Keeping sensitive documents in the cloud -- bad idea?
-
- Posts: 57
- Joined: Fri Jul 17, 2015 2:11 am
- Location: Bay Area, CA
Keeping sensitive documents in the cloud -- bad idea?
I'm currently making an effort to rid my office of piles of paper and have been scanning financial documents, receipts, etc. to my Dropbox. I use Dropbox a lot and have been satisfied with the service, but is there a way to make it more secure for sensitive info, like password protecting or encrypting certain folders? Or would it be wise to use another service altogether for the sensitive documents? Would appreciate recommendations, if any.
-
- Posts: 112
- Joined: Fri Jun 05, 2009 10:55 am
- Location: Oregon
- Contact:
Re: Keeping sensitive documents in the cloud -- bad idea?
Interested in this as well.
There is software to encrypt before uploading to the cloud, which is likely the best option.
There is software to encrypt before uploading to the cloud, which is likely the best option.
Re: Keeping sensitive documents in the cloud -- bad idea?
For clusters of small, related documents I combine them in a 7Zip file with a long encryption key.
For a general encryption, I have used Boxcryptor with good success. It takes a bit of time to set up but once it is set up it is pretty much hands off.
For a general encryption, I have used Boxcryptor with good success. It takes a bit of time to set up but once it is set up it is pretty much hands off.
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
Re: Keeping sensitive documents in the cloud -- bad idea?
The primary things are to have a long, strong password on your account and two-factor authentication enabled (https://www.dropbox.com/help/security/e ... rification).
The odds of you needing all of those old bank statements is pretty low, though.
I've personally switched everything to electronic delivery and make it USAA/Vangaurd's job to store all of my stuff for me. If a catastrophe happens to where I can't access them, then the money in those accounts is worthless anyway.
The odds of you needing all of those old bank statements is pretty low, though.
I've personally switched everything to electronic delivery and make it USAA/Vangaurd's job to store all of my stuff for me. If a catastrophe happens to where I can't access them, then the money in those accounts is worthless anyway.
Re: Keeping sensitive documents in the cloud -- bad idea?
Perhaps some sort of identity theft coverage would be appropriate?
Not that you want to make it as easy as possible for anyone to get your info; but with size/scope of the data breaches that have already taken place it is likely someone already has all of your information anyway.
Not that you want to make it as easy as possible for anyone to get your info; but with size/scope of the data breaches that have already taken place it is likely someone already has all of your information anyway.
Very little is needed to make a happy life; it is all within yourself, in your way of thinking. -Marcus Aurelius
Re: Keeping sensitive documents in the cloud -- bad idea?
I use google drive and encrypt my sensitive documents with Boxcryptor. My thinking is that even if they get my Google password it won't do them much good.
- flamesabers
- Posts: 1848
- Joined: Fri Mar 03, 2017 11:05 am
- Location: Rochester, MN
Re: Keeping sensitive documents in the cloud -- bad idea?
I would suggest storing sensitive documents via offline on an external hard drive or burnable DVD and keep the item in a secured location that is separate from your home/office. This way if your dropbox account ever gets hacked or you lose access to it, you can still retrieve your sensitive documents.
I'm not familiar with Vanguard's policy for how long they'll keep your electronic statements available.
I don't know if it's relevant for you or not, but USAA does have a time limit as to how long they'll keep your electronic statements on file. I'm thinking it's between 7-10 years. While it's highly unlikely you'll need documentation older then that, it's something to bear in mind.
I'm not familiar with Vanguard's policy for how long they'll keep your electronic statements available.
-
- Posts: 583
- Joined: Sat Jan 04, 2014 2:18 pm
- Location: Baltimore & DC
Re: Keeping sensitive documents in the cloud -- bad idea?
