7 actions you can take to protect your data cloud storage: Internet Scambusters #714
Cloud storage — keeping your files on off-site computer servers — is no longer just for businesses and nerds. Everyone is doing it.
That’s because there are big advantages to storing your data elsewhere, like instant access from any device.
There are also security risks, as we explain this week, but a few simple measures can help keep your data safe.
Let’s get started…
How Safe is Cloud Storage for Your Files?
Only a few years ago, if anyone mentioned cloud storage to you, you’d think they were talking about those fluffy white things that float in the sky.
But now the word has taken on a totally different meaning, as a place where you can store your digital files, or even some of your computer programs.
Of course, it’s not really a cloud and it’s not in the sky. It’s just a shorthand way of referring to huge networks of computer storage systems usually housed in giant warehouses.
Well-known cloud-service providers include Google, Microsoft (One Drive) and Apple (iDrive), plus proprietary services like Dropbox, but there are hundreds more.
The two main attractions to home users is that by placing your files on one of these networks, you can then access them from anywhere with any Internet-connected device.
Plus, they’re in a different place to where you are. So if anything happened to your PC — like a theft or a fire — your digital files stay safe.
But how safe?
As more and more users opt for the convenience of cloud storage, they understandably worry about how secure their files are, since they are effectively out of their personal control.
There are two key risks.
First, there’s the possibility that hackers will access one of these cloud networks and steal information, either usernames and passwords, or the actual files themselves.
There have been several instances in the past when crooks have stolen information either by hacking cloud systems or by hijacking users’ identities and logging onto their cloud accounts to download their files.
Sometimes, they use simple phishing emails to trick victims into giving away their sign-on details.
Second, there’s a privacy issue. Government agencies can legally demand to see information stored in the cloud.
For instance, last year Google received more than 35,000 official requests to access user information. In more than half the cases, the Internet giant handed over data. Microsoft received and disclosed even more.
Furthermore, some service-providers and their staff can themselves inspect your files, for example to decide whether they’re acceptable or not — removing them if perhaps they infringe a copyright.
The Plus Side
Of course, you may not have any concerns about the privacy and protection of your files so that wouldn’t be an issue.
Plus, the level of anti-hacking security on cloud computers (or servers as they’re usually referred to) is way higher than you could ever implement on your PC.
Furthermore, some cloud service providers offer additional layers of security, some of which make files totally inaccessible to the providers themselves, which means they can’t be used by hackers or governments, even if they got a hold of them.
The simple fact is that wherever you store your files — on your PC or in the cloud — it is never totally safe from prying eyes unless you use a machine that is not and never has been connected to the Internet!
So whether you use the cloud or not is a trade-off decision between its convenience and the security risks as you view them.
However, if you do opt to use cloud storage, there are several important steps you can take to protect your data.
7 Key Actions
Here are 7 key actions:
1. Use a unique and difficult to break password.
We’ve written many times about password security, so check out one of our previous issues for more information: 10 Keys to Password Security.
2. Enable two-factor authentication on your cloud account.
At its simplest, this is a second password or code that is usually sent by SMS text or auto-generated on your smartphone when you try to log on.
Again, it’s something we’ve discussed in a previous issue, if you want to know more: How to Easily Enhance Your Password Security.
Usually, when you set up a new device and link it to your cloud account, you’ll be asked for this second code.
You can generally also see a list of devices that you’ve connected in the past by checking your online account.
Make sure there are no devices you don’t recognize. If there are, disconnect them and change your password.
3. Use some form of encryption, especially for sensitive or confidential information.
Encryption is a way of scrambling the data in your files so they can’t be read by anyone who doesn’t have the encryption key.
You can find free programs online that will encrypt files and lock them with a password, but some cloud service providers also encrypt your data while it’s on their servers — the trouble then, of course, is that they still have the key!
However, there are a handful of specialist cloud companies that automatically encrypt files while they’re on your PC, so the providers themselves never have the key.
These services are the most secure from a privacy point of view but they also tend to be more expensive.
In any case, you should definitely understand your provider’s position on privacy and encryption before you subscribe to any service.
You might find this article useful: The Best Cloud Storage Services that Protect Your Privacy.
4. Consider using two service providers.
Most providers, even the most secure and expensive, offer a limited amount of free storage space.
You could keep your most sensitive files on one of these high-security services, while using a cheaper one for non-sensitive files.
5. Set up a new device notification.
With most providers, you can set up a process whereby you are notified by email if someone signs on to your cloud account.
This would provide early warning if your account has been hacked and hopefully allow you time to change your password and block access.
6. If you use a public computer to access your cloud account, make sure you’re fully logged out when you’re finished.
However, we would urge caution about using a public computer for any confidential access because of the risk that key-logger malware may have been installed.
7. If you receive a text or email notification suggesting your account has been compromised and requesting you to log in, don’t click on or follow any links in the message.
It may be a phishing attempt.
Instead, key in the correct address for your cloud storage provider and check things from there.
Alert of the Week
Millions of Android phones and tablets have been infected with a piece of malware known as HummingBad.
The program generates clicks on advertising sites, which earns the perpetrators a fee for each click, but security services say the malware may also have a more sinister purpose.
To learn how to check if your device has been infected and how to remove it, see How to Tell if Your Android Phone has the HummingBad Malware.
Time to conclude for today — have a great week!