Google Drive security: How to protect your documents in the cloud

4 min read
Google Drive application icon
Image credit: Depositphotos

More than ever these days, we appreciate the value of storing documents in the cloud. Every day, we rely on Google Drive and other cloud storage apps to store and access photos and documents from everywhere in the world, and to share them with friends and colleagues.

But like every other useful online application that captures a considerable part of our digital lives, Google Drive can become dangerous if left unsecured. Google Drive security can be a bit tricky, and if you use the app very often, you might end up leaving sensitive files accessible to the wrong people.

Here are some key tips to ensure the privacy and protection of your Google Drive documents.

Enable two-factor authentication

Securing every online account starts with hardening login access. If a malicious actor obtains the password to your account, either by guessing it or ensnaring you in a phishing trap, they will be able to access all your Google Drive files as well as your Gmail message, your Hangout chats, Google Search history, and any other sensitive information stored in your Google account.

Fortunately for Google, its suite of unified services has very good login security options, including two-factor authentication. When enabled, two-factor authentication (2FA) requires every user to provide two pieces of information before being able to access a Google Account, such as a password and a one-time passcode sent to a mobile app.

Enabling 2FA on your Google Drive will make sure that in case a hacker finds out your password, they still won’t be able to access your account. Find out more about Google Account 2FA here. Note that the two-factor authentication setting will apply to all your Google Account applications, including Google Drive, Gmail, YouTube, Blogger, and others.

One consideration about 2FA is that Google has integrated a bypass mechanism for when you forget your password or lose your second-factor device. In that case, you can recover your account through a backup email or your associated phone number. While this makes sure you don’t lose access to your account, it also means that someone who gains access to your backup email or phone will be able to take over your account and access your Google Drive.

To make your account absolutely bullet-proof, you can consider enabling Google’s Advanced Protection Program, which will improve the security of your account but will also make it harder to recover it if you forget the password.

Never use link-sharing in Google Drive

One of the key features of Google Drive the ability to share and collaborate on documents. Google Drive has a rich set of sharing options to give you maximum flexibility and convenience. But some of these options come with security tradeoffs.

One of these features is link-sharing, an option that enables you to share the document with anyone by sending them a URL.

Google Drive link-sharing
Link-sharing enables you to give anyone access to any Google Drive document by sending them a URL.

Google Drive Link-sharing is convenient especially when you want to share a document with a large group of people. It spares you the pain of manually entering their email addresses for every document.

But when you enable link-sharing, anyone with the URL will be able to access the document.

And as I have documented in these pages before, your supposedly private Google Drive files can be discovered in unexpected ways when you enable link-sharing.

The truth is, security and privacy come at a price, and in most cases, that price is to give up a bit of comfort and convenience. But in the long run, the frustration of entering a few dozen email addresses is nothing compare to the security nightmare of having sensitive Google Drive files fall into the wrong hands.

Use Google Groups to avoid using link sharing

If you find yourself entering the same email addresses again and again, Google Groups provides a convenient solution that can lift some of the burden. Google Drive enables you to share files and folders with Google Groups, a feature that many people are not aware of.

You can create a Google Group and add the people with whom you want to share files. After that, sharing files with the group will be like sharing it with individual accounts—you just need to add the address of the group in the Google Drive sharing dialog to share a file with the entire group.

Google Group file sharing
Sharing files with Google Groups relieves you of the hassle of entering email addresses individually.

One of the key benefits of sharing with Google Groups is centralized management. Adding anyone to a Group will immediately give them access to all the files that have been shared with the group. Removing a user from the Group will immediately revoke their access from Google Drive files and folders shared with the Group.

Use Google Drive’s folder-sharing feature with caution

Say you’re working on a project with 20 other people and you want all of them to access and collaborate on the project’s documents. One convenient solution is to create a Google Drive folder for your project and share it with all the people who want to work on its documents.

As long as you don’t use link-sharing to make the folder accessible to team members, this is a safe approach. But here are a few tips to harden the security of your shared Google Drive folder:

  • Share the folder in the “Viewer” mode and only give edit access on documents that need to be modified by other users. This is called the “principle of least privilege”: Start with minimum access rights and gradually increase permissions where needed. Unless you absolutely must, don’t use the default “Editor” option on the entire folder.
Google Drive sharing viewer mode
Share Google Drive files in “Viewer” mode and only apply “Editor” privileges where absolutely necessary.
  • If you’re giving “Edit” permission to collaborators, disable the “Editors can change permissions and share” option unless you explicitly want to enable it. You’ll find it by clicking on the gear button in the top right corner of the share dialog. Leaving this option enabled will allow all your team members to make the folder accessible to other people, not a good security practice.
Google Drive editor permissions
Be careful when giving editors permission to share your Google Drive files and folders with other users.

Keep track of your shared documents in Google Drive

A good security practice for Google Drive sharing is to periodically review the documents you’ve shared with other people and unshare old documents and folders or revoke access for users who are no longer on your projects or teams.

Unfortunately, Google Drive doesn’t have a central location where you can see all your shared documents and folders (hopefully, Google will add this feature in the future).

Here are a few ways to work around this shortcoming:

  • Store all your shared documents and folders in one high-level folder. This will enable you to immediately see all the items you’ve shared with other people.
  • In case you’re working on many different projects and want to keep your shared documents in their respective folder hierarchies, create a “shared” folder in each project directory, and put all your shared documents in that folder. You can then use Google Drive’s advanced search feature to quickly find and review all folders named “shared” in your drive.
Google Drive advanced search
You can use Google Drive’s advanced search feature to quickly find all folders you’ve named “shared”

Keep your Google Drive secure

Google Drive security hinges on protecting your account from unwanted access and making sure that you use the right sharing settings. With these tips, you’ll be able to use this powerful cloud storage tool to your convenience while avoiding security mishaps.

1 COMMENT

  1. If you are thinking of moving to Google Drive, I would recommend using Movebot.io – it’s a user friendly and safe way to move your files.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.