For as long as I can remember I’ve owned this file box. I’ve kept receipts, tax documents, my college transcript, auto records, insurance info, military paperwork, and other important documentation. Not anymore. This week I borrowed a scanner and converted it all to digital. Then I encrypted everything and uploaded it to two cloud servers. Afterward, I deleted the local copies and shredded all the papers.
For the first time in my adult life, I am 100% paperless. And it feels great.
Why Go Paperless?
When I went through my files, I saw my Social Security Number on many papers. There was also my birthdate, address, my signature, and numerous other clues someone could use to steal my identity. Now I could go through the effort and expense of getting a vault that is fireproof and can’t be removed or a safe deposit box, but I prefer a free solution that allows me quick and secure access to my important data from anywhere in the world.
#1 Scan Everything
After scanning everything into either PDF or an image file, I built a directory and started sorting. In addition to the files I scanned, I went folder by folder on my hard drive looking for anything that was sensitive data. If I didn’t need it, I deleted it. Otherwise, I moved it into the new directory.
By the way, I gave the folder a unique name that would draw little attention. Even though I will encrypt this folder, I don’t want a name that will attract attention should one level of security be breached.
#2 Encrypt and Password Protect
The article How to Password Protect Files and Folders With Encryption provides some ideas on how to encrypt the folder. I used a passphrase that I know cold that is almost 30 characters in length that have never been written down anywhere. I do have a clue written down that only makes sense to me should I somehow forget part of it.
#3 Store on Cloud Servers
There are several free cloud server options out there. Their security isn’t stellar, which is one reason I did the encryption before uploading. I uploaded my encrypted file to two different ones. Each of these cloud servers is protected with a long unique password that only my password manager program knows. Getting into that program requires another very long passphrase.
Photo by Lok Leung
#4 Delete
At this point, all the sensitive data was still on my computer. It needed to delete in a way that someone with technical skills couldn’t recover. See when you delete files, they aren’t really deleted until those sectors of the drive are overwritten with new data. I used the free program Eraser (Windows). If you have a Mac, put the folder in the trash, then choose “Secure Empty Trash” from the “Finder” menu.
It is also important to delete any backup media with sensitive documents. I destroyed a few old CD backup burns.
#5 Shred
For years I had a cheap paper shredder. It did an OK job, but for this task, I wanted a top shredder. I also did not want to spend an hour hand-feeding a shredder fixing paper jams. Office Depot offers a service for 99 cents a pound that will securely and completely shred your documents.
Going Forward
All my bills now are paperless, so sensitive data won’t get intercepted in the mail. If something does come, I can deal with it as it arrives in a secure manner. I now have peace of mind knowing that if someone goes through my car, my home, or my computer they won’t find any sensitive data.
I also understand my data is still not safe. Every doctor’s office where I wrote down personal data on a form is unlikely to be nearly as secure as I would like. Banks are being hacked all the time. And years ago it was common for schools to use a person’s SSN as a primary key on their database. Hack that database and you have a goldmine of data. There is nothing I can do about that, but I do know if there is a security breach it almost certainly won’t be from my end.
The second part of the security equation is minimizing the risk that my online accounts are hacked. That will be the topic of my next post.
Txomin
Sep 14, 2014 — 9:38 pm
For proper password management, take a look at KeePass (free, open source, cross-platform). You only need to remember one password and passwords to all else can be random strings of any length and kind. As invulnerable a password strategy as it gets.
MAS
Sep 14, 2014 — 9:41 pm
@Txomin – We think alike. That will be covered in the next post.
Stephan Raczak
Sep 15, 2014 — 4:50 am
Which free cloud provider did you use?
Can you recommend any FREE cloud server with a big data volume (i.e. around 100 GB+ for storing images)?
Or is my only option to pay for one?
MAS
Sep 15, 2014 — 7:32 am
@Stephan – I use a few cloud servers, which I won’t name, for my smaller sensitive data.
For media files, which I care less about security, I use MEGA (mega.co.nz) which gives 50 GB for FREE per account. Since you have your own domain creating multiple emails shouldn’t be a problem.
Nick Apostolopoulos
Sep 16, 2014 — 10:54 am
You might want to take a look at Evernote too. Carl swears by it, and I am just now getting the hang of it. It’s nice because you can store anything, and it makes everything searchable, including hand written notes, audio files, etc.
Char
Sep 16, 2014 — 8:12 pm
How would people be able to access your accounts/sensitive information if you were somehow incapacitated? That’s something to have plans for too.
MAS
Sep 16, 2014 — 9:54 pm
@Char – I thought about that briefly, but couldn’t figure out a solution.
Intuit makes WillMaker which can handle passwords to online accounts. Not sure if it handles medical emergencies.
I am open to ideas.
Char
Sep 22, 2014 — 6:16 pm
I was hoping YOU had a plan. I feel it’s really important to think about and to have a plan for.