How safe is it to store your financial records in the cloud?
The move by financial services providers towards electronic communication may be a convenient and reliable way for customers to receive statements and other documents, but it also means the safe storage of documents is becoming increasingly important.
Since important documents stored on computers can be lost if the computer is stolen or the system crashes, many South Africans are turning to cloud-storage platforms such as Dropbox, Google Drive, iCloud and Microsoft OneDrive to keep their documents safe.
Aside from the benefit of having all your documents in one place, cloud storage allows them to be accessed from multiple devices.
Of course, there are some important documents - such as the title deed to your home, original policy documents and your original, signed will - that you need to store securely in a safe or a security box at a bank.
Cloud storage platforms save you the effort of managing your own storage, buying hard drives, monitoring them for errors, replacing them when they break, making backups and buying more when you run out of space, says Dominic White, chief technical officer at IT security company SensePost.
"The cloud, essentially the computer system of firms specialising in electronic storage, will do it all for you," he says.
Financial services companies such as Momentum and online tax service provider TaxTim have also stepped in to offer electronic document storage to consumers.
Marc Sevitz, director of TaxTim, says you may receive tax documents from, for instance, your medical scheme on your home e-mail and IRP5s on your work e-mail.
You can forward these documents to a dedicated e-mail that TaxTim provides as you receive them and TaxTim will place the documents in its own storage archive. This means that when you complete your tax return on the TaxTim website, all the documents are available to you in one place. Assessments from the South African Revenue Service (Sars) will also be stored for you on your TaxTim profile, he says.
Layers of protection
Sars requires you to keep documentary proof of tax deductions for five years and Sevitz says that as long as you are a registered user of TaxTim, your documents will be securely retained. Everything you type into TaxTim is sent to its servers over an encrypted connection - just like your bank uses - which means your information cannot be intercepted. Furthermore, client data is backed up automatically every day, and stored in an encrypted state, safe from potential hackers, Sevitz says.
Momentum offers a secure cyberspace filing cabinet called MyFiling in which you can store important documents. These can be accessed via the web from anywhere in the world. According to Frikkie Cronje, chief information officer of Momentum Retail, you do not have to use Momentum products to use MyFiling. You just need to register for the service on the Momentum website.
Registered users can access their own documents and share them with people involved in their financial affairs, such as a financial adviser, accountant or banker. Documents can only be accessed by the clients themselves and are not available to any Momentum employees.
Cronje says all documents and information you store on Momentum's MyFiling service is encrypted from your browser until it is stored safely on the Momentum platform. "We do not believe that e-mail is a secure way for the service to receive documents. The user has to log into the system in order to store any documents," Cronje says.
Users upload their documents to a designated part of Momentum's network infra-structure, which offers an extra layer of protection.
Safety is in your hands
Jim Green, chief technology officer of cybersecurity firm Secnovate, says the biggest risk with cloud storage actually lies with you, the user, rather than the service provider.
This is no different to banking, Green adds. Accessing your money through a card, ATM, internet or mobile app is only as secure as you keep your credentials. If someone gets your PIN and bank card, then fraudsters can access your money, he says.
Similarly, if you disclose your login details for your cloud storage by responding to a phishing e-mail, or your computer is infected with malware that intercepts and records your login details, then the attacker can gain access to your account.
This type of breach, which happens often, is not necessarily a reflection of the security of the cloud storage service, Green says.
White concurs and adds that the security risk his firm sees most often is phishing e-mails that lure users into giving up their Google or Dropbox passwords.
Green says you should work from the premise that there will always be some measure of risk that your storage account could be compromised, either by a lapse or breach of security at the provider, or as is more likely, when your access device gets compromised.