Have you encrypted your Google Drive yet?
According to breach level index, almost 13.4 billion data records have been lost or stolen since 2013.
Only 4% of breaches were “Secure Breaches” where encryption was used and the stolen data was rendered useless!
What Is Encryption?
Encryption is the process of encoding a file with a password key such that only a person with the same password can open that file.
An unauthorized person –even after gaining access – cannot open or read the file. A Google Drive encryption software encodes files and folders present in the Drive.
The process of Google Drive encryption and decryption is described below.
Google Drive Encryption and Decryption Process
- The source file is taken.
- Its content is encrypted with the AES 256 algorithm.
- The new file is uploaded to the Drive with the same title and a “.syscloud” extension.
- The new encrypted file is downloaded and decrypted to verify whether the content is decrypted properly without corruption.
- After verification, the source file is removed and the new decrypted file is retained.
Note: The password for the encrypted file is encrypted and stored in the encryption software database. This is used to recover the file when a user forgets or loses the password.
Drive encryption can be classified based on:
- Whether the data is at rest or moving, and
- Whether default security or drive encryption is used for protection.
Types of Google Drive Encryption
Google Drive Encryption at Rest
Google Drive encryption at rest refers to files that are not moving between users.
There are two levels of security here:
1. Default Behavior:
- Once users log in to their Google Drive account and try to access a file, it is decrypted and presented for viewing or editing.
- No further file-specific password keys are required. This basic level of login security is a default Google protection.
2. With Drive Encryption Software:
- Files encrypted using a drive encryption software prompt users to enter password keys before opening the file.
- This is an additional level of security that helps in the event of default-level protection compromise.
Google Drive Encryption in Transit
Drive encryption in transit is the type of encryption whereby Google Drive file links or attachments are sent to other users – both inside and outside the domain.
There are two levels of security here as well:
1. Default Behavior:
- If the receiver has access permission – authorized or unauthorized (through illegal means like hacking) – the file is unencrypted and presented for viewing or editing.
- No further file-specific password keys are required.
2. With Drive Encryption Software:
- Files encrypted using a drive encryption software requires the receiver to input the password for that specific file before opening it – regardless of whether the receiver has access permission or not.
- The files on Google Drive can be encrypted separately or together in a folder.
- Once a folder is encrypted, all the files in the folder will be automatically encrypted.
Do You Really Need a Third-Party Google Drive Encryption Tool?
Be it a business or even an individual, you need a Google Drive encryption software to protect your data from various attacks and malware and to prevent theft and misuse of business-critical and sensitive data. Click here to encrypt your Google Drive for free.
Why Should Businesses Encrypt Google Drive?
There are many reasons for businesses to encrypt Google Drive. Some of them are given below.
1. Data Theft and Leaks
When a user accidentally or deliberately shares Google Drive files containing sensitive data to other users – insiders or third parties – or attackers (phishing), it leads to data leaks and theft.
Besides sharing, using an application or a search engine without checking access permissions can lead to leak of critical data.
In July 2018, the Russian search engine Yandex had leaked data from Google Docs through search engine indexing.
While displaying search results, Yandex had discovered data from Google Docs that had not been protected by privacy settings.
In the span of few hours, the search engine had found passwords and personal data of users, corporate files and even confidential information about Moscow officials raising the turnout at the mayoral election.
The shocking fact is that Yandex is the 5th largest search engine in the world!
2. Laws & Regulations
Laws like HIPAA, SOX, and PCI regulation make it mandatory for sensitive information to be encrypted with strong keys.
Non-compliance could result in heavy fines and possible jail terms.
In February 2018, Jeffrey Luke – a former behavioral analyst at the Transformations Autism Treatment Center (TACT) – had stolen the confidential health information of patients following termination.
Successful phishing attacks can cause users to mistakenly send sensitive Drive document links and access permissions to attackers, giving them entry to sensitive data.
