The one thing you should always do before uploading sensitive documents to the cloud

 

By Michael Grothaus

The cloud has been a godsend when it comes to managing and storing our data. Before the advent of cloud storage more than a decade ago, the most common way to back up documents or transfer them between devices was either to email individual files to yourself or save them to an external drive and physically transfer them from one computer to the next.

But cloud storage solutions changed all that. Popular cloud storage services like Google Drive, Microsoft OneDrive, Dropbox, and Apple iCloud Drive made it dead simple to back up, store, and keep our documents synced across devices. Yet for that convenience, there was a cost: privacy. When we are using any of the major cloud services from the Big 4, we are theoretically granting them, or anyone who can hack them, access to everything we store on their cloud: our financial records, our health records, our photos and notes and diaries.

This is because all four of those major cloud service providers merely encrypt our documents when we upload them. Our documents are not end-to-end encrypted, which means that only we would hold the key to decryption. Mere encryption means that the cloud service provider also holds a key to decrypting our documents, and can theoretically do so at any time. That key is also something hackers can potentially get a hold of.

(It should be noted that Apple has recently launched Advanced Data Protection for iCloud, which allows users to choose to have documents in iCloud Drive end-to-end encrypted, meaning that even Apple can’t access their files. However, this is an optional setting—by default, iCloud Drive still remains merely encrypted.)

Given that the remaining three major cloud storage providers don’t even offer users the choice of end-to-end encryption, and usage of such personal cloud services has exploded in recent years, billions of users are risking the exposure of their sensitive documents to third parties.

However, there’s a way to use the major cloud storage providers while stopping anyone who gains access to your account from being able to read the files inside: by encrypting those files yourself before you upload them. And the best part is, you don’t need to be a computer scientist or security developer. There are a number of free apps that allow you to encrypt any file yourself.

Encrypt first, then upload to the cloud

One such popular encryption app is called Encrypto, from a company called MacPaw. The app lets you drag a file into it, set a password for that file, and then encrypt it with industry-leading AES-256 encryption. The app then lets you save an encrypted version of the file (the file type is “.crypto”). 

 

Once you’ve done that, instead of uploading the original file with your sensitive data to the cloud storage prover of your choice, upload the Crypto version of the file. Then, even if your cloud storage is compromised, the intruder should not be able to open the Crypto file without entering the password you have set for it.

Though MacPaw is known for making Mac-specific utility apps, Encrypto is cross-platform—the app runs on both Macs and Windows PCs. This means that you can even email sensitive documents to another person, encrypted with Encrypto, and they can open the documents on their Mac or PC—they just need to download the free Encrypto app (and you need to let them know the password, of course).

Another nice feature of the app is that you can set a different password for each file you create, and you can even embed a password hint in the encrypted file to remind you of which password you used. Just be sure to use something that would not be easy to guess or be easy to be cracked by a brute force attack.

All this being said, Encrypto isn’t a perfect encryption app, since it doesn’t offer on-the-fly encryption (you need to re-encrypt files if you open the Crypto version and then make changes to the document). And while it’s easy to use, it is far from the only app that allows you to encrypt your files before you upload them to the cloud: other popular solutions include Cryptomator and AxCrypt. (Before using any encryption software, research it thoroughly so you can make sure it’s the best for your needs.)

But no matter which app you choose, the takeaway is clear: by encrypting your files yourself before uploading them to Google Drive, Microsoft OneDrive, Dropbox, or iCloud Drive, you’re adding an extra layer of encryption and security for your most sensitive data while continuing to be able to reap the benefits of cloud storage.

Fast Company

(8)