Friday, October 20, 2017

Seven Ways to Make Sure Your Stuff is Safe in the Cloud

Whether you know it or not, chances are you are storing at least some of your data in a cloud-based service. Cloud services make accessing and backing up your data a breeze (pun intended). For instance, if you dropped your phone in a river while hiking, the cloud has likely already saved all of your photos, contacts and crucial data.

Not only can your life be backed up, but you might even have information about others. The days of posting on Facebook to ask your friends to send a text to your new number so you can save theirs is a thing of the past, given most people have their phone number linked to their social media. The adoption of cloud services by consumers has exploded in the last couple of years, to the point that as of February 2016, 782 million people are using Apple’s iCloud (Apple Insider, 2016).

However, where there is convenience there is also opportunity. It is so easy for you to access your personal data that, well, it is very easy for someone else to access your personal data. Needless to say, extra precautions do need to be taken when storing your personal data in the cloud. This is because when your photos, videos, music and personal data are backed up to ‘the cloud’, they are not really being backed up in a specific place. With data centers opening, migrating, closing, and data being stored in multiple data centers for redundancy, where is your personal data really? Vic Winkler of Dublin Business Wire explains, “Data may not remain in the same system, the same data center, or within the cloud provider’s systems. Conceivably, data may even be stored in another country, incurring considerable concern” (2011). If your data could be anywhere, you should probably do your part to protect it, right? Below are some suggestions to help you in this noble quest.

1. Strong Passwords

You might be surprised to know that software exists that can correctly guess your password in a matter of hours, maybe minutes. This is known as a brute force attack, and as non-threatening and friendly as it sounds, is pretty scary stuff. This software comes in licensed and open-source (free) forms and is usually used for security testing by companies, but it can also be used for personal gain. You have more than likely heard about the 2014 celebrity hack which compromised very personal photos. This came about after very weak passwords were exploited by hackers.

Many users create passwords they find easy to remember, but in turn are easy to crack given all it takes is for a hacker to gain a small amount of information about the user. A very common and vulnerable password is one containing the name of a user’s pet, which can be easily attained through social media.

2. Two-factor Authentication

Two-factor authentication is available for many of the accounts you have, including cloud accounts. This heightened level of authentication adds an extra layer of security to your login credentials. When you or anyone tries to log into your account with the password, you will be notified by text, email or, depending on the cloud service, in-app notification. You will then have the option to approve or deny the connection, according to the location and device data provided by this notification in regards to the client signing in. Two-factor authentication gets two thumbs up from us!

Here is a website where you can search for which of your accounts offer two-factor, and how to enable it.

3. Don’t keep work files in your personal cloud accounts

Keeping work information in your personal cloud accounts is just asking for trouble. Nobody wants to be the person who is responsible for a breach at their company. For example, the breach of customer information that occurred when a Dropbox employee’s Dropbox account was compromised in 2012. This employee had a document saved in this cloud-based service which was storing a large amount of Dropbox customers’ email addresses, and later on ended up saved in the hard drive of a hacker’s computer, before hitting the public realm. Do yourself and your career a favor and do not store anything work-related, especially sensitive information in your personal cloud accounts.

4. Don’t use the same password for all of your accounts

You would not use the same key to lock your home, car and other property, so it is definitely not a good idea to use the same password for multiple accounts. Often, bad actors will attempt to crack your password on a less valuable account and then use that password on higher value targets, like your online banking or social media accounts.

It is not always easy to remember multiple passwords for all of your accounts, and that is why password applications like LastPass exist. These applications not only save your passwords with the added security of two-factor authentication, but they also offer a password generator that makes securing and re-securing accounts a very standard process.

If applications are not your thing, another helpful practice is to use a sequence that makes sense to you for your passwords:

  • You pick one number and one special character (like *2).
  • Then you use that combination at the front and end of your password *2xxx*2.
  • You can use a sentence that describes the account you use, but only using the first letter of each word.

Example: For an Amazon account, you could use ‘Love to shop at Amazon’ as the phrase + your number/special character combination, so the password would be *2Lts@A*2.

5. Make sure your cloud provider uses encryption on your data

Whether you are using a service like iCloud or another application, make sure that the provider encrypts your data. For example, our Google platform encrypts data by default, with no additional action required from you. Apple’s iCloud uses a minimum of 128-bit encryption (an industry standard) and SSL (Secure Socket Layer) on your backed-up data. Not only does this sound highly technical and fancy, but it ensures that your data can only be utilized by you.

There are also apps that use a high level of encryption on data that you can store your stuff in.

We love encryption and so should you, so here is a more in-depth look at it: http://www.wired.co.uk/article/encryption-software-app-private-data-safe

6. Consider whether you want your data to automatically upload to the cloud

If you have data that you would not want anyone else to see, you might want to disable automatic cloud back-ups. This way, you can make sure the data in your cloud is only what you feel comfortable storing there. This practice also ensures that if your cloud account has a size limit, you will not be uploading content that is not valuable.

7. Use additional backup methods

It is definitely a good idea to backup your data in more places than just in the cloud. If your cloud account was compromised, and you had it backed up to an external hard drive for instance, you would be just fine.

Another alternative is a network-assisted drive (NAS), it behaves like an external hard drive, and all devices in your secure network can back-up to it without the need of a USB connection. NAS’s also tend to double as a media server where content can be viewed by all authorized devices in your network.