In the example given below, the phisher had shared a Google Doc with users, asking them to click on the link to view the file.
Once the users clicked on the file, their Gmail credentials and the files connected to those Gmail accounts had been compromised, leading to theft of sensitive business data.
Try SysCloud Google Drive Encryption!
Users install third-party Google Drive applications such as file editing applications or games.
Some of these third-party applications request permissions during installation and gain access to the Google Drive content, which may include sensitive data.
In February 2018, Shurl0ckr, a form of Gojdue ransomware, was not detected by the in-built anti-malware on either Google or Microsoft Office 365.
This ransomware was distributed through phishing or downloaded through Drive. After gaining entry, the ransomware encrypted the Google Drive and OneDrive files till the ransom was paid.
Ransomware bots are always looking to compromise user’s system drives using spyware.
While installing applications, users might accidentally install malware.
Once this malware is successful in gaining entry into a user’s system, they encrypt files on the system’s drive and demand ransom in exchange for the password to decrypt files.
Petya is a ransomware that infects a specific computer, encrypts the user data on it, and displays a message explaining the process of retrieving their data – how to pay in Bitcoin to get the keys for accessing their data.
The NotPetya virus is similar to Petya in several ways: encrypts the master file table with a password and flashes a Bitcoin ransom to recover the files, but the difference was that it encrypted everything, spread on its own, and damaged files beyond repair.
Check out these Gmail settings to protect your Gmail against ransomware and other phishing attacks.
What Could Google Sync Do with Ransomware-Infected Files?
If you have enabled your system drive to sync with Google Drive, the ransomware can also get synced to your Google Drive and infect the Drive files.
If you have collaborators on your files, the malware can easily use the file to gain entry and encrypt their Google Drive.
This could set off a chain of attacks on everyone that have collaborated with one another through Drive files.
This is why organizations must use a Google Drive encryption software to secure their sensitive data.
Moreover, using software to encrypt Google Drive has its own advantages.
Benefits of Encrypting Google Drive
Stop Data Leaks & Theft
Encrypting Google Drive files is the only way to keep your sensitive Google Drive documents 100 % data leak & theft proof!
Meet Regulatory Requirements
Drive Encryption is mandatory for compliance with laws and regulations including HIPAA, SOX, and PCI.
Encryption allows an organization to rest assured that their sensitive valuable data is safe regardless of any data breach.
Also, folder-level encryption allows a team to share a common folder(s) where they can place sensitive data and use the common password for decrypting/encrypting.
This strikes a good balance between convenience and security.
Similar to organizations, individual users can also face threats and attacks as long as they use the internet, since an individual user’s data can also be easily stolen, phished, and misused.
Why Should Individual Users Encrypt Google Drive?
Following are some of the top reasons for individuals to encrypt files on Google Drive.
1. Stolen Devices
The number of people using smartphones is expected to reach 250 million in 2019.
Since it is mandatory to log in using the Gmail account, losing the phone linked to G Suite could potentially place all of the Google Apps data at risk – including photos and important data.
2. Wrong Sender Address
Changing just a single character in an email address could result in sending the email/file link unintentionally to an unknown person, compromising private data.
If the user doesn’t notice and unsend it on time, it can never be undone!
3. Using Public Computer
Sometimes, people use public computers to access important data on their Drive.
In case they forget to log out or accidentally leave the files open, it could lead to data theft and misuse.
4. Hacking and Phishing
With hacking and phishing on the rise, setting a weak password, writing it down, or just clicking on a link sent by ‘trusted’ people is enough to compromise an email account and its associated data.
Whereas, if data is encrypted, even when accessed, it would be rendered useless.
How to Encrypt Files and Folders on Google Drive Using a Third-Party Software?
By installing a third-party Google Drive Encryption software, you can easily encrypt and store files and folders on both Google Drive and Team Drive.
Let’s see how.
