With ever more of your valuable data being uploaded to the cloud, it pays to give some thought whether your personal information is safe once it leaves the comparative security of your PC’s hard disk. After all, while we might hope and believe that the major file hosting and sharing sites take good care of our online information, cases of successful hacking attacks are worryingly frequent.
See also: How to back up your PC and laptop
In addition, it was recently revealed that Dropbox automatically opens the files you upload to it. The company explained that this was so that you can preview your files when you view them in a web browser but this remains a concern for some users.
If you’re anxious at a possible lapse in security, an obvious solution is to encrypt your data before you upload it to the cloud. Then, even if your account is hacked, your files will be unintelligible to the hacker. Here we provide some practical guidance on how to go about that, looking both at conventional encryption software and at those packages that have been designed specifically with cloud storage in mind.
Encrypt your documents in the cloud: A reality check
First of all we need to stress that dealing with encrypted files will always be more hassle than if they were unencrypted. In addition, if you want to share your online data with others, they’ll also need software to be able to read your documents. Not only that, but if you encrypt your files and then forget the password, in many cases they’ll be lost forever so this isn’t something to take lightly. Right at the start, therefore, it pays to give some thought to what you really need to make secure.
It’s all too easy to get paranoid about this but, let’s face it, how much of your data would be of any interest to anyone else? Remember, those who hack for the challenge would choose a high-profile site rather than your Dropbox folder, and those who do it for profit would want to be sure the effort is worth the not insignificant cost.
Ok, so peace of mind is a valuable commodity but it certainly pays to be selective about which of your online files you choose to encrypt. Also, because you’d lose access to your own online encrypted files if you forget your password, it would be wise to take precautions against that eventuality.
A good solution is to use a password management utility such as KeePass – see our guide for instructions on how to use it. Also, as the ultimate protection against loss, it would be a good idea to keep an unencrypted copy of your files locally on your PC.
Encrypt your documents in the cloud: Standard encryption software
Encryption software has been around long before the cloud-based data storage became popular. It’s perfectly feasible to encrypt a file on your PC’s hard disk using conventional encryption software before uploading it to the cloud so this could be a solution if you already use this type of software.
Full disk encryption software would not be suitable. As the name suggests, it encrypts the complete disk so that your data is secure should you PC be stolen. However, it decrypts it on-the-fly when you come to use a file so anything you uploaded to the cloud would be unencrypted.
A second popular type of software, typified by TrueCrypt and Cryptainer, simplify encryption by providing an encrypted folder on your disk so that any document you copy here will be encrypted automatically. Here's how to use Cryptainer. Again, if you access a file it’ll be encrypted on-the-fly, so long as you’ve started the software and entered the password, but the whole encrypted folder is, in reality, a single Windows file. You can, therefore, copy that file into the cloud but this isn’t ideal since you’ll end up uploading a large file each time you change something. Some of these packages also allow you to encrypt individual files so you can email them, and this would also allow you to encrypt files before uploading them to the cloud, therefore solving the issue of large files.
However, there’s another problem – most of these packages use private key encryption. Here you use a key (i.e. a password) to encrypt a file and you have to provide the same key to decrypt it. This is fine so long as you’re the only one who is going to be accessing the file but things get tricky it you want to share data with others. The difficulty is that you have to find a means of providing the key to whoever you want to share your files with. Telling them face-to-face would be one option but sending it via email wouldn’t be 100 percent secure. Dedicated cloud encryption software solves both the drawbacks with conventional encryption software.
Encrypt your documents in the cloud: Cloud encryption software
Dedicated cloud encryption packages have two important attributes that makes them more suitable for this application than standard encryption software. First of all, files are encrypted individually rather than being bundled together into a large file with the long upload times this would cause. Second, they employ public key encryption. Each person using the software has two keys, one they keep secret and one they publish for anyone to use. A unique feature of the encryption algorithm is that if a file is encrypted using someone’s public key, it can only be decrypted using their private key. This, therefore, allows an encrypted file to be transferred without the difficulty of exchanging any private information.
One well-respected cloud encryption solution that works in this way is called Boxcryptor – it’s available for Windows, Mac OS X, iOS and Android. It works with any cloud storage service that operates by creating a folder on your local disk that parallels your online storage. This includes Dropbox, Box.com, Google Drive, Microsoft SkyDrive, SugarSync and more. The Basic service is free, allowing you to work with one cloud provider, or for €36 per year (approx £30) you can upgrade to the Unlimited Person service. In addition to allowing you to work with multiple cloud services at once, this offers the option of encrypting filenames where the Basic service only encrypts their contents.
First of all you should download and install Boxcryptor (not the “Classic” version). On using Boxcryptor for the first time you must sign up for your chosen service (we suggest you try the Basic one first) and provide a password. Bear in mind our earlier advice on making sure you don’t loose access to your files by forgetting your password. If you only use one cloud service, Boxcryptor will configure itself to work with it. If it detects more than one it recognises, you must tell it which to use. You can do this, and subsequently add or remove folders (subject to the Basic version only supporting one cloud service at once), by right clicking on the Boxcryptor icon in the notification area, selecting Settings, and then the Locations tab. Note that you can include local folders too.
You’ll find that Boxcryptor creates a new pseudo disk drive (probably X:) and you can go straight to it by double clicking on the Boxcryptor icon. Your cloud service(s) will appear as one or more folders within that drive. Initially, all the files and folders are unencrypted. To encrypt a file or folder, right click on it, select ‘Boxcryptor’ and then ‘encrypt’ from the menu. The filename will turn green to show that it’s encrypted. Right clicking on a green filename allows you to decrypt it or to share it. To share a file in Boxcryptor you first must have shared it as usual via your cloud service provider and the person you share it with must also be a Boxcryptor user.