As cloud storage solutions are becoming more and more popular, we look at several simple steps you can take to secure your files on Google Drive.
Cloud storage solutions have steadily become as popular as external storage devices; some may even argue that they are slowly surpassing them. The main selling point of the cloud is that it is quickly, easily, and readily accessible from almost any digital device with an internet connection. Meanwhile, flash drives have to be hauled around and can be only accessed if plugged into a compatible device; and let’s not forget that these can be misplaced or lost.
And although the perks of the cloud are many, we cannot forget about the security of the data stored on it. So, to mark Google’s 22nd anniversary this Sunday, we decided to take a look at what steps you can take to store your data more securely on its cloud storage service – Google Drive.
Securing your account
Most netizens secure their digital identities and accounts using only one security measure – a password. However, this isn’t a foolproof method, especially if you consider the questionable choices people make when creating their passwords: 12345, 123456 and 12356789 were the top 3 most popular passwords of 2019, and as you can imagine, these aren’t tough to crack. Another bad habit people have is recycling passwords, which means that if such a password is part of a data breach, cybercriminals can easily exploit it in a credential-stuffing attack.
That’s where two-factor authentication (2FA) comes in. It’s one of the easiest ways to add an extra layer of security, not just to your cloud storage but other accounts as well. To illustrate, there are three archetypal authentication factors, commonly known as the knowledge factor, possession factor, and existence factor.
The first is something you know, like a password or PIN code, while the second is something you have, like a physical key or a security token; the last is something you are, such as a fingerprint or retina scan. 2FA then requires you to use two of these factors to log in, usually a password and one of the others we’ve mentioned. So even if cybercriminals have your password and try to get access to your account, they will be missing one key piece of the puzzle.
Third-party add-ons are popular in helping people streamline the tasks they are working on or organizing their work into digestible bits. And even though people are trying to “work smarter not harder”, they should not forget about working safely as well.
G Suite’s Marketplace offers a plethora of add-ons designed to help users boost their productivity. However, since these are offered by third-party developers, users have to be careful and evaluate each app they want to install. The first step they should take is to read the reviews and ratings of the addon they’re considering installing.
Encrypting your data
While being able to access your data on the go is one of the greatest perks that cloud storage such as Google Drive provides, it does introduce its own set of challenges. Although cloud storage services have improved their security measures by leaps and bounds since they have become a mainstream option, breaches may still occur either because of human error or sufficiently motivated cybercriminals.
While your data in various G Suite services is encrypted both in transit and at rest, you can up the ante by encrypting any files on your end before you upload them to the cloud. With encryption in place, even if black hats are able to worm their way into your drive or its contents get spilled all over the interwebs, the data would prove useless without the decryption key. There are myriad solutions to choose from based on your preferences, but you should focus on those that offer Advanced Encryption Standard (AES) encryption at least.
Besides uploading, storing, and downloading files, you can use Google Drive to share them and even collaborate on documents with other people. As nifty as that option is, you have to think about what kind of permissions you are granting the people you are sharing the files with.
You can share both files and folders by inviting people or sending them a link. If you do it by email, you share it with a specific person and include messages as well as choose their role, either as a viewer or an editor. The former can view the files in the folder while the latter can organize, add, and edit files. The same applies to sending a link by defining the role before you send it. However, in the case of the link, it can be sent on to other people so you should think carefully about choosing that option.
Permissions can be edited even after the folder is created, which means that you can stop sharing the file or folder with people by removing them from the list. You can also restrict the files from being shared, as well as prohibit people from downloading, copying, or printing them.
Who can see my files, anyway?
While managing your permissions is important, keeping in mind what kinds of files and who you are sharing them with is equally important. If the data you’re going to share is sensitive, you need to be certain that you trust the person you’re sharing it with and that they will not pass it on.
If you share a lot of files and folders with various people, you should assess the types of files you’re sharing and the amount of time you are sharing them for. After that, you can restrict or remove access on a case-to-case basis. It may prove a tedious task, especially if you have to sift through tens and hundreds of files, but you’ll be glad you did it since you’ll have a better grasp of your file and folder management and your privacy and security will remain intact.
For many of us, a cloud storage solution is a popular and easy way to access our data on the go. As long you adhere to good cybersecurity practices, cloud storage can indeed be a fine choice. Having said that, you should remain cautious about who you share their data with and shouldn’t be indiscriminate about the amount of time you share it for. To have a healthy grasp of your drive’s contents and security, you should perform regular audits as well.
written by Amer Owaida, ESET We Live Security