1. File Encryption: How to Install a Drive Encryption Software and Encrypt a File
1. Click here to install the SysCloud Google Drive encryption application.
2. Open Google Drive. Right-click on the file and choose the “SysCloud Encryption for Google Drive” option.
3. Enter and confirm your password by clicking on the “Encrypt” option.
4. When you share this encrypted file, it will prompt the user to enter the password to open the file.
2. Folder Encryption: How to Encrypt a Folder in Google Drive?
Follow these steps to encrypt a Google Drive folder:
1. Log in to your G Suite account, right-click on the required folder and choose the “SysCloud Encryption for Google Drive” option.
2. Enter and confirm your password by clicking on the “Encrypt” option.
3. When you share this encrypted folder, it will prompt the user to enter the password to open any file in the folder.
Note: Encrypting a folder will automatically encrypt all the files inside the folder.
3. How to Encrypt a File in Team Drive?
- After installing the SysCloud encryption software, sign in to your G Suite account and open your Team Drive.
- Select the drive, right-click on the file or folder you want to encrypt, and choose the “SysCloud Encryption for Google Drive” option.
- Enter and confirm your password by clicking on the “Encrypt” option.
- When you share this encrypted folder, it will prompt the user to enter the password to open any file in the folder.
Note: Encrypting a folder will automatically encrypt all the files inside the folder.
How to Decrypt Files and Folders on Google Drive Using a Third-Party Software?
How to Open an Encrypted File/Folder Shared with You?
1. You would have received the encryption notification email once the shared file is encrypted. Click on the “open” option to open the encrypted Drive file.
2. Click on the “Open with” drop-down box and select the “SysCloud Encryption for Google Drive” option.
3. Click on the “Decrypt” button and enter the password for unlocking the file.
Google Drive Encryption FAQs
1. What is Google Drive file encryption?
You can encrypt a file with a password using the Google Drive encryption application. This application can be installed on your Google Drive account or for your entire domain by a G suite Administrator. To know more, read how to encrypt files and folders on Google Drive using a third-party software?
3. What is Google Drive folder-level encryption?
You can encrypt an entire folder with a password using a Google Drive encryption application. The same password will be applicable to all files within the encrypted folder. New files placed within that folder are also automatically encrypted. This is very helpful for a team of people working together, as they can share a common password and collaborate on sensitive data files. To know more, read how to encrypt a folder in Google Drive?
4. Can an edited file be encrypted again?
When files are decrypted for editing, they will be automatically encrypted again by the Google Drive Encryption software after fifteen minutes of inactivity.
5. Can you encrypt Google Team Drive files and folders?
Yes, you can encrypt any file or folder on your Drive, as well as any file or folder that you own in a Team Drive. To know about encrypting a Google Team Drive using a third-party tool, read how to encrypt a file in Team Drive?
6. How do you open an encrypted file? Do I have to enter the password each time to access my encrypted files?
The owners of files need not enter the password to access their files. The other users – collaborators – having access to the file will need to provide the password to open the file.
7. Does Google Drive encrypt files?
Google Drive uses 128-bit AES keys to encrypt files at rest and protects files in motion with a 256-bit SSL/TLS encryption. SysCloud Application uses 256-bit AES encryption for both data at rest and in motion. For more information on how to encrypt Google Drive, read the Google Drive encryption and decryption process.
8. What does Google Drive encryption do? How does it work?
The process of encryption involves making a copy of the original and encrypting that file and then deleting the original Drive file. The Google Drive encryption software uses encryption algorithms to do this task.
9. How do you decrypt a file?
Files can be decrypted by providing the password. Files can also be opened by G suite administrators after resetting the password or removing encryption from the Google Drive encryption software console.
10. Can I send encrypted files to people outside my organization?
Yes, you can send Google Drive encrypted files or encrypted file links to users outside your organization. All you have to do is share the file or folder link and provide the password to them.
