How to securely store and share sensitive files

This article has been updated. Originally published on May 4, 2018.

Your computer security may not be as high as you think. If you use your computer to store sensitive information—such as tax forms, legal documents, and other documents—you need to take additional measures to protect this data from snooping.

Protect files on your computer

Storing sensitive files on a computer is much more convenient than stacking large amounts of paper in a filing cabinet. But just like you lock the file cabinet with your key, you also need to lock these digital files to prevent thieves and hackers from accessing them. Unlike what you might think, a normal user account password is not enough. If someone has access to your device, they can easily find and steal your files using free and easy-to-get software.

[Related: Protect your Zoom calls with end-to-end encryption]

To truly protect sensitive files, you need to encrypt. This technology uses complex algorithms to obfuscate data so that only those with the key (in this case the password) can view the unscrambled version. If someone steals your computer, they will see the file, but without a password, the contents look like a bunch of garbled code.

Both Windows and macOS have built-in tools that can encrypt your files and use your user account password as a key. This way you will enter your password as usual, but it will do more in the background to lock your file.

### On macOS

Mac users are very simple to operate: Turn on the FileVault function from System Preferences > Security & Privacy > FileVault. This will encrypt your entire hard drive and prevent anyone from accessing your files unless they know your account password. If you want to store information on an external USB drive for easy portability, your Mac can also encrypt the drive: Open the unit in the Disk Utilities app, select it from the sidebar on the left, and follow the instructions .

### On Windows

Unfortunately, Windows is a bit complicated. Some PCs automatically encrypt their files by default. You can check this by going to Settings > System > About and scrolling down to BitLocker. Click it and in the pop-up menu, under Operating System Drive , you will see if this tool is turned on or off. If it is not activated, click Enable BitLocker and follow the instructions.

This feature encrypts your computer as well as your external drive. The latter feature is very useful if you want to move files between PCs or lock data at another level of security by putting a portable drive into a physical safe.

It should be noted that BitLocker requires your computer to have a special chip called Trusted Platform Module (TPM), not every PC is equipped with this chip. If your computer does not have TPM and you are using Windows 10 or later, you can enable BitLocker and save the encryption key on the flash drive. If your computer is running Windows 7 or later, you can also choose to encrypt your local drive without a TPM or USB drive.

If all of this looks more complicated, you can turn to third-party options. VeraCrypt is a free program for Windows, macOS and Linux that encrypts the entire drive of your computer. You can also use it to encrypt certain file groups within its own secure "container", although we recommend encrypting everything.

If you encrypt your hard drive (or put any files in an encrypted container), it is very important to remember your password. If you forget it, you will be completely unable to access these files.

Storing files in the cloud

So you have control over your computer, but what if you want to easily access these files on other devices? Or what if your hard drive fails and needs to back up them? You can keep them safely in the cloud, but first, you have to understand the security of storage services.

Many popular file sharing services, such as Dropbox, encrypt your data—but this doesn't make them completely private.

"The Dropbox service can access files to perform operations such as generating previews and allow users to interact and collaborate with these files," said Rajan Kapoor, director of data security at Dropbox. By making your data accessible to the platform, it can provide convenient features – but you may not find it worth the tradeoff when it comes to your sensitive files. While Dropbox "performs threat modeling on every feature to detect weaknesses," it still requires you to trust its private security measures.

Some services, such as SpiderOak One Backup, will abandon these convenient features in exchange for greater security. “For other services, even if they use some kind of encryption, you still give control of the files to the service,” said Jonathan Moore, chief technology officer of SpiderOak. “Services can choose who can read files, and even change them. With SpiderOak’s 'less trust' approach, we have no control over the data we host for you.” Because your data is encrypted before leaving your computer, So the SpiderOak service can only access encrypted garbled code - not the actual file you store.

However, if an outlaw actually gains access to your account, neither service can protect you. If someone else knows your Dropbox password or hacks your account through a security breach – a few times that happened to Dropbox in the past – all your files will be open to them for free. (To be fair, SpiderOak has also had security vulnerabilities in the past, although not as severe as Dropbox’s vulnerability.) That’s why it’s important to choose strong passwords, randomly generated passwords, and enable two-factor authentication for every cloud service you use.

A cloud service like Dropbox or SpiderOak may be enough to protect most documents as long as you take advantage of these features. But remember: in the cloud, you always entrust your data to others. If you really want an extra layer of security, you can store the files in a VeraCrypt container and sync them to cloud storage. Even if someone has fully accessed your Dropbox or SpiderOak account, malicious actors need the password of your VeraCrypt container to access the file. Dropbox's Help Center even recommends this approach when dealing with additional sensitive files.

Send files to others

If you need to share files with others, keeping files safe becomes more difficult. The safest way to send these files (except in person) is to encrypt them, share encrypted versions, and have the recipient decrypt them on their own machines.

Unfortunately, this is not very practical. Your recipients may not use VeraCrypt, and requiring them to install just a brand new program to read your files may not succeed. So you need to try something else.

If you are sending files to professionals who often process sensitive documents, such as lawyers or tax officers, they may have a "security file box" on their website where you can place data. You may need to create an account to use it, but if its developers do their job, this is likely to be the safest option for you. (Again, "if" matters: You have to trust the person who manages encrypted cloud storage.)

[Related: Protect your Zoom calls with end-to-end encryption]

If there is no secure file box, you should turn to the cloud storage service of your choice. Upload files and send links to recipients using the built-in file sharing feature. This is safer than sending files as email attachments, as the recipient's email service may not have strong security. Share a file through Dropbox, etc., you at least know that it is transferred on HTTPS, so others on the network can't see it, and you can delete it from cloud storage after the recipient downloads it. This approach isn't perfect (because, again, Dropbox can see your files), but it's almost certainly better than using email attachments.

Of course, no matter how safe the handover process is, you entrust your trust to the recipient: once the document falls into their hands, you can’t control how cautious they are. So maybe it's better not to worry too much. After all, they might turn on the computer without a password, or throw paper documents on the table for everyone to view. This is an unfortunate reality in the modern world. But you can at least do your part to keep sensitive information moderately secure – and hopefully others can do the same.

The above is the detailed content of How to securely store and share sensitive files. For more information, please follow other related articles on the PHP Chinese website!