Since you're a Dropbox customer, I hope you're aware their security breaches have had some doozies:
Dropbox confirms security glitch--no password required
https://www.cnet.com/news/dropbox-confi ... -required/
Hacked Dropbox login data of 68 million users is now for sale on the dark Web
https://www.washingtonpost.com/news/the ... e-dark-web
I don't store any sensitive data in the cloud, but if I did I would
Dropbox confirms security glitch--no password required
https://www.cnet.com/news/dropbox-confi ... -required/
Hacked Dropbox login data of 68 million users is now for sale on the dark Web
https://www.washingtonpost.com/news/the ... e-dark-web
I don't store any sensitive data in the cloud, but if I did I would
- Make sure to use a unique, complex password for the cloud site
- Change that password periodically
- Encrypt the data using a trustworthy tool before uploading it, and ensure the cloud server never sees the unencrypted data
Re: Keeping sensitive documents in the cloud -- bad idea?
For me it is, because I don't trust the current state of information security and I see it only getting worse. Therefore, I store nothing at all there.
-
- Posts: 1320
- Joined: Thu Jul 18, 2013 9:06 pm
Re: Keeping sensitive documents in the cloud -- bad idea?
I do the same as craigers. I'm in the process of moving all old tax docs to the cloud encrypted. Keeping an external drive, which can die, be damaged, get stolen, etc, doesn't make any sense to me anymore.
Re: Keeping sensitive documents in the cloud -- bad idea?
Same boat here. I have been contemplating using a home server for a while now, but I'm also weary about that. The possibility of sensitive information remote hacked, whether it's stored in the cloud or on a home network is often not worth the convenience of access. I've gone old school and am storing sensitive information locally (flash drive and paper), and putting them in a safe or safety deposit box. Now, the information that gets this extreme treatment is very small, and with judicious pruning, you can approach a minimum of concern.
-
- Posts: 35
- Joined: Fri Mar 17, 2017 9:47 pm
Re: Keeping sensitive documents in the cloud -- bad idea?
I use Tresorit for this purpose. The technology is truly excellent. Full end-to-end encryption on the cloud side yet completely transparent to the user on the device side. Excellent Mac, IOS, Windows apps. They market primarily to businesses, but if you poke around they have an individual user option which is $125 a year. From my perspective it’s money very well spent. I am able to put all of our sensitive and household documents there with full peace of mind and yet me and DW can access them all safely from any of our devices. The technology is so good that DW (who is not tech savvy) doesn’t even realize that it’s encrypted, it just works.
- pondering
- Posts: 1127
- Joined: Fri Jan 30, 2015 10:04 pm
- Location: 412-977-3526, originally 718-273-2422
- Contact:
Re: Keeping sensitive documents in the cloud -- bad idea?
Please do not store your only copy of a document on the cloud. Everything should be backed up locally.
--Robert Sterbal |
robert@sterbal.com |
412-977-3526
Re: Keeping sensitive documents in the cloud -- bad idea?
I have all of my sensitive info on the cloud. My time is too valuable to mess with local backups. I worry more about heart attacks and auto accidents and zombies apocalypses.
Re: Keeping sensitive documents in the cloud -- bad idea?
What kind of sensitive documents are the issue? If someone gets a W2 or 1099 tax form, is there a real peril?
Re: Keeping sensitive documents in the cloud -- bad idea?
+1 for Boxcryptor. Everything is encrypted locally.
- pondering
- Posts: 1127
- Joined: Fri Jan 30, 2015 10:04 pm
- Location: 412-977-3526, originally 718-273-2422
- Contact:
Re: Keeping sensitive documents in the cloud -- bad idea?
I'm going start polling people if their time is too valuable to take local backups. Exactly how much time is involved? Can't you do it while watching TV?
--Robert Sterbal |
robert@sterbal.com |
412-977-3526
-
- Posts: 675
- Joined: Tue Oct 19, 2010 7:27 am
Re: Keeping sensitive documents in the cloud -- bad idea?
Take a look at www.fidsafe.com a free cloud storage site service from Fidelity Investments, for documents.
"Borrow money from pessimists -- they don't expect it back"
-
- Posts: 3579
- Joined: Fri Jul 19, 2013 2:45 pm
Re: Keeping sensitive documents in the cloud -- bad idea?
The cloud is fine if you don't mind people having copies of all of your sensitive information and/or you not having any control over what happens to it. Paper is still the archival method of choice for a lot of good reasons.
