Securing the Cloud

Securing the cloud: a reader asks…

I use Dropbox for storing files online as a backup to my computer. I’ve been reading about cloud-based storage and hacking, and I’m a little worried about the safety of my files. I know that the files are encrypted during the upload and download process (from Dropbox servers to my computer), but what about the security of those files while they’re on Dropbox servers? I’m looking at a third party encryption tool: Boxcryptor. Do you think I should use something like this?

Well, first I should tell you that Dropbox servers keep your files secure on their server in several ways. First, they use 256-bit AES encryption while the files are stored, as well as using 128-bit or higher AES encryption and SSL/TLS when the files are being transferred from and to your computer. Dropbox also is very aggressive in monitoring and protecting their servers from hackers. See their security page for more info. With all that, it’s my belief that your files are as safe as they can be in the cloud, and as safe or safer than the files on your computer.

After all, personal computers get hacked all the time. That’s because we humans aren’t very good at adequately securing our own computers. We use crappy passwords (or skip passwords entirely), install dodgy programs and apps on our computer without even thinking, click on popups, ads and hyperlinks without considering the safety of doing so, open email file attachments automatically, and other unsafe behavior.

Adding a third party encryption tool will add a very tiny additional measure of security (if any at all compared to all the other threats) and will cost you quite a bit. Not money, since using Boxcryptor is free for personal use (with limitations), but in terms of time and effort you have to go through to download and install the program and use it from day to day. Don’t get me wrong, I think Boxcryptor is a great tool and even at $48/year for the unlimited personal use option it’s a good value. But the truth is that most or all of your personal files aren’t worth adding that additional security layer.

Your better option is to make sure you’ve done the following:

With your Dropbox account:

1. use a strong (13+ characters) and unique password
2. enable 2-step verification (aka 2-factor authentication)
3. turn on recommended security features
4. monitor your account activity (from the events page) and turn on notifications in Profile > Preferences

On your Microsoft Windows computer:

1. use a good antivirus program (such as Bitdefender Internet Security)
2. use a good anti-malware program (such as Malwarebytes Anti-Malware Premium)
3. use a good anti-exploit program (such as Malwarebytes Anti-Exploit Premium)
4. Learn and follow safe computing practices (see our handy guide)

Mac users should still follow #4 above.

On your Smartphone/Tablet:

1. Use a strong passcode for every time you use your device (unique six digit code for iOS, unique pattern for Android)
2. Never let someone else borrow your device without you watching exactly what they’re doing
3. Set your device so it will be automatically wiped if lost or stolen (usually after 10 bad attempts to guess your passcode)

Of course if you are storing the equivalent of national secrets in your Dropbox account, I’d recommend you use something like Boxcryptor. After all, every online entity has either already been or is going to be hacked at some point, and for really sensitive information, you don’t wan to take a chance.