Sophos.) What hacks me off is a security products company making this same stupid mistake. It should be noted that both Apple and PGP do allow you to encrypt both the boot drive and external drives.