The Lagoon TechMy little blog in Cyberspace.

For the last few years, cloud storage has become popular as a means to backup an individual’s / business’ files, important documents, photos, digital rolodexes (e.g., people’s names, numbers, email addresses, passwords), projects, etc.

Unfortunately, the masses assume their files are secure just because “a large corporation is running the cloud service” or even because “nothing yet has happened to my files”. There are steps you must take to protect your data, and not just relying upon the cloud service to do this for you.

1. You must make sure the password to your cloud storage is a good one. Having a bad password that is easily guessed does you no good.
   
   • It is good practice to use a password manager (preferably offline) and generate passwords with a combination of lowercase, uppercase, numbers, and symbols.
   • Some people will combine words together for their password. This is not as secure as the above method, but is better than nothing.
   • Never write down your password. That is a good way to get it stolen.
2. Enable 2-step authentication (if available) for logging into your cloud storage account.
   
   • This is a very good method to stop most hackers dead in their tracks. Most will not have access to your phone or email to receive the 2-step authentication request, so they will not be able to gain unauthorized access to your account.
3. Always encrypt your files before uploading them to your cloud storage.
   • Several file compression software can encrypt files for you. You just need to provide a password.
   • 7-Zip can create encrypted / compressed archives using the AES-256 algorithm (symmetric encryption; this means you use the same password to both encrypt and decrypt the archive).
     • It can even encrypt the file names inside the archive too, so no one can try to guess what is in the archive by just looking at the file names, even if they cannot access the data.
   • I know cloud storage companies claim to encrypt your files. The problem? They have the encryption keys, so they can decrypt your files whenever and snoop.
   • Even if the storage service does not have a secret policy to snoop through their customers’ files, rogue employees could still do it without the management’s knowledge.
   • Imagine if someone uploaded a text file with their bank information on it (never do that!), and it was not encrypted before being uploaded to the cloud storage? A disaster waiting to happen.
4. Always have at least two backups of your information. Never rely upon just one cloud storage company to backup all your data.
   • If you must, you may buy a hard drive to backup your data to once a week (or whatever works for you), and place it somewhere for safe keeping (basically, cold storage).