Is Google Drive Secure? (Plus Our Best Security Tips)
The cloud is a great way to store your files, and Google Drive is easily one of the most popular cloud storage services. Chances are, you may already be one of its more than 1 billion users. With such a massive user base and backing by one of the largest tech companies in the world, it’s got to be pretty secure, right? Well, not exactly.
After all — anything can be hacked. If it’s connected to the Internet, with enough time and resources, it can be hacked. However, having enough security measures in place can deter most hackers from attempting to break in. If it’s not worth the money and time that goes into it, why would they bother?
Now, on to the topic at hand: does Google Drive have enough of these security measures to deter most, if not all, attackers? Just how safe is it? What can you do to boost your own security on Google Drive?
Whether you’re curious about the answers to these questions or are looking for a more secure alternative to Google Drive, we’ve got you covered. We’ll tackle all of these topics (and some extra ones) in this article! So, what’re you waiting for? Read on!
First, What Is Google Drive?
Simply put, Google Drive is a cloud storage service owned and developed by Google. It allows users to store up to 15 GB of files and access them from any computer, tablet, or mobile device for free. For $12 per month, users can expand this capacity to 2 TB and access additional features, such as a shared team drive and group-based security controls.
Google Drive also has a desktop application for Windows and Macs that lets you sync up as well as back up specific folders on your computer directly to Google’s cloud. You can also install the Google Drive app on Android or iOS to access your files on your phone.
Is Google Drive Safe?
Generally speaking, Google Drive is a pretty safe bet for your non-sensitive files. However, that does not mean that it’s 100% secure. Although Google’s services are pretty well-protected against most attacks, these protections do not extend to you.
For example, although Google uses multiple protection and encryption measures, they do not protect you from poor password choices, targeted phishing attacks, or malware infections.
You usually don’t have to worry about sophisticated attacks that aim to break into Google’s servers. After all, according to Verizon, phishing attempts are responsible for “80% of malware infections and nearly 95% of all espionage attacks.”
What are Google Drive’s key security features?
Despite this, however, Google Drive still has multiple security features to protect you from threats outside of phishing attacks:
First and foremost, Google encrypts your files as they are transmitted and while they are stored. Files at rest and in transit are encrypted with 256-bit AES encryption, which is the industry standard for securing and encrypting your files.
Second, Google also sometimes proactively scans your files for malware, spam, ransomware, or phishing, removing them as needed when they are found. In addition, Google Drive also has a two-factor authentication (2FA) feature, which helps you add yet another layer of security to your account.
Finally, in a more recent update, Google has started implementing client-side encryption (which we’ll get into in the next section), albeit only for Google Workspaces.
But Google Drive Does Have Security Issues
Google Drive has several security features, but it’s not without its flaws.
To put things into perspective, take Linus Tech Tips — one of the biggest tech channels on YouTube — who was recently hacked.
How did this happen? Did an elite squad of hackers huddled up in a dark room break into their servers like a 90s movie — complete with a montage set to some funky music?
Nope. It’s way simpler than that: one of their employees opened up some malware disguised as a PDF from what they thought was a potential sponsor, and that was it. A few minutes later, all of their YouTube channels were compromised and started broadcasting crypto scam live streams.
This brings us to the big issue:
- Google’s malware scanner has its limits
Google’s built-in scanner is … lacking, to say the least.
If it can happen to them, it can happen to you. For example, remember how Google scans your files for malware? That isn’t always the case.
Google only scans files that are smaller than 100 MB. So if somebody artificially bloats up a malware file to be more than 100 MB, Google won’t scan that file—regardless of how many Trojans or viruses it may contain.
Although Google’s anti-malware scanner is pretty reliable, it’s not a comprehensive solution that protects you against everything. - A lack of zero-knowledge encryptionNext up is zero-knowledge encryption — while Google recently added client-side encryption to Google Workspace, it’s still a pretty early implementation, so it’s a bit rough around the edges to configure.
Also, not all of your files’ parameters are encrypted. Google itself states that your file titles, metadata (e.g., owner, creator, date last modified), Drive labels, and user preferences are not encrypted with zero-knowledge encryption. - Rogue employees
Google’s somewhat anemic implementation of zero-knowledge encryption could prove disastrous, especially when taking rogue employees into account.
Finally, like every company, Google is just as vulnerable to rogue employees. Although it wasn’t exactly a hack, some Google partners leaked more than 1,000 sound recordings of private conversations in 2019 to a Belgian news site.
Let’s apply this to Google Drive: without a universal application of zero-knowledge encryption, what’s stopping a rogue Google employee from just browsing your files or worse — leaking them?
So, just how secure is Google Drive?
Simply put, Google’s encryption and malware-scanning policies are plenty adequate for most people. And if you’re pretty tech-savvy and confident in your digital security skills, Google Drive’s simple but wide-ranging security measures should suffice for storing any of your files that are not too precious.
4 Ways To Strengthen Your Google Drive Security
On the other hand, if you’re a tech newbie or somebody who wants the absolute best in cloud storage security, you may have to look elsewhere… or beef up Google Drive’s security even further. Here are some of our best tips:
1. Use a strong password
Your password should be your closely guarded secret. You’re not being clever when you use “Password” as your password—you’re just falling down the same hole that millions of people have fallen into, and suffered as a result.
Birthdays and pet names won’t work either—if you can search for your name on Google, what’s stopping a would-be hacker from stalking your Instagram to see a recent birthday celebration or a few candid pictures with a beloved pet? If it can be Googled—don’t use it.
Oh, and another thing: never reuse the same password across multiple accounts. When you make a password, it’s best to replace certain letters with numbers, mix up the capitalization, and use symbols every now and then.
