Security in the cloud – for normal people

Hi there,

I had this conversation with some folks who are not really in our profession and thought it successful enough to share here in case it helps someone else.

What is dangerous about the cloud?

This can actually be a variety of things including but not limited to the following:

  • Someone may access your stuff – something like looking at your pictures or video or maybe your banking info.
  • Your credentials you use with the cloud might be exploited and maybe used for something you rather did not happen – think maybe moving money out of your bank, or shopping when all the purchases don’t get shared with you.

But what is good about the cloud?

  • You have your music, pictures, whatever, on all of your devices and computers.
  • Your backups are not inside your house.  Lose your house means you lose your computer and your backups.  You lose all your pictures, and maybe scans of your important documents.  So a copy in the cloud is handy.

How can you do the cloud safely?

  • You can do as my friend Steve did – have your own cloud.  This works pretty good but means you look after it.  He uses Synology equipment and it helps a lot with this.  This does not help with having your backups outside your home but it certainly makes everything else safe.  And you still have your pictures or music everywhere.  You can learn more about how Steve does this sort of thing here.
  • For backup, which I think is a pretty good use of the cloud you can make sure you can add your own encryption key to the backup and that likely means your data is safe.  There is some slight risk to this as they may be fooling you, but I think if that was true it would not stay secret for long.  I use BackBlaze and they make it easy to encrypt my files with my key.  I think CrashPlan does that too.
  • You can help improve your general security, especially on the Internet by using hard, complex passphrases that are different in each site you log into on the Internet.  They should be so complex you cannot remember them and you should use something like 1Password to create and manage them.  This is the one key thing to improve your security – complex passphrases.
  • For my music and Pictures I use Apple.  I thought carefully about that and I believe they take very good care of my information.  Plus, I use a very complex passphrase with them that is not used anywhere else.  I am accepting some risk here due to the flexibility and features they provide in return.
  • For data I use iCloud – again Apple.  And again I believe they believe in my right to privacy and protection enough for me.
  • You can also use encryption to help with your protection.  Meaning you can encrypt files that you keep in the cloud. I would not put anything important and valuable on Dropbox for example without encryption.
  • You also likely do your banking on the Internet and that is another private cloud – just not yours – and it is important to protect it.  So absolutely use a very hard complex passphrase with it!

What else?

To keep your time in the cloud safe there are some additional things to be aware of.

  • Make sure you don’t click on things in your email where you don’t know what they are, or don’t know who they are from.  This delivers more trouble for people then you can imagine.  It is literally one of the biggest attack vectors that plague and complicate the cyber defense of companies.  Have you heard of CryptoLocker?  This is how you can get inflicted with it!
  • You should know that no actual bank is going to ask you to click on something to fix some issue.  Never.
  • There is no easy way to get rich from anyone’s uncle in Africa.
  • Use some sort of name – brand anti-virus software, especially if you are on Windows (like home versions of Symantec, Trend, Sophos for example).
  • Make sure you apply all the Microsoft or Apple Operating System patches.
  • Make sure you apply all the anti – virus updates.

Some might say you cannot do the cloud thing truly safely.  They have a point and you always have the option to not use the cloud.  But it is very handy and useful so I use it and I think you can too if you are careful.

As always, questions, welcome.


=== END ===

Leave a Reply