“I am interested in evaluating the security of my data stored via OneDrive, and whether I should make changes. I have several years of my own tax returns stored on OneDrive, also some client returns, and quite a few documents that would have sensitive client information like social security numbers as well as confidential communications. Do you have any suggestions for how I should manage this information?”
There are three considerations in assessing the security while using an online software vendor such as OneDrive, Box.com, Google Drive and others…
1. Am I personally following best practices related to how I interact with OneDrive? Some questions to ask:
- Who else knows my password?
- Does my password follow industry best practices in terms of its construction?
- Is my password unique to other passwords I use?
- Am I using two-factor authentication?
Here is an article from OneDrive regarding the subject of security.
2. Does the vendor I choose take security seriously? What is their reputation and how can I validate all of this? The short answer for OneDrive is yes. They follow industry standards and hire some of the smartest folks in the world to protect your data. This doesn’t mean it’s not without its vulnerabilities, but those are usually human error by end users. Here’s an article offering more details.
3. What’s the risk? Remember, hackers aren’t interested in sifting through millions of files to find something of value. They focus on large honeypots of data such as inventories of social security info or credit cards. This doesn’t mean there aren’t hackers out to get you, but again… it’s a long shot to find a tax return. Another way to look at this same question of risk is where else would you store those files? In a paper at your office? Maybe a janitor might sift through your files or a fire could destroy them. My point is that there is some risk everywhere.
If you have a concern about your technology, contact us. We probably have an opinion about it.