How to secure your cloud storage

The more devices we use, the more convenient it is to store files online. Using cloud services we can access our photos, documents, password manager and browser shortcuts using multiple devices with minimal effort. But does that mean hackers have an equally easy time of it? In this article, we explain how to lock down your cloud storage and storage backups online without opening yourself up to a breach.

Instinctively it feels less secure to store data in the cloud, a concept that seems fluffy and insubstantial. But understand that ‘the cloud’ is a marketing term that describes managed online services. This could be as simple as an FTP server or as complex as a highly secure global network of fast servers administered by a large team of experts.

Your own computer, on the other hand, is almost certainly administered by you and you alone. Statistically, you are probably not a security expert and even if you are, your time is going to be limited – you can’t monitor your computer (or, most likely, computers) every hour of the day and night. Hopefully, you are running it behind a firewall, have anti-malware software installed and keep things up to date. But even then, it’s not going to be 100 per cent secure and so it’s a bit of a myth that storing your files on your own hard disk is more secure than placing it in the hands of a reputable cloud storage provider.

We’ll investigate how you can stop bad guys hacking you and logging into your storage services as well as looking into how to protect your data if the service itself is hacked separately.

Encrypt everything

While it would be nice to assume that every commercial cloud storage service is state-of-the-art when it comes to security, it’s best not to. Let’s imagine that you back up your files to a service over an encrypted connection. That’s great because it stop the bad guys from intercepting your files as they flow over the internet. But once they are in place on the servers they are potentially at risk. In many cases, the provider will encrypt these files but maintains access to them. The benefit to you is that they can help you recover files if things go wrong on your computer. The downside is that if their administrators can see the contents of your files then potentially a successful hacker will be able to as well.

In some cases, it is possible to add a further layer of encryption so that only you can decrypt the files. The online backup firm Backblaze provides this as an option, warning that if you add your own password to the system it won’t be able to decrypt the files for you later, should you run into problems.

Dropbox encrypts the files it stores, but it potentially has access to files because of legal requirements. It claims, “Like most online services, we have a small number of employees who must be able to access user data for the reasons stated in our privacy policy (e.g., when legally required to do so).” You can lock those employees out by encrypting your data first, which could be a headache but, some backup applications will do this for you. For example, BullGuard Internet Security lets you back up directly to Dropbox and has an encryption feature that you can enable.

More than a password

Many people use Dropbox, Google Drive and Microsoft OneDrive not only as a convenient file store but also as a means to share files. Adding extra encryption doesn’t work very well when sharing files, as you also have to share passwords or, if you are really advanced, start playing with public encryption keys. This, we predict, will be so annoying that you’ll give up on encryption entirely.

One serious threat to users of online storage is the possibility for an attacker to find or steal usernames and passwords and so gain access to the file stores. They can then steal or damage important data. Potentially they could even upload infected files, such as Word documents or PDFs, which you would trust (they are files stored in your personal online space – why wouldn’t you trust them?) Open one, though, and a hacker could take control of your PC directly.

We need a way to stop hackers from logging in as you. Luckily such a technology is available. Instead of relying on what you know (username and password) it adds a third element – something you have. For example, you might set up Dropbox so that once you’ve entered the correct username and password it then requests that you enter the code number that it automatically sent to your mobile phone.

While Dropbox wasn’t ‘hacked’ per se, back in October 2014, some users’ login details were found by hackers who then tried to log into Dropbox. One simple way to avoid being a victim of such activity is to enable this second line of defence, which is often called two factor authentication (2FA). Dropbox also supports security applications, which reside on your smartphone and generate new codes every few seconds, and USB security keys (which you’ll need to buy separately). You’ll find similar 2FA facilities are supported by Google Drive and Microsoft OneDrive.