You are currently visiting our Basic Site. This site is used for low-bandwidth connections, mobile devices and alternative browsers.
To restore the graphics and layout, return to the Standard Site.

Skip Navigation

Welcome to epost Sign up | Sign in   to epost

Top 5 security questions
to ask your prospective online
storage provider

Ready to start storing your important personal files online using cloud storage? Before you put wallet information like credit card and bank account numbers, and medical details, insurance, wills and other household records online, check up on the storage service’s security features.

You want an online service that is trustworthy and has the security and staying power you’ll need to feel confident that your personal records are safe.

What you can do
to protect yourself

Once you’ve found an online storage site with bank-grade security, make sure you do your part to ensure the security of your personal information. Here are three things you can do to protect yourself:

1. Create strong passwords and then keep them safe. Make sure your passwords contain a mix of upper and lower case characters, use a special character (such as $, !, #, $) and numeric characters. Never share your password with anyone and don’t leave your passwords written down in easy-to-find places like under your keyboard.

2. Be aware of phishing. Phishing is when someone attempts to get information such as passwords and banking details by pretending to be a trustworthy entity. Phishing emails will often link to a fake website that looks like the real one.

If you receive an email asking you to provide personal information such as passwords, account numbers, etc., do not reply. If you believe that the contact may be legitimate, don’t select a link in an email. Instead, type the company’s website directly into your browser.

Always double-check the domain (the start of the website address, such as www.canadapost.ca/xxx or www.epost.ca/xxx) before you enter your userid or password. On the actual sign-in/sign-up page, a lock should appear on the address bar of your browser, showing that the website is from a trusted company.

3. Beware of malware. Malware is software such as computer viruses or worms that are designed to gain access to your personal information or disrupt operation of your computer. To protect yourself, make sure you don’t download programs from anyone you don’t trust, or open email attachments from people you don’t know. Install a firewall, anti-spyware and anti-virus software on your computer. Consider installing a trusted anti-malware program that can remove malware from your computer and protect it from future attacks. Read reviews of the top anti-malware providers on review websites like pcmag.com or cnet.com.

What to ask before you store:

What kind of encryption are you using?

To ensure security of your personal information, ensure your online data storage provider encrypts your data both during transmission (i.e. while you’re uploading and downloading files), and while your files are stored on their servers. Find out if they’re using internationally recognized encryption standards such as Secure Socket Layer (SSL) and the Advanced Encryption Standard (AES). Also ask if they use the same encryption key for all accounts or generate a different key for each account. The latter ensures a much higher overall level of security.

Are my files private or can you see what’s in them?

Let’s say the site encrypts your data. Is that good enough? It might be, depending on your privacy requirements, but you should know that many companies practice what’s known as “decrypt and de-duplicate”. This means that they decrypt your files and compare them to other files on their servers, so they can delete identical parts of files. This saves them money by reducing storage space required. If your privacy is important to you, make sure they do not decrypt your data.

Examine their privacy practices so you know what you are agreeing to when you sign their terms and conditions. Do they, for example, have a separate privacy notice that clearly spells out what they do with your data?

Find out how long they’ve been in business and
think about how much you trust their brand with your most private personal information.
How hack-proof are you?

Find out if the site employs bank-grade security standards. Like banks, it’s preferable that they comply with the Payment Card Industry Data Security Standard. This ensures they have a secure network, manage vulnerabilities such as viruses, have strong access controls, and submit to an auditing process to ensure compliance with the security standard. In addition, they should employ security experts or ethical hackers to test their site frequently.

Where is my data stored and do you have disaster recovery plans in place?

Find out where the site’s servers are located. They may store your data outside of Canada and be subject to the privacy laws of a different country. Do they have at least a level 3 data centre? Be sure they have disaster recovery plans in place that include multiple redundant independent power supplies, replication of data in real-time to disaster recovery servers and ideally that they copy all data onto tape for off-site backups in another city.

What will happen to my data if you go bankrupt or get bought?

Many of today’s online cloud storage providers are start-up companies. This means some of them won’t be around by this time next year. Find out how long they’ve been in business and think about how much you trust their brand with your most private personal information. If they go bankrupt, you may be given little or no advance notice and will be responsible for downloading all your files and finding another solution.



Try it NOW
or take the tour
*When you select Try it NOW, you'll be prompted to sign up for a free epostTM account. Once you're signed in to epost, select the Vault tab to complete your registration.