If that sounds a bit too complicated (or if you’re a pretty forgetful person), don’t worry! Password managers can generate and store your passwords for you, ensuring that you won’t have to worry about misremembering anything ever again!
2. Use two-factor authentication
Next, make use of Google’s 2FA feature. It’s free, and it’s incredibly useful for warding off any would-be hackers. Basically, 2FA works by requiring two factors (hence the name) to authenticate your login.
For example, when you log into Google Drive on your computer, you may be asked to confirm this login on your phone. This ensures that you’re actually the one that’s logging in, and that any attackers would have to get a hold of your phone first before being able to access your account (which may be a pretty hard thing to do if they’re half the world away).
3. Watch out for suspicious files and emails
As we’ve mentioned above, phishing is one of the biggest problems when it comes to online security, and you should be extremely wary of any phishing attempts. If a hacker gets access to your Gmail account, they can access every other service that’s part of Google’s catalog, such as Google Drive, YouTube, and so on.
As such, when you receive an email with an attachment, check the sender’s email address very carefully. Watch out for any misspellings or a suspicious-looking website.
For example, most businesses wouldn’t just use a simple Gmail address; alternatively, you can simply perform an online search of the sender’s website, just to be safe.
Also, be on the lookout for shady-looking attachments: for instance, a PDF file that’s more than 100 MB is a pretty big red flag. Unless they’re sending you an entire magazine or a bunch of very HD photos in a PDF catalog, there’s no way a PDF file that’s sent would exceed 100 MB.
If you absolutely have to open such a PDF, make sure to perform a malware scan on it first before opening it.
4. Check your documents, devices, and apps
You should regularly check who has access to the files on your Google Drive, especially if you’re the type to share files and permissions with other users.
It’s also worthwhile to look into the devices and third-party apps that have access to your Google account. If you’ve recently bought a new phone, you can sign out from your old phone (as well as any other devices that you may have logged your Google account in) remotely as follows:
- Go to your Google account’s Security page.
- Scroll down to the section titled “Your devices,” and then click on “Manage all devices.”
- Click on any device that you wish to sign out of remotely, and then click on “Sign out” in the window that appears.
To prevent apps from accessing your Google account, on the other hand, do the following steps:
- Go to your Google account’s Security page.
- Scroll down to the section titled “Third-party apps with account access,” and then click on “Manage third-party access.”
- Select the app(s) that you want to remove access from, click on “REMOVE ACCESS,” and then click “OK” in the small window that pops up.
Top Google Drive Alternatives For Storing Important Files
Here’s a thought: instead of worrying about all of these security additions, what about just switching to a more secure storage platform? You won’t have to stress about setting all these settings up, and your files will be more secure from the get-go. That sounds better, right?
Well, if you’re looking for a more secure alternative to Google Drive that requires minimal setup, here are the best cloud storage services that we’ve found:
1. Internxt
First up is Internxt, which is an alternative to Google Drive that offers cloud storage services coupled with end-to-end, zero-knowledge encryption. It is highly secure, utilizing AES-256 encryption and complying with the privacy regulations stipulated by the European GDPR, ensuring the privacy and security of your precious files.
Price-wise, Internxt offers a bevy of unique and affordable options: all users can avail of 10 GB of storage for free, and for a little less than a dollar (around $0.96) per month, they can increase this capacity to 20 GB.
Internxt also offers a lifetime payment option: by paying a one-time €149 (around $161) fee, you’ll get 2 TB of storage permanently, making Internxt especially attractive for those turned off by most cloud storage services’ monthly payment models.
2. NordLocker
Next comes NordLocker, which is another highly secure cloud storage alternative to Google Drive. It also boasts AES-256 encryption, but also comes bundled with a more expansive set of security features, such as zero-knowledge encryption as well as automatic backups, guaranteeing the privacy and safety of your files from hackers, malware, and accidental deletions!
All of these features are offered at a very affordable price point: for $2.99 a month, you’ll get a 500 GB-capacity vault in NordLocker’s heavily protected cloud.
Alternatively, if you want to test out NordLocker’s formidable bunch of features, you can get 3 GB of storage for free, just to test out how quick and secure their servers are.
3. Sync.com
Finally, Sync.com needs no introduction—we’ve touted its obsession with security as its best feature, and we’re not going to take that back.
In addition to the standard fare of zero-knowledge, 256-bit AES encryption, Sync has also made it a point to adhere to the following privacy laws:
- HIPAA (US)
- PIPEDA (Canada)
- PHIPA (Canada)
- GDPR (EU)
Given Sync’s commitment to these laws, it’s pretty easy to see just how far they’ll go to protect your files’ privacy and security. If that still isn’t enough, they also offer notifications whenever your shared files are accessed as well as an expiry date for these shared files, making their security as hands-free of a process as possible.
Even better? All of these features come wrapped up in an easy-to-use interface that beginners and veterans alike will love, and Sync’s app works on Windows, Mac, and mobile devices, allowing you to take your files anywhere (as long as you have an Internet connection).
With all of these features, you might think that Sync is a very expensive product. Wrong! Sync lets you store 5 GB of your files for free, and their paid options start at $8 a month for a whopping 2 TB of storage. How’s that for a good deal?
Hold the Wheel and (Google) Drive
Although Google Drive is a pretty powerful tool that lets you easily store, organize, and collaborate on various files, it isn’t exactly the best when it comes to security. Its security features are about as bog-standard as they can get in the industry.
If you want to ensure your files’ security on Google’s cloud, consider the 4 handy tips that we’ve listed above. But if you want the best when it comes to security, don’t settle for anything less than zero-knowledge encryption—something that’s offered by all three of our recommended storage alternatives, in addition to a plethora of productivity and security features.
