With cloud storage now so tightly integrated into desktop and mobile operating systems, we're all syncing more data to and from the cloud than ever before: our photos, videos, documents, passwords, music, and more.
There are plenty of benefits to having access to all of your data anywhere and from any device, of course, but it does open the door to someone else getting at your files from a different device too. Here's how to keep that from happening.
1. Use Strong Passwords and Two-Factor Authentication
All the standard security tips apply to your cloud accounts as well: Choose long and unique passwords that are difficult to guess, and use a password manager . Keep your passwords secret and safe and be wary of any attempts to get you to part with them (in an unexpected email, for example).
You should also switch on two-factor authentication (2FA) if it's available (most popular cloud storage services now support it). Enabling 2FA means unwelcome visitors won't be able to get at your cloud storage files even if they know your username and password—another code from your phone will be required as well.
2. Audit Your File and Folder Shares
Cloud storage services are fantastic for sharing files with other people—from family members to work colleagues—but it can leave your data open to unauthorized access if someone else finds those links, or manages to access the account of a person you've shared files with. Be careful who you share files and folders with, and add passwords and expiry dates to your shares, if these features are available.It's also a good idea to run a regular audit of all the shares that are currently active on your account—in the Dropbox web interface, for example, click the Shared button on the left. For those shares that do need to stay active, use whatever options you have inside your cloud storage accounts to make these shares read-only unless the other parties absolutely need to be able to edit files (Google Drive is one service where you can do this).
3. Clear Out Your 'Deleted' Files
Many cloud storage services run a recycle bin of sorts, keeping deleted files around for a few days or weeks just in case you want them back. This is often very helpful and can be an advantage if someone tries to wipe your account. That said, you might want to make sure certain sensitive files are completely obliterated and no longer able to be recovered.
If you're deleting something that you definitely don't want to get back, and that you definitely don't want anyone else to find either—especially if the file or folder is shared—dig into whatever undelete options the service has and make sure the files are really, truly gone. In the case of iCloud on the web, for example, click the Recently Deleted link to view and permanently wipe deleted files.
4. Check Your Connected Apps and Accounts
The attackers returned with a new BEC that took a different tack: instead of tricking targets into logging in to lookalike sites, and consequently divulging the passwords, the scam used emails that instructed the recipient to give what was purported to be a Microsoft app access to an Office 365 account.
Even if hackers aren't able to get into your accounts through the front door, they might try and gain access through a side window—in other words, through another account that's connected to your cloud storage. While it can be convenient to have connections to your calendar or email apps set up, for example, it also makes your account more vulnerable.