Online storage — or, metaphorically, the “cloud” — comes in many forms from many different providers. Google Drive, Dropbox, and Microsoft OneDrive are some of the most popular. And while the services they offer differ, the basic pitch is the same: We’ll store your files on our servers so you can access them from any device, even one that doesn’t belong to you.
This has many advantages over the traditional method of storing your files locally, on whatever machine or device you are using at the time.
Advantages of the cloud
- Backup: Many users use cloud storage as backup in case they lose their data locally. If your laptop is stolen, you won’t lose your important files.
- Syncing: Many cloud services also offer to sync files and settings between devices. If you change a file on one device, the other devices will update accordingly.
- Storage: Some users prefer to store some files only in the cloud to free up space on their personal devices.
- Sharing: Cloud storage makes file sharing easier. Instead of emailing bulky files to your friends and coworkers, you can send them a link to download the file from cloud storage.
It’s all very convenient, but handing over your personal data to someone else’s servers clearly raises some privacy concerns. Here we’ve organized a few steps you can take to strengthen your online storage security:
The most obvious drawback of cloud storage is that it doesn’t take a skilled hacker with access to your internet connection to raid your private files from anywhere in the world. All it takes is your password.
Use strong passwords
That’s why the importance of a strong password that only you know cannot be overstated. If you can’t come up with a password tougher than 12345678, then watch this clip of Ed Snowden on Last Week Tonight with John Oliver for a crash course in creating uncrackable, memorable passwords. You can also create a super strong password with ExpressVPN’s Random Password Generator.
Use a password manager
If you’re having trouble remembering all your passwords, try a password manager. A password manager saves all of your passwords and “locks” them behind a master password. You only need to remember one password — the master password — for the password manager to automatically enter your user credentials into the password-protected websites and apps you use on a daily basis.
Use 2-step authentication
For a huge security boost, use two-step authentication (sometimes called two-factor verification). This two-step login process adds an extra layer of security to your cloud account. In Step #1, you enter your password. In Step #2, a code is sent to your phone via SMS or voice message, which you then enter into the website to log in. This code can only be used once, so even if someone gets their hands on your password and a code you’ve used already, they’ll be locked out of your account.
With two-factor authentication an attacker with your password won’t be able to log in, to your cloud account unless they have somehow also stolen your phone. Check out this list of cloud storage services that offer two-step verification. If your provider isn’t listed, consider making a switch.
Storage vs. sync
Storage and sync are two very useful functions of the cloud, but it’s dangerous to confuse them. If you’re storing files in the cloud so that you can delete them from your local device (i.e., to save space), you’ll want to make sure that any “sync” function of the service is turned off. Otherwise, if you delete the files from your local computer (or phone, or tablet) you may find those files deleted everywhere!
This isn’t a security vulnerability, but it is important to know for the safety of your personal data. Check the details of your provider’s “sync” function before you delete files off your local device.
How secure is your storage provider?
Even if your password is totally secure, online storage is only as secure as the company that runs it. Google, Microsoft, and Dropbox are all well-respected in the tech community, and although they’ve publicly denounced any government policy that would allow backdoor access into their services, that may not be enough to assuage everyone’s concerns.
For the truly security-minded, the main sticking point with these services is their shared-key encryption. Files may be encrypted in transit, but they are decrypted by the shared servers, which means that administrators of those servers could access those files if they were so compelled. That’s fine if you trust the moral integrity of every employee at Google, Microsoft, and Dropbox, but if you don’t… consider another storage model called zero knowledge.
“Zero knowledge” is a term championed by SpiderOak, a smaller cloud service that got a nod from Edward Snowden for being more privacy-conscious than Dropbox. Unlike most other providers, SpiderOak does not own the keys to the encryption that protects its users’ files, meaning no one at the company can access any of them even if they wanted to. Other security-minded cloud storage providers with a zero-knowledge philosophy are Tresorit and Wuala.
What if you like the zero knowledge idea, but you don’t trust the company that claims to implement it? That gets into serious paranoia territory, but if you are so inclined, one alternate solution for any cloud storage service is to encrypt all your files manually before uploading. Use Disk Utility on a Mac, BitLocker on Windows, or third party VeraCrypt on multiple platforms. This requires some extra time on your part, so you’ll lose some of the convenience of an all-in-one cloud storage service, but it’s essential if you want to be 100 percent sure that you’re the only one with the ability to decrypt your files.
Finally, if you’re a bit more technically minded, you can also host your own cloud server. OwnCloud is open-source software that turns any server into a cloud storage service, i.e., one that you can access with a visual interface from anywhere. That’s useful for creating a fully secure shared file service just for you and your friends, or your own company.