Sign in Subscribe
Cyber Security Tips

How to Secure Your Files in The Cloud

Barry Kavanagh

6 min read
How to Secure Your Files in The Cloud

Let's get one thing straight, for all intents and purposes "the cloud" is in fact, someone elses computer. There are however, additional benefits (depending on the provider) such as backups and redundancy, scalability, security and in some cases lower cost per GB of storage. For the purposes of simplicity, this post will be vendor agnostic and all security controls mentioned should be supported by the leading cloud storage providers such as: Box, DropBox, iCloud, Google Drive, & One Drive.

Account Security

Let's start with securing the account first. Most personal cloud storage is accessed via email address and password. Assuming the email account being used to sign up is secured (more on that in a future post), always make sure to use a unique and complex password when creating a personal cloud storage account. This should be easy for those who use a password manager, for those who don't, there are many free password managers available with limitations to get you started before considering a paid version.

Authentication

Once the account is created and you're happy with your password strength, it's time to enable MFA (Multi-Factor Authentication) if it's supported. This is also sometimes referred to as 2FA (Two Factor Authentication). Enabling MFA/2FA means that anytime you sign in or anytime a sign in is detected from a new device then the provider will require a PIN to be entered, usually set up as being sent via SMS to your phone or some providers will request a code from an app like Microsoft Authenticator or Google Authenticator which generate new one time pin codes every 30 seconds. This control makes sure only you can access your account assuming you have your phone to hand and you only enter the PIN into the legitimate providers site and not a link you opened from a phishing email or text.

Although MFA/2FA are not hack proof, they add an extra security layer which gives you defence in depth. Remember, anyone who knows your email address already (or if it is ever included in a future data breach) will only need to guess your password to gain access to your cloud storage if MFA/2FA is not enabled or if your cloud provider does not support it. As of writing, all providers listed in the beginning of this article support MFA/2FA.

File Security

Now that the cloud account is in good shape it's time to consider the files themselves you will be storing. Before uploading anything, be sure to minimise the sensitive files you store in the cloud. This is mainly from a privacy perspective as theoretically a rogue employee from the cloud provider with the right permissions could access your files as they own the infrastructure. If that's a concern for you though there is a solution, encryption! Regardless of how secure the provider says the platform is, if they control the encryption keys that encrypts and decrypts your data then they have the capability to access it (It is extremely unlikely to happen though).

Fortunately, encryption is accessible to you too and it sounds more complex than it really is. Put simply if you password protect a file you have technically encrypted it. The decryption key is the password. By protecting your files in this way before uploading to the cloud you have ensured that only you have access to those files you uploaded. A slight drawback though is you will have to download a copy of the files to decrypt them and view/use them and re-upload newer file versions if you make changes. You'll also need to disable any automatic backup of local folders to avoid uploading unencrypted files automatically. Some providers let you specify which folders to automatically backup so you could set this to the one local folder and only drop encrypted files in it.

Access Controls

If you want to share files from your cloud storage with a friend, family member or colleague but you want to avoid the effort of encrypting the files, you can still limit the access using shared folders. Creating a shared folder allows you to give someone access to one or more shared folders in your cloud storage without giving them access to the other folders in your account. The access can then be removed at anytime. It's worth noting though, that it's usually possible to download a copy of a file from a shared folder so bear that in mind before you grant the access in the first place if file downloading can't be disabled for the shared folder. You should also consider setting a reminder for 30 or 90 days time to recertify the access. For example, if you are a business who granted temporary access to a contractor and the work is now completed the access should be removed. This is known as the least priveledge principle.

Physical Access

Physical access (often forgotten) is very important. Why bother securing your cloud storage if you just leave your device unlocked in a public place like a coffee shop? This leaves your device vulnerable to what is known as an Evil Maid attack which is the act of accessing an unattended device, usually with malicious intent.

hacker hand stealing data from laptop top down

Backups and Disaster Recovery

As with any good security strategy backups are often neglected until there's an incident that makes it painfully aparrent how important they are. Especially when restoring a backup is your last resort and you don't have a backup to hand. Some people may be using the cloud specifically for backups and still store all the files locally. Others however, may be trying to free up space by storing all files in the cloud and considering it a backup in itself as the cloud has resiliency built in. Both have pros and cons but both would benefit from an offline physical backup in case access to a cloud account was lost through compromise or the provider themselves were compromised.

Now days, 1TB external hard drives are not too expensive and having a routine of backing up your files a few times a year could save you a lot of stress and headaches. I have personally benefitted from backups many times in the past and the only reason my discipline with backing up is so consistent is because I learned my data loss lesson the hard way, twice. Alternatively, you can always back up to a second cloud provider that offers enough storage for free or at a small monthly price. It's highly unlikely two cloud providers will be compromised at once and you'd lose access to both. You do however have a dependency on a solid internet connection to retrieve the files.

Choosing a Cloud Storage Provider

Finally, less frequently mentioned is your choice of vendor really does matter. Not just in terms usabilty and security but in terms of service of company goals. Then old saying "there's no such thing as a free lunch" stands true. You (and your data) are usually the product if the service is being offered for free (freemium). I will have a seperate post on an example of this that I'm still invesitgating and sourcing evidence on but a quick Google search will show you multiple reports of a certain provider offering 1TB of free storage. This same provider was suspected of not only using the data for financial gain but also severly limiting the download speeds from their servers for anyone trying to retrive their files later and close their account with an option to upgrade to a paid plan for ultra fast download speeds. When it comes to cloud storage providers the key players listed in the beginning of this post are well established and know what they're doing (most of the time) in this space. There are always new kids on the block though with tempting offerings too, which are also worth considering and using the advice in this post will stack the deck in your favour should things go sideways for any provider.

Summary

  • Ensure your account has a unique and complex password.
  • Enable multi-factor authentication.
  • Password protect your files before uploading.
  • Limit access to and shared folders and recertify that access.
  • Lock your device and never leave it unattended in public.
  • Back up your data offline or with another cloud provider.
  • Choose a reputable provider, research their company values and avail of any free trials to test usability and speed before comitting.
  • Be mindful of phishing, if you follow all this advice but don't look for the phishing red flags in this post you will just be handing a very secure account to an attacker and saving them time securing it themselves.
Share on LinkedIn

If you enjoyed this post, please consider supporting my work through the button below or becoming a free subscriber, it really helps, thank you!

If you're a business and would like to discuss consulting services, you can request a free consultation here: https://www.megabytesandme.com/services/

Thank you!