Tips to Keep Your Cloud Storage Safe
For the last few years, cloud storage has become popular as a means to backup an individual’s / business’ files, important documents, photos, digital rolodexes (e.g., people’s names, numbers, email addresses, passwords), projects, etc.
Unfortunately, the masses assume their files are secure just because “a large corporation is running the cloud service” or even because “nothing yet has happened to my files”. There are steps you must take to protect your data, and not just relying upon the cloud service to do this for you.
- You must make sure the password to your cloud storage is a good one. Having a bad password that is easily guessed does you no good.
- It is good practice to use a password manager (preferably offline) and generate passwords with a combination of lowercase, uppercase, numbers, and symbols.
- Some people will combine words together for their password. This is not as secure as the above method, but is better than nothing.
- Never write down your password. That is a good way to get it stolen.
- Enable 2-step authentication (if available) for logging into your cloud storage account.
- This is a very good method to stop most hackers dead in their tracks. Most will not have access to your phone or email to receive the 2-step authentication request, so they will not be able to gain unauthorized access to your account.
- Always encrypt your files before uploading them to your cloud storage.
- Several file compression software can encrypt files for you. You just need to provide a password.
- 7-Zip can create encrypted / compressed archives using the AES-256 algorithm (symmetric encryption; this means you use the same password to both encrypt and decrypt the archive).
- It can even encrypt the file names inside the archive too, so no one can try to guess what is in the archive by just looking at the file names, even if they cannot access the data.
- I know cloud storage companies claim to encrypt your files. The problem? They have the encryption keys, so they can decrypt your files whenever and snoop.
- Even if the storage service does not have a secret policy to snoop through their customers’ files, rogue employees could still do it without the management’s knowledge.
- Imagine if someone uploaded a text file with their bank information on it (never do that!), and it was not encrypted before being uploaded to the cloud storage? A disaster waiting to happen.
- Always have at least two backups of your information. Never rely upon just one cloud storage company to backup all your data.
- If you must, you may buy a hard drive to backup your data to once a week (or whatever works for you), and place it somewhere for safe keeping (basically, cold storage).
Posted in Cloud, Computers, Internet and Servers, Security, Tips & Tutorials
Let’s Encrypt – Free SSL/TLS Certificates for Your Website
If you have a personal or small business website that you wish to secure via an SSL/TLS certificate, you can use Let’s Encrypt to do it for free.
It used to be when you needed web encryption for your website, you had to go to a certificate authority and pay for one. What is worse, the certificate would have to be renewed every so often. It depended upon how many years you paid for in advance.
If you opted not to renew your certificate, your web visitors would see a scary message telling them “Your connection to the website is not secure!”.
Technically the “your connection is not secure” message is incorrect. An expired certificate can still secure your connection to a server, assuming you have not enabled HSTS for your domain. It’s only that the web browser – and other software – will no longer “trust” the certificate because it has expired.
Some services give their users a user-friendly option to setup a Let’s Encrypt certificate for their website. However, for people like me with custom setups, we must use other less user-friendly solutions.
If you are interested, here is the “Getting Started” link: https://letsencrypt.org/getting-started/
Posted in Computers, Internet and Servers, Security, Software
Several ‘no log’ VPN Providers Caught Keeping Logs
I have written before about being cautious concerning any VPN providers who claim they are not keeping logs.
Just this morning, I was sent an email concerning several VPN providers who had their data dumped onto the Internet, proving they had been keeping logs while claiming they do not keep logs.
- https://www.theregister.com/2020/07/17/ufo_vpn_database/
- https://betanews.com/2020/07/15/ufo-vpn-data-leak/
- https://www.techradar.com/news/these-no-log-vpns-actually-collect-plenty-of-logs-and-the-data-has-been-exposed
This is more proof that you should never trust a “no logging” VPN service to not keep logs.
Now am I saying that using a paid VPN is useless? No, but you need to be careful which VPN service you are using. In my experience, very few are legitimate, and even the legitimate ones are probably logging enough data to eventually identify you.
VPN services are in it for the money and most will say anything (e.g., “no logs”) to make a quick buck. Not to mention they could be selling your user data on the side – a double-whammy.
Posted in Computers, Internet and Servers, Security, Software, VPN