Top 5 security questions
to ask your prospective online
Ready to start storing your important personal files online using cloud storage? Before you put wallet information like credit card and bank account numbers, and medical details, insurance, wills and other household records online, check up on the storage service’s security features.
You want an online service that is trustworthy and has the security and staying power you’ll need to feel confident that your personal records are safe.
What to ask before you store:
- What kind of encryption are you using?
To ensure security of your personal information, ensure your online data storage provider encrypts your data both during transmission (i.e. while you’re uploading and downloading files), and while your files are stored on their servers. Find out if they’re using internationally recognized encryption standards such as Secure Socket Layer (SSL) and the Advanced Encryption Standard (AES). Also ask if they use the same encryption key for all accounts or generate a different key for each account. The latter ensures a much higher overall level of security.
Are my files private or can you see what’s in them?
Let’s say the site encrypts your data. Is that good enough? It might be, depending on your privacy requirements, but you should know that many companies practice what’s known as “decrypt and de-duplicate”. This means that they decrypt your files and compare them to other files on their servers, so they can delete identical parts of files. This saves them money by reducing storage space required. If your privacy is important to you, make sure they do not decrypt your data.
Examine their privacy practices so you know what you are agreeing to when you sign their terms and conditions. Do they, for example, have a separate privacy notice that clearly spells out what they do with your data?
Find out how long they’ve been in business and
think about how much you trust their brand with your most private personal information.
How hack-proof are you?
Find out if the site employs bank-grade security standards. Like banks, it’s preferable that they comply with the Payment Card Industry Data Security Standard. This ensures they have a secure network, manage vulnerabilities such as viruses, have strong access controls, and submit to an auditing process to ensure compliance with the security standard. In addition, they should employ security experts or ethical hackers to test their site frequently.
Where is my data stored and do you have disaster recovery plans in place?
Find out where the site’s servers are located. They may store your data outside of Canada and be subject to the privacy laws of a different country. Do they have at least a level 3 data centre? Be sure they have disaster recovery plans in place that include multiple redundant independent power supplies, replication of data in real-time to disaster recovery servers and ideally that they copy all data onto tape for off-site backups in another city.
What will happen to my data if you go bankrupt or get bought?
Many of today’s online cloud storage providers are start-up companies. This means some of them won’t be around by this time next year. Find out how long they’ve been in business and think about how much you trust their brand with your most private personal information. If they go bankrupt, you may be given little or no advance notice and will be responsible for downloading all your files and finding another solution.