How to secure your personal data

While you handle your company data you do not worry as there is an elaborate system in place to take care of any crash, loss or theft. You simply focus on your work, and in case there are any eventualities, the easy way out is to call the IT guy to bail you out. But, what about personal data? More so when the corporations are now insisting on a "Chinese Wall" between official and personal data. Hence, you cannot rely on the corporate IT system for protecting your own personal data. Mostly you store it in the insecure USB drives, which sometimes get misplaced and it is always prone to corruption. Losing a USB drive loaded with your personal data is a big risk as it can be abused by someone if he gets a hand on it. Even deleting files from the drive is not much help, as data once stored in it can be easily revived using simple tools. Therefore, sensitive data on USB drives should never be stored in a clear text form. It should be secured with robust encryption software (preferably the one with "zero knowledge" - the encryption provider is not aware of the user's password) so that in case the drive gets misplaced no one will be able to read it.

But, is that enough? What if you lose the drive, or the encryption software malfunctions resulting in discrete/total corruption of files? Hence, the best practice is to store files in a secure cloud drive (Dropbox, Google Drive, Onedrive etc). Most cloud services providers offer all kinds of protection by ensuring copies of earlier versions are also stored separately so that in case the working version gets corrupted one can fall back on the previous version. But, in order to for you to leverage this feature, the data in the cloud has to be stored in a clear text form. Will you like to do that? What if someone hacks into your files? Or are you fine with the cloud service provider parsing your files to optimize the advertisement that it want to you to see (assuming you trust them with your data)?

Hence, all data stored in the cloud should also be encrypted (robust tools are available). But the problems is that as soon as you encrypt your data, you cannot use some of the protection features of the cloud service provider. The key among them is the ability to fall back to the previous versions in case the working file gets corrupted, as you will not be able to identify this file (earlier version) if you encrypt the "filenames" as well - a good practice to follow (except some encryption systems which provide a web interface). This poses some serious problems. As one cannot be absolutely sure about the fidelity of the files stored in the cloud drive - software always malfunctions, especially the ones used for encryption. The problem aggravates further when you have to deal with a very large number of files. This is for the simple reason that the impacted file will remain dormant until you need them.

So how do you deal with this problem? The best way is to mirror the same data in a different cloud drive and preferably with a different encryption software. This also is not sufficient, as it does not resolve the issue of identifying the discrete "corrupt files" in either of the mirrored systems. To resolve this issue, you need to map both the drives using a robust syncing tool (like Goodsync) which sync incrementally only the file that has changed. Hence, this tool will identify the mismatch in the mirrored files in case there is a corruption (during analysis - a process you need to run before you sync). Having identified the mismatch you can take the necessary corrective action by testing the mismatched files in both the cloud systems for accuracy.

Of the many problems of digitization like hacking, etc, this issue (securing personal data due to software malfunction) is the least discussed and debated. Hence, I thought of putting it out. I will be happy to learn from others of any alternate views and suggestions.