Tips to Keep Your Cloud Storage Safe

For the last few years, cloud storage has become popular as a means to backup an individual’s / business’ files, important documents, photos, digital rolodexes (e.g., people’s names, numbers, email addresses, passwords), projects, etc.

Unfortunately, the masses assume their files are secure just because “a large corporation is running the cloud service” or even because “nothing yet has happened to my files”. There are steps you must take to protect your data, and not just relying upon the cloud service to do this for you.

  1. You must make sure the password to your cloud storage is a good one. Having a bad password that is easily guessed does you no good.
    • It is good practice to use a password manager (preferably offline) and generate passwords with a combination of lowercase, uppercase, numbers, and symbols.
    • Some people will combine words together for their password. This is not as secure as the above method, but is better than nothing.
    • Never write down your password. That is a good way to get it stolen.
  2. Enable 2-step authentication (if available) for logging into your cloud storage account.
    • This is a very good method to stop most hackers dead in their tracks. Most will not have access to your phone or email to receive the 2-step authentication request, so they will not be able to gain unauthorized access to your account.
  3. Always encrypt your files before uploading them to your cloud storage.
    • Several file compression software can encrypt files for you. You just need to provide a password.
    • 7-Zip can create encrypted / compressed archives using the AES-256 algorithm (symmetric encryption; this means you use the same password to both encrypt and decrypt the archive).
      • It can even encrypt the file names inside the archive too, so no one can try to guess what is in the archive by just looking at the file names, even if they cannot access the data.
    • I know cloud storage companies claim to encrypt your files. The problem? They have the encryption keys, so they can decrypt your files whenever and snoop.
    • Even if the storage service does not have a secret policy to snoop through their customers’ files, rogue employees could still do it without the management’s knowledge.
    • Imagine if someone uploaded a text file with their bank information on it (never do that!), and it was not encrypted before being uploaded to the cloud storage? A disaster waiting to happen.
  4. Always have at least two backups of your information. Never rely upon just one cloud storage company to backup all your data.
    • If you must, you may buy a hard drive to backup your data to once a week (or whatever works for you), and place it somewhere for safe keeping (basically, cold storage).

 


Posted in Cloud, Computers, Internet and Servers, Security, Tips & Tutorials

Let’s Encrypt – Free SSL/TLS Certificates for Your Website

If you have a personal or small business website that you wish to secure via an SSL/TLS certificate, you can use Let’s Encrypt to do it for free.

It used to be when you needed web encryption for your website, you had to go to a certificate authority and pay for one. What is worse, the certificate would have to be renewed every so often. It depended upon how many years you paid for in advance.

If you opted not to renew your certificate, your web visitors would see a scary message telling them “Your connection to the website is not secure!”.

Technically the “your connection is not secure” message is incorrect. An expired certificate can still secure your connection to a server, assuming you have not enabled HSTS for your domain. It’s only that the web browser – and other software – will no longer “trust” the certificate because it has expired.

Some services give their users a user-friendly option to setup a Let’s Encrypt certificate for their website. However, for people like me with custom setups, we must use other less user-friendly solutions.

If you are interested, here is the “Getting Started” link:  https://letsencrypt.org/getting-started/


Posted in Computers, Internet and Servers, Security, Software

What Exactly Does “better” Mean, and Why You Should Always Give Context

I have noticed many times on the Internet, people will ask if A is better than B. However, they do not give any context of what they consider “better” to be.

Whenever someone asks me if A is better than B, I always ask them, “What exactly do you mean?”. This is so I can help them make an informed decision. Otherwise I am just guessing, and that will not be helpful to anyone.


Here is an example of someone asking if something is better without context.

A guy named Jeremy goes to a cellphone store and asks Greg the salesman, “Which phone is better to use?”.

Jeremy has not explained to Greg what his requirements are. He could be asking “Which phone is cheaper?”, “Which phone is the fastest?”, “Which phone has the most battery life?”, etc. You get the idea. His saying “better” does not give any context to Greg.

Now Greg proceeds to correctly ask Jeremy, “What are your specific requirements?”. Jeremy then responds saying he is looking for a phone that has a large screen and is not too slow. Now Greg has context – instead of just “better” – and he now can properly show Jeremy the phones that will meet his needs.

Now Jeremy leaves the store happy, since he was able to purchase the phone he wanted.


Something to keep in mind. When someone mentions “better”, that is just their opinion. It does not mean anything until you get their context, and even then, you still would have to agree with their reasons why A is better than B.

You can also have someone who does not care either way. In this case, “better” does not factor in for him.

In addition, you may have someone give their opinion that A is better than B. However, if there is ample, reliable evidence to prove that A is instead equal to B (e.g., scientific research done by two independent universities that came to the same conclusion using valid, reliable methods to test), then there is cause to not believe what the person said. It all comes down to using common sense.

Summary: It’s good practice to always add context when asking if A is “better” than B, otherwise you will have people misunderstand what you are asking and may (unintentionally) give you an answer that is not helpful.


Posted in Computers, General, Internet and Servers, Operating Systems, Security, Shopping, Society, Software

Several ‘no log’ VPN Providers Caught Keeping Logs

I have written before about being cautious concerning any VPN providers who claim they are not keeping logs.

Just this morning, I was sent an email concerning several VPN providers who had their data dumped onto the Internet, proving they had been keeping logs while claiming they do not keep logs.

This is more proof that you should never trust a “no logging” VPN service to not keep logs.

Now am I saying that using a paid VPN is useless? No, but you need to be careful which VPN service you are using. In my experience, very few are legitimate, and even the legitimate ones are probably logging enough data to eventually identify you.

VPN services are in it for the money and most will say anything (e.g., “no logs”) to make a quick buck. Not to mention they could be selling your user data on the side – a double-whammy.


Posted in Computers, Internet and Servers, Security, Software, VPN