36 billion records exposed. 155 million US citizens affected by leaks. Ransomware spiked by 700%. These are just a few statistics for 2020 alone - the year of the epidemic.
It's already been a while, but we're still here: remote work has become the status quo, and the digital world is a breeding ground for greedy hackers - fueling cybersecurity issues every day. And as for privacy: yes, Dropbox still comply with the Cloud Act, allowing officials to read your private data if necessary.
However, there’s good news: October is Cybersecurity Awareness Month, and we took the opportunity to chat with Dejan, a cloud storage privacy and security expert who owns and shares insightful content at Cloudstorageinfo.org - where he critically examines cloud storage and backup solutions.
Here are the 4 tips he shared with us:
#1. Don't let Five Eyes snoop through your stuff.
“It’s not just about the Cloud Act… watch out for Five Eyes!”
A secret agreement on surveillance and intelligence sharing, Five Eyes is an alliance between the US, UK, Australia, New Zealand and Canada. There is no national legislation to protect our privacy in cloud storage. No data sovereignty - crossing the line of democracy for the sake of secrecy.
Related reading: Cloud storage privacy & security: 6 things to consider
GDPR laws have increased Europeans' awareness of the whole privacy issue. It has required companies to publicly share what exactly they do with their data. It also assigns accountability to who is responsible for that information.
"My peers and friends don't really care about privacy. They share photos and confidential information on social media. It's kind of the new way of life, if you don't share what you eat 24/7, you're not alive.
And the next day 1.5 billion Facebook users' information is up for sale.
I don't feel that way, I like my privacy, I like to share sometimes what I want to share but I don't think everyone should know what I do. I think it's okay that I can share what I want to share with my friends or close family."
#2. Aim for zero-knowledge privacy and client-side encryption
"Privacy in the cloud is important, which is why I've moved away from all the traditional cloud storage providers. They don't have zero-knowledge encryption, but neither do they have client-side encryption.
Google's recent client-side encryption is a good sign - it means users are demanding it more and more! But they needed to shut down Google Photos.... Business models are changing."
Some great steps, but unfortunately with client-side encryption the provider can still read your password. This means that a hacker attack or the Cloud Act can force the reading of private information at the expense of your cloud storage privacy and security.
Related reading: Most secure cloud storage 2021 - reliable reviews
And while this kind of principle is more technically challenging to implement for cloud storage, it's critical to stick to zero-knowledge privacy, even if that means performance can't be exactly the same as a Google Drive. "Because encryption is the kind of thing you don't notice until you read the privacy policy or fall victim to a data leak. Dropbox users knew this all too well in 2012 when the accounts of 68M users were leaked.
If they had the right policies running from the software infrastructure (i.e., client-side encryption), it couldn't happen."
Zero-knowledge encryption, on the other hand, means that not even the service provider itself could access your private data. In fact, only you and those you authorize can read it.
Related reading: What is Zero Knowledge Encryption and why you need it from the services you use
#3. Set up two-factor authentication to protect cloud storage privacy and security
"Two-factor authentication is an added layer of security and if you can set it up, just do it!
Everyone has a smartphone today and by activating it you can just quickly copy it from your phone and you can log in."
Dejan strongly suggests applying 2fa, to protect all important photos and files that you don't want anyone to have access to. Simply as that. Even if the process bothers you.
Let’s consider an insightful case: physical banking 2fa. You have:
- 1st element: the PIN code.
- 2nd element: physical card.
Your first name on top of the key would be an easy game over for you. A physical card makes it more difficult for a criminal to steal your money.
Related reading: How does two-factor authentication work & why to set it
If you keep your account logged into Cubbit, you don't need to require a second authentication every time. Instead, it prevents outside people from easily registering unauthorized platforms, preserving the privacy and security of our cloud storage.
#4. Check the history of your cloud storage provider
If they have data leaks in their records, it's not a good sign. Easy peasy.
And while data breaches and reading unwanted private information can happen due to the level of encryption or country laws - you can also lose control over your data if the provider’s data center goes offline for any reason, as happened with OVH in March 2021.
"This is a great point for Cubbit. The fact that each file is split into multiple chunks and copies, and spread across its p2p network of user-powered Cubbit Cells - ensures that data is always accessible. Anywhere, anytime. No matter what happens to your Cubbit Cell."
#5. Bonus: a free gift from us to start securing yourself today!
As you may have noticed, we had a nice chat with Dejan Miladinović. And we hope you found his tips insightful...
But that’s not all.
Here’s a free gift for you to celebrate Cybersecurity Awareness Month together! Download this free guide and learn how to apply the 3-2-1 backup rule. Start avoiding data loss at no cost.