3. Creating passwords, installing security software, practicing
safe surfing habits—these typical security measures are not
enough to protect your data stored in the cloud.
Many factors can jeopardize it.1
Cybercriminals, for one,
can conduct threat campaigns, where they hack into your
accounts and delete or leak your data for either notoriety or
money. The cloud service you use can suddenly experience
hardware failures or glitches that can wipe out your content.
Your internet connection can also become too intermittent,
making it almost impossible for you to access your cloud.
To avoid unnecessary grief, you need to adopt a security-
conscious mindset and take the extra steps to ensure the
safety of your data for years to come.
1 http://about-threats.trendmicro.com/ebooks/files-in-flight/
4. When setting up an online account, pick a password recovery question that only
YOU can answer. Cloud services now provide uncommon security question choices,
unlike before when they only had questions like “What is your mother’s maiden
name?” The more unique the security question, the better. If given the option,
create the question yourself.
Next, craft answers that are as strong and as unique as the very passwords they’re
supposed to recover. You can do this by making the answer completely impossible
to look up online.
For example, if your security question is “Who is your favorite cartoon character?”
no one should be able to guess it by trying all the names of every cartoon character
ever made, looking at your social networking page, or checking the cartoons you
blog about. The answer should be just like your password, relevant only to you.
Jumble up the letters of the answer. Or better yet, turn it into an acronym phrase.
Take each letter of your original answer, and use it as the first letter of a word
until you come up with a random phrase. To make it more secure, pick an answer
completely irrelevant to the question itself. Any cybercriminal will have a hard time
guessing a security answer like this.
Here’s an example:
Security Question: Where did you meet your spouse?
Bad Answer: At work.
Good Answer: Aliens That Want Only Rocket Kits.
[This is a good answer since it’s random, and the acronym makes it easy enough for
you to remember.]
Best answer: Pistachio Ice Cream with a Pickle on Top.
[This answer’s complete irrelavance to the security question will give cybercriminals
a hard time figuring it out.]
Make sure only YOU can recover your password.
5.
6.
7. When you create online accounts for cloud services, they usually require your email
address for registration, verification, and notification purposes. In case you forget
your password, these cloud services let you reset your account passwords via email.
A risk arises if you use the same email address for every single one of your online
accounts. If a cybercriminal is able to hack into your email account, he or she can
gain access to all your other online accounts. Remove any password verification or
account signup notification emails from your inbox so cybercriminals will have no
clue what other accounts you have.
Assign different email accounts for all the cloud services you use. Be sure that
these email accounts are not tied to the one you use for personal correspondence.
If you need help in remembering multiple passwords, use password management
software like DirectPass.2
Whenever possible, also activate two-factor authentication for all your accounts.
From then on, accessing your online accounts will require both your password and
a unique verification number stored on either your smartphone or token. Even if
someone gets a hold of your password, he or she will still need the physical device
with your verification number to break into your account.
2 http://www.trendmicro.com/us/home/products/directpass/index.html
Put your eggs in several baskets,
and then secure those baskets!
8. Take note of all the devices you use and map out what cloud accounts
you access with each one. From there, see how you can secure them.
If you access the accounts on your desktop, ensure that it’s free of
malware, and its software is regularly updated. If you access them on
your mobile device, guarantee that it has the necessary security features
against physical theft and cybercrime installed and activated.
Audit your devices every month or whenever you add or replace a device.
When deciding what security measures to take, choose those that are
appropriate for your devices. It may be a good idea to enable the remote
wipe function of your mobile phone or laptop in case they get lost or
stolen, but the same function might not be applicable to your desktop.
Check your devices.
9.
10.
11. Having a backup of your important data in the cloud may be convenient,
but you shouldn’t treat it as the cure-all of backup solutions. Nothing is
infallible. This is why you should make multiple backups of your data.
Follow the 3-2-1 rule3
:
• Make a minimum of three backups,
• Two of which should be on different media, and
• One of them should be stored off-site.
Redundant backups reduce the chances of permanently losing your data.
With two of those backups on different media, each copy is immune to
any damage or malfunction—like hardware failure for external HDDs or
scratches on DVD backups—that may affect the other.
Finally, in case any unfortunate event or disaster affects your home or
office, you can be sure your data is safely stored off-site.
3 http://blog.trendmicro.com/trendlabs-security-intelligence/world-backup-day-the-3-2-1-rule/
Create multiple backups.
12. If you really want to keep your data safe, then careless Internet habits
will have to go. Treat your cloud as the important data storage it is.
Refrain from sharing access to your cloud accounts to anyone, even
if it’s convenient to do so. Some cloud services have certain clauses
in their terms of service agreements that allow them to lock down or
delete accounts found storing any content violating the said agreement.
Unless you completely trust the person you’re sharing access to, limit
it to yourself. This prevents anyone from uploading malicious or illegal
content and protects your cloud from being locked permanently.
Don’t tempt fate.