Know your data
Most of the security practices mentioned previously are focused at preventing security breaches of your data. When it comes to email and cloud, these practices are especially important. Despite the imagery portrayed of emails being like a sealed envelope, unencrypted emails are often sent through multiple servers in plain text on their way to their destination - "Email is like a postcard. - Andy Chen" It's not enough to assume that we'll be perfect when it comes to preventing security breaches The next level of security considers how to minimize the amount of data that would be compromised if your data were to be breached.
Switch from a mindset of "do I need to keep this?" to a mindset of "why am I not destroying this?" This is where a "Data Retention Practices" comes in.
Examples of data retention practices:
- Only keep emails in email accounts for a period of 1 year
- Emails older than this will be deleted
- Emails in any accounts that I no longer actively use will be deleted entirely
- Any email I deem important for more than 1 year will get stored outside email for a particular reason. This includes legal contracts, documents, regulatory items (taxes, employee filings, etc), software license keys, etc.
- Actively delete any sensitive information sent or received (SSN, credit card numbers, passwords, etc.)
Apply the Same Concept to Cloud Data:
Once implementing a data retention policy for the data kept in email, apply the same idea to all the places your data is stored in the cloud.
Backup and On-Disk Data Retention:
It's a good practice to make sure that you would easily survive any of your devices being stolen or lost.
This entails two major areas:
- Make sure your devices are backed up, such that they could be stolen at any time and you wouldn't lose any data
- Assume that, once stolen, attackers would be able to access any data on your device. Is all the data you keep necessary?
The browsing history and cookies in your browser can sometimes be a security risk. It's a good practice to clear these regularly. To do this:
- In Chrome: History -> History -> Clear Browsing Data
- In Safari Mobile: Settings -> Safari -> Clear History and Website Data
Go into any old accounts you used to have and do your best to remove your data from their servers. Watch out for trash - are they sitting in the trash on your account?