Re: Keeping sensitive documents in the cloud -- bad idea?
Services like Google Docs and Dropbox do allow a copy to be kept on your computer but automatic syncing with the cloud storage could cause a problem if one or the other were deleted.
Re: Keeping sensitive documents in the cloud -- bad idea?
Yes; I have two processes that trigger after midnight. One runs a sync of my data to a mirror on my local NAS. The other runs a sync of data to a Google drive using Boxcryptor to encrypt the files.
I have used the local mirror a few times when I got a bit careless and deleted a file I needed.
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
- triceratop
- Posts: 5838
- Joined: Tue Aug 04, 2015 8:20 pm
- Location: la la land
Re: Keeping sensitive documents in the cloud -- bad idea?
If I were to put sensitive documents on the cloud I would keep them in a GPG-encrypted directory. Since I am a nerd as well as a Linux user I would use something like EncFS (the FUSE encryption plugin) or GnuPG + FUSE. But, I do not put sensitive documents on the cloud.
Instead, since I do not trust any of these companies I use Syncthing for synchronizing files between computers.
Instead, since I do not trust any of these companies I use Syncthing for synchronizing files between computers.
"To play the stock market is to play musical chairs under the chord progression of a bid-ask spread."
Re: Keeping sensitive documents in the cloud -- bad idea?
I guess I could fret about it...
what good is it going to do me.
Everything stored In Google Drive.
what good is it going to do me.
Everything stored In Google Drive.
"One does not accumulate but eliminate. It is not daily increase but daily decrease. The height of cultivation always runs to simplicity" –Bruce Lee
-
- Posts: 18502
- Joined: Tue Dec 31, 2013 6:05 am
- Location: 26 miles, 385 yards west of Copley Square
Re: Keeping sensitive documents in the cloud -- bad idea?
I'm way to senile and dumb to figure out all this automatic synching and backup. On the other hand I'm rid of paper.
Mine stuff is all on 2 usb drives. In addition I take copies on 2 flash drives when I travel. Likelihood of both failing is low enough for me.
Mine stuff is all on 2 usb drives. In addition I take copies on 2 flash drives when I travel. Likelihood of both failing is low enough for me.
Re: Keeping sensitive documents in the cloud -- bad idea?
Should still be encrypted. Flash drives are not secure. Plus they are easy to lose.
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
-
- Posts: 311
- Joined: Wed Mar 01, 2017 4:40 pm
Re: Keeping sensitive documents in the cloud -- bad idea?
As with anything it's all about risk and tolerance.
If your house gets broken into, will they take your computer(s)? If your house burns down/floods, will your computer and (presumably) local backup get damaged? Could that cheap, Chinese webcam/wifi extender/etc. you've added to your home network be hacked? Are you willing to periodically update the hardware/software of your local back-up solution?
What is the likelihood unauthorized users can access files stored in your cloud account? If they're encrypted, can they decrypted? What risk does this pose?
If your house gets broken into, will they take your computer(s)? If your house burns down/floods, will your computer and (presumably) local backup get damaged? Could that cheap, Chinese webcam/wifi extender/etc. you've added to your home network be hacked? Are you willing to periodically update the hardware/software of your local back-up solution?
What is the likelihood unauthorized users can access files stored in your cloud account? If they're encrypted, can they decrypted? What risk does this pose?
Re: Keeping sensitive documents in the cloud -- bad idea?
In my case, more time than most would be interested in investing. I've posted my rather elaborate system previously. Security is a trade off between convenience/security. My rationale for the additional effort is that in retirement, you only get one chance to get things right, and loss and theft are among those things which are hard to recover from after retirement. I view such loss as high impact. Therefore, I expend the extra effort. OTOH, my system is so smooth now it's not much effort at all. I also don't believe in storing personal documents in the cloud, but that's a different subject entirely.
Due to the rapidly expanding state of artificial intelligence, I don't trust cloud data to be protected by encryption, regardless of the methodology. Attempting to comprehend what's possible with limited human intelligence leaves one open to technology black swans.
