This Article From Heimdal Security:
In today’s tech-dominated environment, we keep trying to find software that will make us more productive, more creative, more organized and, especially, more relaxed.
So we try a lot of new services, because they seem interesting, because they promise us we’ll have more time to spend doing the things we love.
The problem is that we rarely think of the security implications every new app we begin using brings to our lives. And to think it used to be so simple…
Do you remember how your personal IT “infrastructure” used to look like 7-8 years ago?
Just like me, you probably had a desktop computer or had just bought your first or second laptop. You also probably relied on a dial-up connection or on a really poor DSL one. Smartphones were practically dinosaurs compared to what we use today, and you most likely didn’t have entire gigabytes of data that you needed to store.
But, oh, how the times have changed! Today, our personal IT micro-universe looks more like a piece of corporate infrastructure, with tenths of services relying upon each other to handle our data and make it accessible everywhere.
Enter: the Cloud
Think back to when cloud computing was just taking off, some 5-6 years ago: we were all a bit skeptical about it and its benefits, but we eventually started using it on a daily basis.
Now, most of us don’t even notice the difference between storing our data locally and keeping it in the cloud. Knowingly or unknowingly, most of us have data in the cloud. Be it that we use Dropbox, Google Drive or Microsoft OneDrive, or other cloud-based applications, such as Evernote, Facebook, Skype or Youtube.
If you’re wondering what “the cloud” really is, I found a video that provides a great explanation:
For those of you who’d rather read than watch the video, here’s a quick definition:
“The cloud” is actually an informal term used when talking about cloud computing.
Cloud computing is a type of Internet-based computing that provides shared computer processing resources and data to computers and other devices on demand. It is a model for enabling ubiquitous, on-demand access to a shared pool of configurable computing resources (e.g., computer networks, servers, storage, applications and services), which can be rapidly provisioned and released with minimal management effort.
Since it became widespread, data virtualization (aka putting it in the cloud) brought us many benefits, such as lower costs to store data, flexibility in accessing and moving it, ease of collaboration and many more.
This quote from PCMag tells it like it is:
Just to clear up any confusion, the cloud part of cloud-based storage services refers to storing your files somewhere other than your computer’s hard drive, usually on the provider’s servers. As one tech pundit put it: “There is no Cloud. It’s just someone else’s computer.” Having data in the cloud refers to the ability to access those files through the Internet.
Naturally, the next thing you may think about is how secure your information is when stored in the cloud, given the numerous layers that sit behind it. And that’s exactly what you can read about below.
Cyber threats that target your cloud-stored data
Be it at home or at work, you probably use some of these cloud-based apps every day:
Source: Netskope 2016 Cloud Security Report
What makes them a target for cybercriminals is the amount of personal and/or professional data that flows through them. Malicious hackers compromise cloud apps using attack methods similar to those applied for other apps and platforms:
- Document malware, such as macro viruses and PDF exploits;
- Exploit kits;
- Phishing in all its forms (whaling, pharming, etc.);
- Password sniffing or dictionary attacks;
- Attacks against insecure APIs (APIs are the building blocks used for building software). For example, if you have your Facebook account connected to Dropbox, so it can automatically save the pictures you post, if your Facebook account gets compromised, the same will happen to your Dropbox account;
- Social engineering -attackers can try to persuade you into uploading a malicious file to your cloud account. This can give the attacker the tools he/she needs to take control over your cloud account and steal/delete everything that’s in there. Yes, that could also include your backup.
The list could go on, but by now you probably have a pretty good picture of potential attack tactics. The recent statistics below might help as well:
Source: Netskope 2016 Cloud Security Report
The consequences of cyber attacks targeting cloud apps range from unauthorized access to data loss and data leakage, loss of control (through malicious ransomware), business interruptions and the list can go on.
If such an event happens at work, your job could be at risk. If it happens to your personal data, you may lose important documents or memories which were only stored digitally.
Also, keep in mind that cloud apps are mostly used for sharing access to information, so, as a result, malware infections can spread to other devices if the infected file is located in the cloud. According to Netskope, 55,9% of malware-infected files are shared with others, including internal or external users. While this study was done in companies, the same logic applies to home users.
Many types of ransomware include this feature so they can encrypt more data and cause the biggest amount of damage possible.
What’s more, there’s another type of sharing involved. Cloud apps usually plug into one another, so if one account gets compromised, so do all of the others who are connected to it.
For example, just look at some of the many integration options that Dropbox offers:
The biggest companies that create cloud apps are doing a good job at ensuring the security of your data, especially in times likes these. However, nothing is 100% secure and, sometimes, human nature (either your own or someone else’s) can become a vulnerability in your data’s protection.
From our experience, cyber security is a matter of detail and the best approach is to protect your data and devices with multiple layers of security. And this is what the next part of this guide is all about.
1. Use cloud services that encrypt your data.
Using a reliable and trustworthy cloud storage solution is fundamental, so I recommend you browse through the best-rated options as recommended by PCMag. Most of these services, such as CertainSafe, SpiderkOakONE, IDrive, or SugarSync, include encryption as a protective layer by default.
You can also use this list to cross-reference and pick out the best solution for your needs and budget.
Once you read the reviews, you’ll find it much easier to figure out if one service or another is the best solution for you.
