Blog | G5 Cyber Security

Cloud Backup Security

G5 Cyber Security

TL;DR

Backing up to an untrusted cloud is risky. Encrypt your data before it leaves your computer, use strong passwords and multi-factor authentication, and regularly verify your backups.

1. Understand the Risks

An ‘untrusted’ cloud provider means you don’t fully control their security practices. They could be compromised, have poor data handling policies, or even be legally compelled to share your data. This is why encryption is vital.

2. Encryption – Your First Line of Defence

  1. Choose an Encryption Tool: Several options exist. Some popular choices include VeraCrypt (free and open-source), 7-Zip (with strong password protection), or cloud provider specific tools like Boxcryptor (paid).
  2. Create a Container/Encrypted Archive: This is where your data will live before being uploaded.
    • VeraCrypt Example: Create a virtual encrypted disk. Mount it, copy your files into it, then dismount when finished.
    • 7-Zip Example: Right-click the folder you want to back up, select ‘7-Zip’ -> ‘Add to archive…’. Choose the AES-256 encryption method and set a strong password.
  3. Encrypt Before Uploading: Never upload unencrypted data! The cloud provider should only see scrambled files.

3. Strong Passwords & Multi-Factor Authentication (MFA)

  1. Password Manager: Use a password manager to generate and store strong, unique passwords for your cloud account(s).
  2. Enable MFA: Almost all cloud providers offer MFA (usually via an app like Google Authenticator or Authy, or SMS code). Always enable it. This adds a second layer of security beyond just your password.

4. Backup Verification

  1. Regularly Download & Test: Don’t assume your backups are good! Periodically download a sample of files and verify they open correctly.
  2. Checksums (Advanced): For critical data, create checksums (like MD5 or SHA256 hashes) before uploading and after downloading to ensure file integrity hasn’t been compromised. 
    md5sum filename

    Compare the two checksums – they should match exactly.

5. Consider Client-Side Encryption

Some cloud providers offer client-side encryption, meaning the encryption happens on your device before data is sent to their servers. This is generally more secure than server-side encryption (where the provider controls the keys).

6. Data Minimisation

  1. Only Back Up What You Need: Don’t back up unnecessary files. The less data you store in the cloud, the smaller the potential impact of a breach.

7. Review Provider Policies

Read the cloud provider’s terms of service and privacy policy carefully. Understand how they handle your data, their security measures, and what happens in case of a data breach.

Exit mobile version