-
- Posts: 2528
- Joined: Mon Aug 14, 2017 12:31 pm
Re: Keeping sensitive documents in the cloud -- bad idea?
I never used Cloud anything, yet I was told some of my pictures were going over the limits on my iPad, they want me to pay more. I’m nervous about these things I don’t know. So I deleted them. Honestly, sometime I just want to go back to the Stone Age.
-
- Posts: 620
- Joined: Sun Nov 12, 2017 12:59 am
Re: Keeping sensitive documents in the cloud -- bad idea?
Similar to a few posters I store minimum personal critical data on 2 flash drives offline. Cloud is basically keeping your data on somebody else's machine(s). Why do you need to worry so much, waste time in encryption, upload,sync - constantly sync with changing formats and platforms - use paid services for these is beyond me. For me, life is more enjoyable with no clutter. If it matters I have spent a pretty long time in technology.
-
- Posts: 1879
- Joined: Fri Feb 20, 2015 2:14 pm
Re: Keeping sensitive documents in the cloud -- bad idea?
Cloud is great for pictures. Amazon has free unlimited photo storage if you're a prime member.DrGoogle2017 wrote: ↑Fri Jan 12, 2018 11:29 am I never used Cloud anything, yet I was told some of my pictures were going over the limits on my iPad, they want me to pay more. I’m nervous about these things I don’t know. So I deleted them. Honestly, sometime I just want to go back to the Stone Age.
Re: Keeping sensitive documents in the cloud -- bad idea?
Make sure, if you are encrypting things, that you are correctly weighing the chance of different risks and carefully saving your encryption key.
1. The risk that someone else gets access to your data. Encryption makes sense here.
2. The risk that you lose your data. Encryption increases this risk, since if you lose your key, you lose your data.
It's not always clear which is a bigger risk, and it probably won't be the same for all data.
1. The risk that someone else gets access to your data. Encryption makes sense here.
2. The risk that you lose your data. Encryption increases this risk, since if you lose your key, you lose your data.
It's not always clear which is a bigger risk, and it probably won't be the same for all data.
-
- Posts: 311
- Joined: Wed Mar 01, 2017 4:40 pm
Re: Keeping sensitive documents in the cloud -- bad idea?
Well....A couple reasons. First, there are some legitimate concerns re: co-locating your back-up, in terms of disaster and security. Second, many devices already leverage 'cloud' storage (smartphones, tablets, etc., etc.) so you're not adding complexity -- you're removing it. It's also extremely handy to have shared file-space with one's spouse/partner, so files either of us might need are always available when we have internet access.gotester2000 wrote: ↑Fri Jan 12, 2018 12:29 pm Cloud is basically keeping your data on somebody else's machine(s). Why do you need to worry so much, waste time in encryption, upload,sync - constantly sync with changing formats and platforms - use paid services for these is beyond me. For me, life is more enjoyable with no clutter. If it matters I have spent a pretty long time in technology.
Finally, I don't need to worry about encryption, sync and back-up schedules, changing formats and platforms -- that's the entire point of offloading the storage to a cloud provider. Make sense?
- oldcomputerguy
- Moderator
- Posts: 17934
- Joined: Sun Nov 22, 2015 5:50 am
- Location: Tennessee
Re: Keeping sensitive documents in the cloud -- bad idea?
W-2 forms contain one's Social Security number in box "a". While it may be academic after the Equifax breach, why make it easier for the Bad Guys?
There is only one success - to be able to spend your life in your own way. (Christopher Morley)
Re: Keeping sensitive documents in the cloud -- bad idea?
There's a lot of panaroia and nuts about computer security. Sure, you have to take precautions, but be reasonable about it.
The odds of someone successfully impersonating you do to a sophisticated hack into your accounts is farrrrrrr lower than the criminals going after the credit card repository of a small business. You are only one individual, so unless you're a celebrity, or you leave your account totally vulnerable, it's not worth the time to break into your stuff to steal your W-2s and tax returns. Seriously, how often does this form of cyberimpersonation come up in the news?
