Cloud storage frees us up in many ways: we can work from anywhere, share files with anyone we like, and avoid worrying about hardware failure. There's a hidden price in data risk, asshowed. The Dropbox snafu left its users' files vulnerable to snooping and worse. With just a few fairly simple steps, you can shore up your cloud protection to the same level you have at work or at home. Here's what you need to do:
- Try not to store anything sensitive on the cloud. It seems obvious, but the best of us can forget it. One fairly simple rule is not to store anything on a cloud server that you wouldn't send over e-mail; data like financial info, passwords, and the like are best kept locally (which might mean as local as it gets--in your head).
- Create a folder called "Sensitive Files" or something similar. It does nothing on its own, but it's an always-on reminder to think about security. You don't even need to keep anything in it; just seeing it should be enough to keep you thinking, which is half the battle.
- Use password protection. Nearly any compression package will let you create password-protected archives, so use them to keep your data safe. You can also use the cross-platform TrueCrypt tool for extra safety. This adds a step when you're sharing files on the cloud, but the added protection is likely worth the minor hassle.
- Check the activity log on each account from time to time. Dropbox makes this easy, and while not every log can keep track of every action you'd care about, just knowing that an unfamiliar user or machine was checking out your stuff should spur you to take action. If anyone looked at your unused "Sensitive Files" folder, it's time to shake things up.
- Change passwords (and accounts, if possible) regularly. Add "change passwords" to your to-do list and set aside an hour or so a few times per year to change passwords on all your cloud servers. You may want to use a password generator plug-in like Password Hasher, but whatever you do, switch things up often. If you can move your files across accounts or even different services, so much the better.
Those are the basics. Remember that nothing is perfect and there's no substitute for simply paying attention and actively participating in your own security.