- October 28, 2016
- Posted by: Sadman Sakib
- Category: Security Tips
No more having to bring your thumb drives or portable hard disks along wherever you go because cloud-based storage services are here to stay. From Google Drive to Dropbox, these cloud solutions store your data online and provide you with the ease of accessing them at any place and time where Internet connection is available.
The convenience does seems tempting, but uploading your personal data to a cloud provider undoubtedly raises a couple of security concerns. For one, you can never be sure of who else could be accessing these sensitive information.
That being said, we can always protect our data from unauthorized access if we just make some extra efforts. Here are a couple of practical tips to keep your cloud data as secure as it gets.
1. Back Up Data Locally
Rule No.1 when it comes to managing data is to always have a backup for your data. Generally speaking, it is good practice to create electronic copies for any of your data so that you will still be able to access them even when the original is lost or has been corrupted. There are many cloud storage services available in the market today, which means you can set up some cloud accounts for backup purposes.
If you have data in the cloud, you should also manually backup your data in an external physical storage drive or device, like a hard disk or a thumb drive. This also allows you to access the information when you have poor or no Internet connection.
2. Avoid Storing Sensitive Information
I doubt there’s such a thing as real privacy on the internet, so personally I wouldn’t trust storing my top secret files in the cloud. Call it paranoia, but identity theft is on the rise and I just don’t want to risk any of that. In any case, we probably don’t have to look at our most sensitive data through the cloud on a 24/7 basis.
My advice is to keep only those files which you need to access frequently and avoid putting up documents containing passwords for your various online accounts or personally identifiable information (PII) such as your credit card numbers, national identification number, home address, etc.
If you must include these information in your files, make sure to encrypt them before you upload.
3. Use Cloud Services That Encrypt Your Data
One of the easiest way to safeguard your privacy when using cloud storage services is to look for one that offers local encryption for your data. This provides an additional layer of security since decryption will be required before you can be granted access to the data.
Otherwise known as the zero-knowledge proof in cryptographic, this method will even protect your data against the service providers and administrators themselves. While keeping data encrypted in the cloud may be good enough, it would be even better if the cloud service also ensures encryption during the uploading and downloading phases. This can be done using military-grade Advanced Encryption Standard (AES) (256 bits), which services like DrivePop adopts.
With the additional step of encrypting and decrypting your data, you may realise that syncing your files with your cloud drive takes a little while. That said, this is a necessary pain to go through if you want the documents to be accessible to you and you alone.
4. Encrypt the Data Before Putting it on The Cloud
If you choose not to use a cloud service that will help you encrypt the data, you can use a third-party tool to perform the encryption. All you got to do is download a cloud-protection app which will allow you to apply passwordsand generate secret key sequences to your files before you actually upload them to the cloud.
Even if you’re already opting for an encrypted cloud service, it wouldn’t hurt to go through a preliminary round of encryption for your files to get a little extra assurance.
5. Read the Small Print of the Cloud Service Provider
Besides storing your data, some cloud services allow you to share your photos and files with others. This definitely sounds appealing, but sometimes these services come with a catch. There might be some fine print that they don’t
advertise but will stuff in their Terms of Service (TOS) to make it legitimate.
For instance, back in 2011, Twitpic wrote in their TOS that sharing your pictures on their service gives them the right to ‘use or distribute‘ the pictures. They later apologised but further clarified that they can distribute the securing-cloud-data on Twitpic and affiliated partners, although the final copyright still belongs to the owner of the photographs.
While not exactly a dedicated cloud storage service, Twitpic puts forward a good case for why you should be cognisant of what to expect from your cloud provider, especially with regard to their security and privacy policies. Try to research online to find out if there are any bad reviews or caveats that you should be wary about. This will put you in a more informed position before you go ahead with their services.
6. Use a Strong Password / Apply Two-Step Verification
As the first line of defence against malicious hackers out there, you had better be sure that your password can stand a hacking or cracking attempt. There are tons of tips on the Internet on what makes for a good password. Aside from going for a strong and unique password, make sure to change it frequently and not repeat it across all other online accounts you have.
Alternatively, you may go for the much more secure two-step verification for your login if your cloud service offers the option. In the case for Google Drive, users have to login to their Google account first in order to use the cloud storage service. Two-step verification can be turned on for Google accounts – a verification code sent to the mobile phone gives the much needed added security on top of just your password to be able to access your cloud data.
7. Be Wary of Your Online Behaviour
Sometimes, the security of your cloud data depends on what you do online, especially on public computers or connections. When using a public computer, do you opt to not save your password, and ensure that you logged out of your account after you are done? Saving your password and leaving it logged in exposes you to the risk of strangers accessing your data. Do you tend to connect open and unsecured Wi-Fi hotspots in public places to log in to your cloud account? Such connections are typically unencrypted, which means that whatever you do while connected can be ‘sniffed‘ by a hacker on the same network. This can even include your login credentials for your cloud account! Just check out this useful article from NoWiresSecurity depicting what these hackers can actually see from unencrypted wireless networks.
8. Protect Your System with Anti-Virus & Anti-Spy
You may be using a secure cloud service provider which you absolutely trust, but sometimes the weakest link happens to be the computer system you’re logging in from. Without proper protection for your system, you expose yourself to bugs and viruses that provide penetration points for hackers to access your account.
Take for instance the presence of a Keylogger Trojan which attempts to track all your keystrokes. By embedding this malicious software to seemingly legitimate files, hackers will be able to get hold of your user ID and password if your system isn’t well protected enough to detect it, and if the login isn’t secured and encrypted.