Encrypt your stuff with a good password, use reliable vendors, and you're pretty good, unless you're super wealthy, celebrity, or have stuff like lists of cc numbers that thieves could use. Else, contrary to your belief, your files are super-low in terms of targeting for criminals. It's a lot easier to hit a small business where there are many more weakness points and much more usable data.
The odds of someone successfully impersonating you do to a sophisticated hack into your accounts is farrrrrrr lower than the criminals going after the credit card repository of a small business. You are only one individual, so unless you're a celebrity, or you leave your account totally vulnerable, it's not worth the time to break into your stuff to steal your W-2s and tax returns. Seriously, how often does this form of cyberimpersonation come up in the news?
Encrypt your stuff with a good password, use reliable vendors, and you're pretty good, unless you're super wealthy, celebrity, or have stuff like lists of cc numbers that thieves could use. Else, contrary to your belief, your files are super-low in terms of targeting for criminals. It's a lot easier to hit a small business where there are many more weakness points and much more usable data.
- oldcomputerguy
- Moderator
- Posts: 17934
- Joined: Sun Nov 22, 2015 5:50 am
- Location: Tennessee
Re: Keeping sensitive documents in the cloud -- bad idea?
Is there a real reason for putting this information in the cloud particularly, or is it just that Dropbox is what storage you have? If the latter, why not go get a portable USB drive and use that instead? Dropbox Basic limits you to 2 GB of space, while Dropbox Plus and Professional each have a 1 terabyte limit. You can get a Western Digital 4 terabyte external USB hard drive for around $110.pieinthesky wrote: ↑Thu Jan 11, 2018 3:41 pm I'm currently making an effort to rid my office of piles of paper and have been scanning financial documents, receipts, etc. to my Dropbox. I use Dropbox a lot and have been satisfied with the service, but is there a way to make it more secure for sensitive info, like password protecting or encrypting certain folders? Or would it be wise to use another service altogether for the sensitive documents? Would appreciate recommendations, if any.
There is only one success - to be able to spend your life in your own way. (Christopher Morley)
Re: Keeping sensitive documents in the cloud -- bad idea?
But can you access these files from the browser from a different computer?
Re: Keeping sensitive documents in the cloud -- bad idea?
In the first case, if I have a different computer that has 7Zip or another program that can read 7Zip files, all I need is the key to open them up and look at them.
In the second case, I would need Boxcryptor to be running on the second computer. I have tested this with a virtual machine and it works fine. I can store and encrypt documents in the cloud or my NAS and access them from another machine.
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
Re: Keeping sensitive documents in the cloud -- bad idea?
^ I agree with this.lightheir wrote: ↑Fri Jan 12, 2018 2:04 pm There's a lot of panaroia and nuts about computer security. Sure, you have to take precautions, but be reasonable about it.
The odds of someone successfully impersonating you do to a sophisticated hack into your accounts is farrrrrrr lower than the criminals going after the credit card repository of a small business. You are only one individual, so unless you're a celebrity, or you leave your account totally vulnerable, it's not worth the time to break into your stuff to steal your W-2s and tax returns. Seriously, how often does this form of cyberimpersonation come up in the news?
Encrypt your stuff with a good password, use reliable vendors, and you're pretty good, unless you're super wealthy, celebrity, or have stuff like lists of cc numbers that thieves could use. Else, contrary to your belief, your files are super-low in terms of targeting for criminals. It's a lot easier to hit a small business where there are many more weakness points and much more usable data.
Bad guys want to come after me? Come and take it.
Just don't use public wifi to upload/email sensitive documents. Don't use public wifi at all if you wants to access bank or investment accounts.
Time is the ultimate currency.
-
- Posts: 2528
- Joined: Mon Aug 14, 2017 12:31 pm
Re: Keeping sensitive documents in the cloud -- bad idea?
I’m but I don’t care. I might get rid of prime someday. Honestly, I don’t know how I was a prime member in the first place.wfrobinette wrote: ↑Fri Jan 12, 2018 12:44 pmCloud is great for pictures. Amazon has free unlimited photo storage if you're a prime member.DrGoogle2017 wrote: ↑Fri Jan 12, 2018 11:29 am I never used Cloud anything, yet I was told some of my pictures were going over the limits on my iPad, they want me to pay more. I’m nervous about these things I don’t know. So I deleted them. Honestly, sometime I just want to go back to the Stone Age.