11. What are the risks of using a Google Drive encryption software?
If the Google Drive encryption software does not have a way for G Suite admins to reset password or remove encryption, there could be a risk of losing access to files when owners of files leave the company or forget their passwords. The SysCloud Drive encryption application allows admin to reset keys across all users in the domain. The other risk is the maker of the encryption software themselves being compromised by attackers, thus exposing all their customers. SysCloud Drive encryption software uses a combination of private key – which the only customer has – with the public key, which is specific to a customer, thus giving absolute protection and eliminating risk.
12. How can an external receiver open the encrypted file?
They would have to install the encryption software on their G suite Drive account or Gmail account. Then, they can open the file with the password you have given to them. To see how an external receiver can open the encrypted file, read how to decrypt files and folders on Google Drive using a third-party software?
13. Is Google Drive encryption secure and always on?
The files on your Google Drive application or folder are stored on servers in secure data centers. Google encrypts data at rest as well as transition. However, it is not as safe as having a Drive encryption software – a hacker could easily gain access to your Drive files if they have your login credentials.
A Drive encryption software like SysCloud has the following features to ensure data security.
Our content-aware encryption service can automatically encrypt sensitive data. We use 256-bit encryption – one of the most secure encryptions. This allows organizations to automatically encrypt sensitive data, as it is found in real-time.
The encryption keys are securely stored and maintained by SysCloud. Administrators can reset passwords assigned by any user for one or more of their documents from the SysCloud application. This is useful in managing the encryption of your data, especially when users – the file owners – leave the organization.
All documents added to an encrypted folder are automatically locked using the same password credentials. This allows organizations to store sensitive data in common folders without worrying about individual user encryption.
Encrypted file key management
The user holds the password keys and G Suite admins can reset or remove encryption. It is recommended to always have strong passwords.
Backup and restore of encrypted files and folders
The backup and restore of the encrypted files and folders are done in the encrypted form to protect data at rest and during transition.
14. What happens if Drive encryption service is unavailable or offline? Can users still open the file?
Ideally, a drive encryption application must have primary and secondary sites. For example, SysCloud’s primary site app.syscloud.com is disaster-ready with high availability. Also, in the rare case that all primary site servers are down, a secondary site will always be running as failover site to decrypt the files.
15. How is encryption affected when the file owner’s G suite account is suspended?
File owners whose accounts are suspended cannot access files. Collaborators will be able to access the files by entering the password.
16. Can G Suite administrators decrypt files and folders in bulk across the domain?
G Suite admins can remove/add encryption item-wise – file or folder – or in bulk.
Follow these steps do it with SysCloud’s Google Drive Encryption.
1. Log in to Gmail with your G Suite credentials. Click on the “Google Apps” icon and select the “SysCloud Security And Backup” option.
Note: You have to first install the SysCloud Security and Backup application from the G Suite marketplace, if you have not installed already.
2. Under the “Data Loss Prevention” module, select the “Reports” option and click on the “Document Sharing Insights” option.
3. Click on the search bar, set the drop-down beneath the “Encrypted” section as “Yes,” and click on the search button.
4. Select the files, click on “Actions,” and select the “Remove Encryption” option.
5. You can open those files and encrypt them again.
Note: You can also select a user account in the “Owner” filter to search for a specific person’s files and decrypting them.
17. Is there a way to decrypt or change ownership and still have encryption in place?
If a user account is suspended, we change ownership of their Drive files.
Encryption software like the one from SysCloud has an option for permitting the admin to change the password – Either single or in bulk. This is done by removing the encryption and encrypting the data again with the new password. In the SysCloud Google Drive Encryption application console, G Suite admins can filter the documents report by their corresponding owner under the DLP menu option for encrypted documents and then change the ownership by removing the encryption and encrypting with a new password.
18. Can Google Drive sync still be used along with Drive encryption?If an encrypted file is synced to the local machine, is there a process to decrypt it off-line, or does that only work via Drive web interface?
Drive encryption works only with the Drive web interface. If you want the decrypted content on the local machine, then you should decrypt it online and sync it.