As cloud storage solutions are becoming more and more popular, ESET look at several simple steps you can take to secure your files on Google Drive
Cloud storage solutions have steadily become as popular as external storage devices; some may even argue that they are slowly surpassing them. The main point in favour of the cloud is that it is quickly, easily, and readily accessible from almost any digital device with an internet connection. Meanwhile, flash drives have to be hauled around and can be only accessed if plugged into a compatible device; and these can be misplaced or lost.
ESET takes a look at what steps you can take to store your data more securely on Google’s cloud storage service – Google Drive.
Securing your account
Most netizens secure their digital identities and accounts using only one security measure – a password. However, this isn’t a foolproof method, especially if it is a weak password. Another bad habit people have is recycling passwords, which means that if such a password is part of a data breach, cybercriminals can easily exploit it in a credential-stuffing attack.
That’s where two-factor authentication (2FA) comes in. It’s one of the easiest ways to add an extra layer of security, not just to your cloud storage but other accounts as well. To illustrate, there are three archetypal authentication factors, commonly known as the knowledge factor, possession factor, and existence factor.
The first is something you know, like a password or PIN code, while the second is something you have, like a physical key or a security token; the last is something you are, such as a fingerprint or retina scan. 2FA then requires you to use two of these factors to log in, usually a password and one of the others we’ve mentioned. So even if cybercriminals have your password and try to get access to your account, they will be missing one key piece of the puzzle.
Third-party apps
When using third-party developer applications, users have to be careful and evaluate each application they want to install. The first step they should take is to read the reviews and ratings of the addon they’re considering installing.
The next step, although rarely done, should be reading through the vendor’s privacy policy, terms of service, and deletion policy.
Encrypting your data
While being able to access your data on the go is one of the greatest perks that cloud storage such as Google Drive provides, it does introduce its own set of challenges. Although cloud storage services have improved their security measures by leaps and bounds since they have become a mainstream option, breaches may still occur either because of human error or sufficiently motivated cybercriminals.
While your data in various G Suite services is encrypted both in transit and at rest, you can up the ante by encrypting any files on your end before you upload them to the cloud. With encryption in place, even if black hats are able to worm their way into your drive or its contents get spilled all over the interwebs, the data would prove useless without the decryption key.
Granting permissions
Besides uploading, storing, and downloading files, you can use Google Drive to share them and even collaborate on documents with other people. As nifty as that option is, you have to think about what kind of permissions you are granting the people you are sharing the files with.
You can share both files and folders by inviting people or sending them a link. If you do it by email, you share it with a specific person and include messages as well as choose their role, either as a viewer or an editor. The former can view the files in the folder while the latter can organize, add, and edit files. The same applies to sending a link by defining the role before you send it. However, in the case of the link, it can be sent on to other people so you should think carefully about choosing that option.
Permissions can be edited even after the folder is created, which means that you can stop sharing the file or folder with people by removing them from the list. You can also restrict the files from being shared, as well as prohibit people from downloading, copying, or printing them.
While managing your permissions is important, keeping in mind what kinds of files and who you are sharing them with is equally important. If the data you’re going to share is sensitive, you need to be certain that you trust the person you’re sharing it with and that they will not pass it on.
Finally, ESET advises to remain cautious when selecting with whom data is shared. To have a healthy grasp of your drive’s contents and security, you should perform regular audits as well.