Google Drive is more than just an online place to stash files. Google Drive is integrated into many Google applications including Google Apps and lets you access your information from just about anywhere – including mobile devices. But what kind of risks do you face by uploading your data to the cloud? We address Google Drive-specific security issues below.
Tip #1: Use Two-Step Verification
The biggest risk to your data is your credentials, which for most of us is an easily guessed password. Two-step verification is one of the surest ways to secure your Google Account (which gives you access to Google Drive, of course). Once enabled you’ll have to enter not only your password but a second code Google sends to your mobile phone via text message. It doesn’t add much time to the login process and is infinitely more secure. Why? If someone tries to hack your account they’ll need your password AND your phone.
Google’s short DIY on how to setup two-step verification can be found here.
Tip #2: Setup recovery on your Google Account
It can happen – let’s say you lost control of your account to a third party (you left your account logged into on a public computer, forgot to lock your computer, someone guessed your password). Google Drive users should be more concerned than anyone, especially if they’re uploading identity-theft grade files like tax returns or insurance documents.
Fortunately, losing control of your account isn’t the end of the world. You can setup account recovery options which will allow you to regain control of your Google Account. Things you can do include adding a security question, use of your mobile phone, and most importantly, setting up an alternate email address.
Tip #3: Secure your files by Application
Think of Google Drive as a backend platform – while it can simply store files, it’s also designed to act as a storage subsystem for applications (Google Apps, for example, now uses Google Drive instead of the defunct Google Documents). You can find apps that store photos, videos and even faxes in Google Drive in the Chrome Web Store. Why is it important to think about security on a per-file basis? You may not want to give a video editing app access to last year’s W2 form. While it probably won’t hurt, keep in mind that most apps for Google Drive are not developed by Google (read: third-party). It’s not that we don’t trust anyone, but why take any risk, no matter how small, if it’s unnecessary?
Chances are you won’t be micromanaging access to all of your files (especially if you have thousands like I do) – maybe just to that W2 like I mentioned. To revoke an app’s permission to a file, right-click the file and click “View authorized apps…” and then the Revoke button next to any app you don’t want to have access. You will still have access to the file through Google Drive, but the app won’t.
Google Apps Security is a large topic, one that we can cover in this blog post alone. With that in mind, we wrote the complete guide to Google Apps Security. Check it out and let us know if you find it helpful.
Tip #4: Control entire apps with one click
Do you want to cut off an app’s access to your data entirely? This would be a good idea if you’re not using the App – and chances are you’ve downloaded one too many that is not being used.
Go to accounts.google.com, sign in, and click “Security” on the left. Then click on “Authorizing applications & sites”:
This page shows you every app that has access to your data and gives you one button to revoke all access. Neat!
Tip #5: Backup Google Drive
No matter how much you protect your Google Drive data from outside attacks, it’s hard to protect it from yourself. Nearly 63% of all data loss in Google Apps is user error – cases of accidental deletion tops among them. Moreover, if you’ve shared a Google Drive item with another user, they could corrupt or delete those documents through no fault of your own. The best defense against user error (and any other form of data loss) is an independent backup of Google Drive.
It’s important to be stringent about access to your data. Think about access to your Google Account for starters; make sure you setup two-step verification and your account recovery options. Two-step verification is an extra barrier to hacking and recovery means you can regain control of your account should anyone actually get in. Next we have the issue of third-party apps having access to your data in Google Drive. You can setup access on a per-file basis and even lock out entire applications with a few clicks. Lastly, backup of all data is best practice, even in Google Drive. Remember that Google is doing a lot of unsaid work behind the scenes to keep your data safe, but at the end of the day you’re ultimately responsible for what you upload to the Internet and how you protect it.