- I've been getting requests
from a number of you to talk about cloud storage
here on this channel so let's talk. I don't know about you, but over the years I've used Dropbox, Google
Drive, Proton Drive, Sync and OneDrive. Although there are scores
of other options out there, as you probably know, and
you know what's crazy? Trusting these companies with our data may seem like a big risk but in many cases it's actually safer than keeping it on your own computer. Google Drive and Dropbox, they aren't susceptible to malware, phishing scams and common
thieves like you and I are. These companies have entire teams dedicated to maintaining the
integrity of their data centers while you, well, there's
probably just one password standing between me and
all the most sensitive data on your device, you see what I mean? That doesn't mean we
should just trust everyone and ignore security, obviously. The goal here is trust reduction. So which cloud storage
providers can we trust? And if you're already using one, what steps can you take to ensure that you have the maximum
amount of privacy and security? Those are the questions
we're gonna answer today. Welcome to All Things
Secured, my name's Josh. And I wanna start with this disclaimer, I'm approaching this with you right now from a consumer perspective
and not business enterprise. So for those of you IT
folks you'll notice that I'm skipping over a lot of
company admin best practices in favor of more reasonable
trust reduction practices that the average person can use. This is just you and me, regular netizens trying to figure out how
not to screw things up with our online privacy, right? I'm gonna split this video into two parts. In the first part, I wanna
talk a bit about encryption and why I recommend certain
cloud storage providers. And then in the second half, we'll dive into four parts of
your cloud storage security that you have control over no matter which service you decide to use. And that last part's important so make sure you stick around to the end. Okay, let's dive in. When comparing all the major
cloud storage providers in the market today, here's the good news. In my opinion, there's honestly
not a bad choice in the mix for individual consumers. In every case, you're having
to trust that a company is encrypting the data in
transit and keeping it safe and it's just sitting on their servers. But since you can't personally audit those security practices, neither can I, you have to trust that
they're telling you the truth. And no matter how much you
might hate big tech companies like Google or Microsoft, I would argue that because of their size, it would be practically
impossible for them to get away with lying
about their security or encryption practices. The same can't be said about
smaller unknown companies that may have a slick
website and low prices, but maybe only a team
of two to three people running things behind the scenes
that you don't know about. For this reason, I generally
recommend my friends and family to take advantage of the
big players in the market. These include ones you may
already know like Google Drive, Dropbox and OneDrive, but
I would also add smaller, but still respected companies
like SugarSync, IDrive, pCloud and Proton Drive. Feel free to add some
others in the comments if you think I'm missing anything here. I know it sounds like
I'm being a little loose about my recommendations here,
and I guess I kind of am, but that's really only because I prefer to take control of my
data security and encryption and the four important steps
I'm about to share with you are platform agnostic,
which means that they work for pretty much any of
the service providers that you choose. If you've made it this far
in the video, good for you. In my opinion, your
personal security practices are often more important
than the provider you choose. What do I mean by that? Well, the first thing you should do with any cloud storage account you have is to create a strong password and enable two factor
authentication or 2-FA for short. If you've watched enough of my videos, you know how much I push 2-FA
on any account that allows it. In short 2-FA means that even if somebody stole your password or guessed it by brute force, they still have to provide a
second form of authentication to prove their identity. This could be a code sent as
a text message to your phone an authenticator app on
your phone or a 2-FA key like this one you see right here. I have created a whole video playlist with a bunch of 2-FA tutorials that you can click
here, one of these sides or finding the description of this video. It really boils down to this. It doesn't matter how
strong the encryption these cloud storage companies provide. If you leave your front door unlocked. In other words, if you have weak password and don't use 2-FA, you present the greatest risk to your data and not these cloud storage servers. My second tip is this. It's a good idea to keep
your most sensitive data in a separate place from your
general cloud synced folders. I have a special encrypted
vault backed up into two places that has all my tax documents, my digital death file that
I've done a video about before and copies of all my
family's legal documentation. This does not get synced in any of my cloud storage accounts. Honestly, if you were to
hack into my Google Drive or Dropbox account, you'd
probably be pretty disappointed, but that doesn't mean
that the rest of my data on my computer isn't
valuable enough to protect. And that's where this
third tip comes in handy. One of the best ways to
secure your data in the cloud is to use a method known
as client side encryption. What this means is that
instead of uploading raw data to Google Drive or Dropbox, you're actually uploading
an encrypted file. It's like putting your
data in a locked safe where only you know the combination and then giving that safe over to Google to put in their locked vault. So even if somebody did
hack into your cloud drive, all they'll find is another locked safe. For this I use a service
called Boxcryptor. No, I am an affiliate of Boxcryptor, which means that if you make
a purchase using my link, they'll give me a small commission. But for the purposes
of an individual user, they have a free plan that more than works for what you need. If you have a difficult time trusting any of these cloud
providers with your data, something like Boxcryptor
is the best solution. It's a very user-friendly
way to build that locked safe I was just talking about, and then upload that to
Google, OneDrive, Dropbox or any of those other ones. Again, I'm just trying to
reduce the amount of trust that I'm giving to one single company. That right there is the biggest one. I mean, if you just take away one thing from a security standpoint
that's what I want you to hear, but I'll finish with one final tip for those of you who value redundancy. What happens if Dropbox
goes out of business or somehow loses your data? This is an unlikely scenario, but things like this seem impossible until they actually happen. I've recently been using what's known as a cloud management service to test creating a backup
on two different platforms. So for example, I could have all the files in my Google Drive account
back up to my Dropbox account and remain synced so that if something
happens with Google Drive, I still have a copy of
all my data on Dropbox. Now, mind you Google Drive, Dropbox and all these other cloud storage services already create redundancy
for your protection so this is admittedly overkill. But let's say that you wanna migrate from one cloud storage to another this would be a great way to do that. The service I'm testing
right now is called cloudHQ and they offer a free plan
for non-business users. So you can easily sign
up and give it a try. I don't have much experience
using their software. So this isn't an endorsement as much as it's just letting
you know what's out there. The bottom line is this choose whatever cloud storage provider is most convenient for your situation and do so with confidence, but always, always take control
of your own data security by enabling 2-FA, partitioning
your most sensitive data, encrypting the data yourself and if you think it's necessary creating your own redundancy. Thanks for watching. Give this video a like if it was helpful and subscribe for more
great online security and privacy tips here
on All Things Secured.
