Hacks related to data stored in the cloud seem to be never-ending. Whether it is celebrities having their iCloud hacked, or large corporations having their private data hacked, there just doesn’t seem to be an end to it. And, you know what, there’ll likely never will be. Anywhere you find massive amounts of data you will also find hackers trying to access that data. Hackers gonna hack.
It’s not all doom and gloom though. All that you have to do is make your data harder to access than the next account. If you are too big of a challenge, any hacker will simply move on to a different target. That’s just business, if it takes a hacker too much time they don’t make enough money for it to be worth their while. Let’s secure your cloud data, and give you some peace of mind using these five tactics.
Protect your cloud-based data
First, know where the data is stored
Nearly every single thing you do online winds up being stored somewhere on a cloud-based server. This includes your emails, your pictures, metadata, sites that you’ve visited, and on and on.
Your first task is to be sure that if you are putting something online that that is where you want it to be. Proactive data protection comes down to knowing that if you put a piece of information online, even when it seems private, the mere act of turning it into a digital file puts it at risk. Start thinking about:
- Whether or not you need to say something in an email rather than in person.
- Whether or not that picture will be better on your phone, or on a digital camera that does not connect to a cloud.
- If it would be a good idea to visit a website on an unencrypted connection.
If you do not create the data, it cannot wind up at risk in the cloud. In today’s share everything world this is a very difficult thing for most people to grasp. But it is the absolute first step in protecting sensitive information.
You must improve your password strategy
Going back in time a little bit, the infamous iCloud hack known as the Fappening has largely been attributed to poor password choices. Yes, I know it’s not fashionable to victim blame. But in the case of most of the celebrities who were hacked, it never would’ve happened if they had chosen stronger passwords.
When cloud passwords are hacked it is usually done with a brute force tool. These tools simply guess combinations of words thousands and thousands of times until they get the right ones. Combining one of these tools with the problem of Apple not having adequate rate limiting could have resulted in the iCloud hack.
You can protect your cloud account by choosing a password that is not a few simple words. Your better choices are:
- Creating a password which is a long sentence that you can be easily remember.
- Creating a password which is a jumble of the upper and lowercase letters, numbers, and symbols.
To make the second option easier if you can look into using a password generator tool.
Encrypt your communications more with a VPN
Every reputable place where you enter your password will be encrypted in some form. If you want to protect yourself more, especially when you are entering passwords over public Wi-Fi, you need to use the VPN’s military grade encryption.
Not only will a VPN encrypt your passwords, but it will encrypt every single piece of data that you send over it. This will protect your data during its entire movement from your computer to your cloud-based server. That journey just may be the riskiest part of its life. You need to protect it.
Encryption is, and always will be, your best friend when it comes to protecting your privacy. Relying upon networks you don’t know, or even cloud providers you don’t 100% trust, is a mistake you cannot make. Be sure to choose a trusted VPN provider, and know that your data is safe while it is in transport.
Restrict your access points
If you’re a cloud provider allows it, set it up so that only certain machines are allowed to access data from it. If it doesn’t have that, make sure it has a challenge for when a new machine tries to log into it.
Restricting the number of access points is kind of like a fortified compound. Which compound is going to be better protected:
- The one that has only one access point/gate which opens.
- The one that has five access points/gates which open.
You had better bet that it’s going to be the one with only one access point. Access points are weak spots in fortified compounds, just as they are in cloud-based servers on networks. Even if your cloud provider doesn’t allow this, doing something as simple as only accessing work data from work computers, instead of home computers, is a big improvement. Your SysAdmin will thank you.
Using two step verification: 2FA for the win
I touched on it briefly above, but true two step verification involves a one–time use code being sent to your email or smart phone in order to access your cloud. The way that it usually works is:
- You enter your login and password as normal.
- After doing this, a code is sent to your smart phone.
- A second screen pops up on your computer where you just entered your login and password.
- You enter the one time use code into the window.
- You will be able to continue on to your cloud data at this point.
The goal of 2FA is to make it so that not only with a hacker have to still your password, but they would also have to steal your phone. Protecting your cloud is all about making things more complicated, and this certainly does it.
Know your cloud provider inside and out
Everyone just automatically chooses Dropbox for their cloud data. Yes, they are the most well-known and are quite competent. But what you really need to know is about all of their encryption policies, knowing that your uncle also uses it is not enough.
The key things which you need to find out are:
- Do they encrypt your data while is sitting on their servers?
- Do they encrypt your data while it is being transported from your computer to their servers?
- Where are there servers located? Some countries have more power to seize servers at random than others. Pro tip: avoid Russia.
Take some time to research the different cloud providers out there. Do not rely upon the opinion of your Uncle alone … unless your uncle happens to be an online security expert.