Our lives revolve around the internet, but online security is often not up to the job of protecting our sensitive files and data from prying eyes or malicious actors. This is how I ensure my data is safe on the internet.
What is encryption?
Encryption, broadly speaking, is the use of mathematical algorithm to make information unreadable without a specific key.
Encryption is how sensitive information, like your health records, photos in the cloud, and text conversations remain private.
Unfortunately, there is more than one type of encryption, and more than one approach to “encrypting” your data that makes some forms less secure than others.
How are your files secured online?
We tend to assume that the things we upload to the cloud are securely encrypted, and generally speaking, they are.
However, the details of how your files are encrypted are more complex than “Yes” or “no.”
Encrypted in transit
Ideally, all sensitive information you send over the internet should be encrypted “in transit.” That means when you send a message to your doctor via the online portal, no one between you and your doctor will be able to read the message, even if they manage to save a copy.
Thankfully, standards like HTTPS ensure that no one using an application or website has to worry too much about manual encryption while data is being transmitted—it is now basically the default.
If you click on the address of a website, you should see HTTPS at the beginning of the URL.
What about once those files reach their destination, however?
Encrypted at rest
The encryption that occurs when a file is stored in the cloud is called “encryption at rest.” In some cases, the encryption occurs on the server itself. In that case, whoever that manages the server usually holds the decryption keys.
It is important to note that not everything stored in the cloud is encrypted at rest, though ideally all sensitive information should be.
Encryption at rest also means that physically stealing a storage drive or computer isn’t enough to gain access to data. Even if they attempted to read whatever data was stored, it would just appear as garbled nonsense.
Anything that uses end-to-end encryption (E2EE) will also be encrypted in transit and at rest.
No security is perfect
Because the keys are usually held by whatever cloud service provider you’re using, it opens up a few potential security vulnerabilities.
If their servers are compromised, it is possible that a vulnerability in their system could compromise your stored data. Though unusual, it also makes it theoretically possible for a rogue employee to gain access to your files.
Luckily, there is an easy solution: manually encrypt your most important files first.
Encrypt your own sensitive files
The best way to ensure that your sensitive files in the cloud remain safe and secure is to handle the encryption yourself. There are a few different ways that you an approach this, but my preferred way is to just encrypt them before I upload them. In practice, it is a bit like ensuring that you’re running your own end-to-end encryption (E2EE), which ensures that everything is encrypted in transit and at rest.
The best part of the entire setup is that it ensures your files are private. They can’t be used by your cloud provider to train AI or snoop, nor can a security breach on their end compromise your files—they were already secured before they ever reached their servers.
There are a few ways you can do that.
Encrypt your files with VeraCrypt
I prefer to use VeraCrypt to secure my sensitive files before I upload them to the cloud. This is how.
First, begin by downloading VeraCrypt from the VeraCrypt website.
Once that is done, launch VeraCrypt and select “Create Volume.”
Once you’re there, follow the steps as VeraCrypt walks you through creating an encrypted volume. The default option, which creates a portable encrypted “folder,” is fine for the overwhelming majority of cases. It’ll guide you through selecting a strong password and an appropriate encryption scheme.
You also have to pick a max size. I usually just ballpark mine to the size of whatever files I intend to store.
Once you create it, you can copy and paste it anywhere you want, or upload it to the cloud. It is one of the best ways to ensure that files that must be private are kept private.
Though VeraCrypt is one of my favorite applications for this, it isn’t the only option. If you’re looking for something more multipurpose, you can also use most archival programs—like WinRAR or NanaZIP—to encrypt a file (or files) instead.
A major benefit of VeraCrypt is its ability to encrypt entire drives. For example, I built my own external SSD and encrypted the entire thing using VeraCrypt. That way, even if someone steals it from me, they won’t be able to access any sensitive files I may have stored.
- Storage capacity
-
2TB
- Hardware Interface
-
PCIe Gen4x4
- Compatible Devices
-
PS5, PC
- Brand
-
Western Digital
- Dimensions
-
80.01 x 22.1 x 2.29 mm
- Weight
-
7.5 g