Re: Keeping sensitive documents in the cloud -- bad idea?
Making an assessment by using a word such as "paranoia" does not change reality, even were it possible to know the extent of that reality as it relates to the state of cloud security (on a number of levels), which it is not.
OTOH, do what's most comfortable and what works for you.
OTOH, do what's most comfortable and what works for you.
Re: Keeping sensitive documents in the cloud -- bad idea?
I'm not sure why Boxcryptor is any more secure, especially if you knew it was made and run by the BND (Bundesnachrichtendienst). Are you seriously going to trust your data to a company with Stefan and Boris? (sounds like made up names like John and Jane Doe) Would you have as much trust if the developers were in Russia or China? At least with open source apps like Cryptomator, you have a chance to find backdoors and vulnerabilities, but there are weaknesses there as well.
https://www.boxcryptor.com/en/who-we-are/
http://www.backupreview.com/cryptomator ... oud-files/
-
- Posts: 904
- Joined: Sat Apr 06, 2013 7:11 pm
- Location: Springfield
Re: Keeping sensitive documents in the cloud -- bad idea?
Dropbox and Google Drive encrypt your data both on their servers and also when the data is in transit. For very sensitive data, extra measures probably make sense, but for the typical user, I don't know.
Dropbox https://www.dropbox.com/security
compare https://www.virtru.com/blog/dropbox-encryption/
Dropbox https://www.dropbox.com/security
compare https://www.virtru.com/blog/dropbox-encryption/
Re: Keeping sensitive documents in the cloud -- bad idea?
Where are the keys stored, and how was "the man in the cloud" able to get to them? Looks like they somehow bypass that.Jeff Albertson wrote: ↑Sat Jan 13, 2018 7:03 pm Dropbox and Google Drive encrypt your data both on their servers and also when the data is in transit. For very sensitive data, extra measures probably make sense, but for the typical user, I don't know.
Dropbox https://www.dropbox.com/security
compare https://www.virtru.com/blog/dropbox-encryption/
https://www.darkreading.com/cloud/man-i ... id/1321501
Encryption of all data before it's uploaded seems to be the only solution.
-
- Posts: 45
- Joined: Sun Oct 18, 2015 9:48 pm
Re: Keeping sensitive documents in the cloud -- bad idea?
Crashplan enterprise has a slightly better security model; the encryption key remains local;plus they offer unlimited storage.
-
- Posts: 620
- Joined: Sun Nov 12, 2017 12:59 am
Re: Keeping sensitive documents in the cloud -- bad idea?
I think the point related to encryption was related while storing data in the cloud. If the documents are really sensitive I do not store them in the cloud - I dont even know how many copies/different locations/machines my data will be distributed.nick evets wrote: ↑Fri Jan 12, 2018 1:30 pmWell....A couple reasons. First, there are some legitimate concerns re: co-locating your back-up, in terms of disaster and security. Second, many devices already leverage 'cloud' storage (smartphones, tablets, etc., etc.) so you're not adding complexity -- you're removing it. It's also extremely handy to have shared file-space with one's spouse/partner, so files either of us might need are always available when we have internet access.gotester2000 wrote: ↑Fri Jan 12, 2018 12:29 pm Cloud is basically keeping your data on somebody else's machine(s). Why do you need to worry so much, waste time in encryption, upload,sync - constantly sync with changing formats and platforms - use paid services for these is beyond me. For me, life is more enjoyable with no clutter. If it matters I have spent a pretty long time in technology.
Finally, I don't need to worry about encryption, sync and back-up schedules, changing formats and platforms -- that's the entire point of offloading the storage to a cloud provider. Make sense?
I find it sufficient to hold my minimal important data in a storage device offline and I purge it periodically as I do my other physical things. I think the whole data thing is blown out of proportion to create the need of availing such services.
Majority of people will not agree to this approach but I feel having less clutter means I can focus more on living my life.