“91% of adults in the survey “agree” or “strongly agree” that consumers,” shares a 2014 Pew Research study, “have lost control over how personal information is collected and used by companies.” Unfortunately, that perception may be tied directly to how many of us are storing confidential data–whether we want to or not–in cloud-based storage systems.
If you’re like me, you’re storing important data online because of the following reasons:
- Easy backup – You’re worried that storing it on USB external flash drives or “sticks” is too dangerous since they are easy to lose, may suffer data corruption. With Dropbox and GoogleDrive, the “backup” of your data happens auto-magically when you save stuff in the appropriate folder on your computer.
- Portability – You love to be able to work from anywhere, even when you’re out for coffee at Starbucks. You also don’t want to leave confidential data on your laptop since you carry that everywhere and while it’s password protected, you’re positive you don’t have fancy disk encryption turned on. You DO make sure to logout of your cloud storage, though.
- Collaboration – Everything you do involves partnering with someone else, and that’s why GoogleDocs is so good for team projects. When you save stuff on Dropbox or GoogleDrive, other people can get to it and work with it…and that’s great all-around!
Unfortunately, you can’t just assume that confidential data will be safeguarded appropriately when it’s stored in the Cloud. To safeguard that sensitive data, you need to take a few steps. Here are 3 steps you can take that will immediately protect you when placing your precious data online. Are they the only steps you can take? Absolutely not! The question is, How much security are you willing to trade for ease of use? It’s a tough scale and over time, trust me, you will find the right balance. For now, though, it won’t hurt to be overly protective…well, it won’t hurt TOO much.
Step #1 – Protect your Device and Connections
We often carry our devices–laptops, phones, tablets–everywhere we go but fail to protect them adequately. What’s worse, we also forget that when our devices connect over public WiFi, we are in danger of being “packet-sniffed.” This is a fancy way of saying, people can eavesdrop our WiFi and snatch critical information, like our login credentials (more about that in a moment, Step #2).
Make an effort to protect your device, though, including logging out or “locking” it so someone can’t just pick it up and start using it. Establish a secure “cloud computing base” that protects against malware/viruses that may load keylogging software onto your machine. You can do that by keeping your anti-malware/anti-virus software up to date. Some suggested tools include MalwareBytes, Spyware Blaster, Spybot Search & Destroy for spyware/malware, while using AVG Anti-Virus for antivirus (Windows 10 has solid tools, BTW), and, finally, removing and cleaning up your Windows computer using Revo Uninstaller and CCleaner.
Step #2 – Safeguard Your Cloud Computing Login Credentials
As mentioned in Step #1, safeguarding your Cloud Computing Login credentials is critical. You need to invest in a Virtual Private Network (VPN)–especially if your work place isn’t providing one, although most school districts and employers do–like Private Internet Access (my favorite VPN provider, BTW, because it works on ALL my devices). Without a VPN, you are open to packet analyzers and sniffers because your data is being transmitted in clear text….that is, NOT encrypted. While Google and other providers have made every effort to encourage folks, many services still rely on unencrypted connections (without the gold Secure Socket Layer (SSL) padlock).
Not only do you need to avoid phishing and spear phishing (targeted at specific individuals) schemes–which attempt to steal your credentials so they can expand their circle of confusion and infection to others–you also need to take advantage of tools like Keepass, Dashlane, and LastPass. There are others but you can google “online password manager” and find many solutions. Another important point is to ensure you have a secure password generator, which many of the tools listed above provide. School districts may also consider drafting a policy, a sample of which is available online.
You can protect yourself by also taking advantage of 2-factor authentication, illustrated below:
2-factor authentication is available for a variety of services. I use it with GoogleApps, Dropbox, and many others.
Step #3 – Practice Safe Data Practices
Since we must all work with confidential at some point, even if it is personally identifiable information (PII), or medical/health information, we must practice safe data practices. One of those practices–aside from shredding paper copies of sensitive data–including encrypting that data when it is NOT in use and/or in transit. If in a work environment, make sure that you ONLY access sensitive data on work devices, avoid clicking on email links and attachments from people you don’t know, and, for goodness sake, DO NOT do that while checking your personal email at work, especially if it is a Yahoo email account given the types of malware spreading ads that find themselves displayed.
If you aren’t encrypting your data before putting it in the cloud, you are sending a clear message that you just lack concern for confidential data. While some data is intended to be portable, easy to backup, and collaborate with, confidential data is NOT. Some ways to encrypt your data include using tools like Secret Space Encryptor (SSE)–which works on Windows, Mac, GNU/Linux and Android–and/or Chromebook friendly MiniLock. Tutorials are available as videos and/or print. All of these encryption tools ARE EASY to use and encrypted files/folders can be saved directly to cloud storage (e.g. Dropbox, GoogleDrive). Android users typically have more encryption options–given that iOS sandboxes its apps, it’s a little more difficult–available to them, like Secret Space Encryptor (SSE).
However, if you want an even more dynamic solution, considering using encrypted file storage like SpiderOak storage (Dropbox like storage but encrypted) or even overlaying encryption with BoxCryptor, which includes a portable solution.
You can regain control of how data is shared provided you follow the 3 simple steps outlined in this article. Unfortunately, as data goes mobile, you’ll have to find the solution that works best on your device.