2. Encrypt your data before uploading it to the cloud.
It may sound like encryption is only for hardcore security fans, but that’s just a misconception. Encryption has many benefits and we even put together a list of 9 free encryption tools that you can use to protect your data before uploading it to cloud services.
In the guide, you’ll see what encryption is all about and why it can really make it difficult for cybercriminals to compromise your data if they manage to steal it.
3. Read the terms of service.
If you’re going to trust a cloud service provider with your data, you should take a moment to read their terms and conditions. By going through the fine print, you’ll find out where they store your data and what happens in case of a breach or another type of compromise.
Here are some quick links to the Google Drive ToS, Dropbox ToS, OneDrive ToS and the iCloud ToS, so you can get a better idea of what to look for.
4. Avoid storing sensitive information in the cloud.
Storing unencrypted documents, lists of passwords, scanned IDs and other personally identifiable information in the cloud is not recommended.
However, if you choose to encrypt these documents before uploading them to your service of choice, then you can lower your risk.
PS: Please don’t keep your passwords on a list that everyone can see and keep reading.
5. Use strong passwords.
The password to your cloud storage account should be as strong as possible. This protection layer depends on you and you alone.
In our password security guide, we outlined the best solution to handling them (spoiler alert: it’s a password manager!) and some important mistakes to avoid. It only takes a few minutes to read the guide, but applying the advice inside will give you peace of mind for years.
Hint: it involved not using your pet’s name as a password.
6. Enable two-factor authentication
If your cloud storage provider offers two-factor authentication, enable it immediately! It’s incredibly helpful for any of your accounts.
You will receive a code via SMS or through an authentication app each time you log into a new browser/device, so the service can verify your identity and block malicious attempts at compromising your account.
7. Disable automatic uploads to the cloud
Remember this scene from the movie “Sex Tape”?
I bet you don’t want to be one of those people who says that “nobody understands the cloud!”. What’s more, you probably definitely don’t want to be in a similar situation with the one in the movie.
What I recommend it you don’t keep your cloud storage solution synced on your device 24/7. Not only because you might upload files that you’re not supposed to share, but also because ransomware can use this feature to encrypt the files in your cloud account too!
I usually sync my files twice or thrice a day, in the morning, around lunchtime and in the evening, to make sure that the latest versions of my documents are safe and sound.
You can choose whatever option you’d like, but you should remember what a ransomware infection can do. (Anti-ransomware protection plan here.)
8. Keep it clean and simple.
Do a general check-up of your cloud accounts, and see what services depend upon another. If you haven’t used that specific dependency in the last 2 months, it’s probably time to revoke access for that app to your cloud account.
Try not to connect your cloud hosting accounts to your social media apps, no matter how big the temptation. Keeping things isolated will help you maintain a higher degree of security.
9. Beware of social engineering and its consequences.
Social engineering describes an entire category of attacks based on psychological manipulation. These attacks can be used against any platform and service, so be aware of them.
Don’t share your passwords with anyone and don’t share access to your cloud-stored folders with people you don’t know and trust.
10. Use next-generation anti-hacking tools along with your antivirus solution.
Unfortunately, as much as we want it, there is no single solution against malware. Antivirus used to be the go-to solution, but it’s not enough nowadays. There are a number of reasons why antivirus has difficulties detecting 2nd generation malware and you should know why this happens.
I’ve talked before about using multiple layers of protection and I’m going to insist on this. You can add next-generation anti-hacking tools on top of your antivirus. These play a crucial role when it comes to proactively securing your data from malicious attacks.
Remember: safe and clean device = safe and clean cloud storage.
11. Sharing is caring – when you do it safely.
Start by reviewing who are the people who have access to documents stored in your cloud account. Once that’s done, take the necessary actions: revoke access where no longer needed and limit access to “read only” where possible.
You should refrain from offering administrator privileges to anyone, even if you trust them. If their account gets compromised, yours can become exposed as well.
12. Back up your data in several places.
Keeping your data in the cloud alone is not enough. Security experts recommend you back up your data in at least 3 places: on your device, in the cloud and on an external hard drive.
If you’re unsure how to start with this, our step by step guide might come in handy. It includes information on how to do it, what solutions to choose and how to manage your files so you don’t lose important progress.
If you should delete files from your devices, make sure to delete them from your cloud account as well, so you can keep things in order and not complicate your digital life unnecessarily.
13. Strengthen your Wi-fi security.
Do you use a Wi-fi connection most of the time?
When you’re at work, you’ll most likely connect to a secured connection, but you should take additional precautions at home as well. And if you’re tempted to use a public Wi-fi hotspot, you really need to follow these 11 security steps.
Since you upload and download data to and from your cloud accounts via Wi-fi, an unsecured connection could expose you to Man-in-the-Middle attacks or password sniffing. Cloud security doesn’t only depend on the service provider, but on your network’s defenses as well.
14. Keep it up to date
Cloud storage apps get updates too, not only in terms of features, but also in terms of security. Keep them up to date and install the latest version possible.
If you find update prompts nagging, you can always automate them with a tool like Heimdal
When it comes to security, remember that it all works together: technology depends on the human factor to make it work, but it can also be compromised by the same thing.
Dependencies are essential when you think about how all the services we use work together, so you should always consider that when signing up for a new account or granting privileges to an apps to use features and information from another app you’re using.