File hosting / cloud storage services today are a dime a dozen. Players in this vertical constantly top each other with free storage offerings, business features, and custom plans, all designed to cater to every possible audience. But they all have one thing in common: the cloud.
Cloud storage is somewhat of a double-edged sword: it’s a convenient way to keep your entire fleet of devices in sync, but it can also spell disaster if someone finds the keys to your vault. Remember the celebrity nudes leak a few years ago? Yeah. You don’t want that ‘fappening’ to you. So it’s a good idea to remind ourselves that cloud storage services like iCloud, Dropbox and Google Drive are not impenetrable. Your vendor can only do so much to protect you. ‘The Fappening’ was mostly the result of those celebrities falling victim to phishing emails. So it’s important to enable extra safeguards to avoid falling victim to scams that steal your password. In this guide, we’ll look at five practices to secure your cloud content and keep your digital life away from prying eyes.
Step 1 – Verify your email and/or phone number
This may draw a resounding “d’oooh” from power users, but you’d be surprised how many people forget their login credentials, especially those who aren’t online 24/7. Checking and confirming your email address with your vendor also helps you recover a forgotten password, so consider this simple step a double-whammy. Most cloud services also let you change the email associated with your account so, if you want to start anew, look for the module that lets you tweak this setting. It’s typically located under “account settings” or “security.”
If you have a phone number associated with your account, verify that one as well, and remember to update it if you end up changing your number for any reason. It ensures you’re always reachable on another device for two-factor authentication, important notifications that may involve security matters, and other exceptional situations.
Step 2 – Review, add, or remove devices, browsers and linked apps
Most cloud services offer a handy list of all devices linked to your account. If you’re a longtime user, chances are you’ve swapped devices a few times over the years. So, don’t be surprised if the list names a Windows Vista machine, or your old BlackBerry Bold. While vendors do their best to monitor your account for suspicious activity, it’s a good idea to unlink any old devices you no longer use. The same goes for different web browsers associated with your account, or linked apps that integrate with the service. If you no longer use those apps, there’s no reason for your account to keep ties with them. Who’s to say they don’t suffer a breach one day and leak your credentials?
Step 3 – enable two-factor-authentication (2FA)
Two-factor-authentication, typically abbreviated as 2FA, adds another layer of security to your online accounts. It allows the service to verify that the person logging in is really you by asking you to confirm a code on another device that you own. Wonder when this comes in handy? The 2014 iCloud hack could have been almost entirely avoided had those celebs used 2FA.
So be sure to flip this switch on for every online service you have an account with, especially your cloud storage services. Most vendors today offer this option, and some even have it on by default. But for those services that don’t have 2FA enabled from the start, be sure to dig through the settings and turn it on. It’s a life saver!
Step 4 – have good password hygiene
Yes, it’s a drag, but you should still do it. Data breaches are so common these days that it’s become a matter of when, not if, one of your online accounts gets compromised. And cloud accounts are easily the most sensitive ones. It’s also wise to use a strong password when you decide to change it. Use a combination of upper- and lower-case letters, numbers, as well as special characters (#$%*). And remember, eight characters is the absolute minimum by today’s standards.
If you don’t trust your memory with such a complex string of characters, perhaps it’s time you considered using a password manager. There’s no shortage of options out there. Plus, it’s advisable to use different passwords with different online accounts, in case your credentials end up for sale on the dark web following a breach.
Microsoft even offers a way to go password-less with its OneDrive file-hosting service. All you need to do is download the Authenticator app for iOS or Android. “It’s more convenient and more secure,” according to the software giant. OneDrive users can also tick a box and have Microsoft remind them to change their password once every 72 days.
Step 5 – Always sign out!
The exclamation mark above is easily justified. ALWAYS sign out of your account when you access your file storage service in a web browser, especially on an external device. For instance, Dropbox stays logged in forever, even after you close the tab in your browser – a big oversight on behalf of a service with more than 500 million users. Nevertheless, end-users shoulder the responsibility of keeping their accounts secure. If someone else has access to your computer, whether at home or at work, they can easily peek into your private life with a few keystrokes and clicks. Maybe you have nothing to hide, but why would want someone peeking at your photos without you knowing? So remember to always hit that “sign out” button when you’re done.
These are just a few simple tricks to help you keep your digital life safe. We could mention other things as well, like choosing security questions and answers that can’t be easily guessed (for password recovery), or keeping an eye out for phishing scams that impersonate your cloud vendor. But as a rule of thumb, these five tips are all you need to stay on the safe side.
The folks at Apple prefer to keep iCloud users away from the technicalities and randomly trigger two-factor-authentication every now and then to verify that no one has hijacked your account. They even show you how to avoid phishing emails and other scams so you don’t mistakenly give someone the keys to your iCloud. Dropbox has a comprehensive security checkup module that lets you do most of the above in one shot. And Google and Microsoft offer handy “Authenticator” apps with their respective services (Google Drive and One Drive).
While businesses may be reluctant to store their intellectual property on remote servers, public clouds are nonetheless a decent option for regular users. So go ahead and apply these five tricks to your preferred cloud storage app or service. You’ll be glad you did. Stay safe out there!
*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Filip Truta. Read the original post at: https://hotforsecurity.bitdefender.com/blog/how-to-secure-your-cloud-file-storage-with-5-simple-tricks-20717.html