How do I keep notes private online?


How to keep your notes private - Image

A quick guide to keep your notes secure online.

With everyone working from home now, there is obviously less risk for keeping your notes private.

If you use the traditional method of keeping your handwritten notebooks on your desk, there will be no peeping toms at home except for maybe the kids looking for a colouring book.

But if you are using any online note-taking tool it is important to understand how to keep your notes private.

The Business Blocks


“Online apps are only as secure as you treat them”

TBB 2021

There are many different apps out there to keep you notes stored and they can be either on your phone on an app or you can keep them online, accessible via your laptop or desktop computer.

To answer the question, how do I keep notes private? To keep your notes private online you need to ensure the app that you are using is encrypted, the software is up to date (per the software platforms specifications) and that your password is unique and takes use of all the different types of characters on your keyboard.

Do not share password with friends/family or link out to your notes directly nor access the notes from devices that you are not familiar with.

In this article we will answer the questions:

  1. Practical risk vs value review of your notes
    • Are my notes worth securing?
    • How personal are the notes?
    • Are the notes for work or work related?
    • Am I storing other people’s information?
  2. Four things to do to keep your notes private?
    • Encryption – Why encryption is important for privacy.
    • Five simple security and privacy considerations for the end user.
    • Password validity and protection.
    • Enable two factor authentication.
  3. Are you notes secure online or offline?
    • Cloud hosted, local desktop or offline device.
  4. Summary: What is the best way to keep your notes private online?

Are your notes worth securing?

1. Are my notes worth securing?

A subjective question but important none the less. You should recognise the purpose of the notes and consider how much effort you would like to engage to keep them secure and private.

The time you take to manage and keep the notes secure is important as you compare the value of for example, a personal diary vs to-do list vs company financial data.

We have created a simple matrix that will give you an understanding and opportunity to assess the risk vs value of the information you want to keep secure.

Four things to consider from a risk vs value perspective:

  • Are the notes personal in nature where you may be embarrassed or lose credibility if your files were to be released and open public knowledge? We place this field in the high value, low risk. The items have high personal value but generally low risk from an exposure point and who owns the information is important to consider when considering how much effort to put into storing you notes.
  • You should review your employment contract (or a lawyer) but typically any data or information that you manage for work is owned by the company and you could be in breach of their policy and subject to loss. We place all company information in the high risk high value spot and you should take caution to manage the notes and data accordingly.
  • The bottom right of the the low value, high risk quadrant. Examples may be someone else’s personal information or images that you have in your possession. The high risk nature is that you cannot control what can happen if that person is not accepting of the information going public or being shared.
  • Finally, all other generic notes and/or to do lists that bear a low risk and low value are fine to not require a secure environment.
The Business Blocks

Four things to ensure your notes are protected and private.

1. What is data encryption and why is it important?

If you haven’t heard of encryption that is ok. Basically when you browse online you are requesting and sending data in real time and when this data is in transit, for example, making a google search. You are sending a message to google to go find information for you , they are replying with the search results and then you click through and read the information.

This may include putting in your email address and password to log into an account or in this case for storing your notes online, you are typing your notes into a browser and these are then stored on the other company’s server typically in a physical locations in a country.

Most of what you do online is encrypted, Norton Antivirus describes encryption as “the process that scrambles readable text so it can only be read by the person who has the secret code, or decryption key. It helps provide data security for sensitive information.”

Effectively, the data is stored in a scrambled format on your device and you need a key or passcode to unlock and unscramble the data. When you log into your device or app, this is the authentication to unlock and unscramble the data,

If you are using an iOS or Android Device – Check how to review your encryption on that device here.

2. Five simple security and privacy considerations for the end user.

You can use these five points as a quick guide to securing your notes:

  1. Ensure your apps are always updated and have the latest version.
  2. Check for SSL on the main website – What is SSL?
  3. Compliance to GDRP or associated country requirements – Here
  4. Location of servers, country and host – Keep as local as possible.
  5. Cloud online vs offline – Check out the comparison here.

3. Ensure your password is strong and unique

Stating the obvious here but you review the data below, we analysed each of the following passwords and the times an algorithm can take to crack in 2021.

Password strength weakens over time due to the computing power available to hackers and what were originally strong passwords in the past can now be broken quite easily.

Not only are your passwords important but also where and how you store them as well. You can check out some hacking statistics here.

The Business Blocks

4. Two factor authentication to secure your access

A common form of authorisation is called 2FA or two factor authentication. The use of this security method has become popular due to the prevalence and common access points for all software platforms.

Method 1 for 2FA – Direct to Mobile Number or Authenticator

Are you notes secure online or offline?

The less exposed/connected you are to the internet will determine how secure your notes can be stored. If you take the simplest case of writing a note with pen on paper, your exposure points include people (in and around your house) or connected devices with image capturing capability (most mobile phones or webcams), in summary low risk.

But as you become more connected online, your risk profile increases, take a word document sitting on your desktop, for it to be accessed, the computer needs to be open and online and then you need to be compromised at some stage.

Final option is a purely cloud based solution and for your login credentials to be weak and exposed to the hacker. They can simply impersonate your credentials and log in from any browser to access your files.

We have made your research a bit easier by summarising the top note taking apps and their security pages for your review.

Is there a secure notes app?

Typically company security pages on their website:

TBB ReviewPlatformSecurity/End User LicenseLegalPrivacy
Online Cloud Apps
Evernotehttps://evernote.com/Windows, Web
Mac, iOS, Android
Evernote Security PolicyEvernote Legal PolicyEvernote Privacy Policy
Roam Researchhttps://roamresearch.com/ Web, Windows,
Mac
Roam EULARoam Legal PolicyRoam Privacy Policy
NotionNotion Review Mac, Web, Windows,
iOS, Android
Notion Security PolicyNotion Legal PolicyNotion Privacy Policy
Microsoft OneNoteOneNote Web, Windows,
Mac, Linux, iOS, Android
OneNote EULAOneNote Legal PolicyOneNote Privacy Policy
Apple NotesNotes iOS, MacApple Notes EULAApple Legal PolicyApple Privacy Policy
Offline Note Apps
ObsidianObsidian Notes Review Web, Windows,
Mac, Linux, iOS, Android
Obsidian Security EULAObsidian Legal PolicyObsidian Privacy Policy
Standard Noteshttps://standardnotes.com/ Linux, Web, Windows, Mac, iOS, Android Security AuditEncryption NoticePrivacy Manifesto
Lavernahttps://laverna.cc/ Web, Windows,
Mac, Linux, iOS, Android
Open Source Open Source Open Source
Lite Writehttps://litewrite.net/ Web, Windows,
Mac, Linux, iOS, Android
Open Source Open Source Open Source
List of online and offline note taking apps and their policies relating to security and privacy.

These are many other considerations for someone serious about their data and security and each of these can be reviewed on the company websites to understand their compliance a bit further.

Security Program, Network Security, Account Security, Email Security, Product Security, Customer Segregation, Data Retention and Deletion, Media Disposal and Destruction, Activity Logging, Transport Encryption, Encryption at Rest, Resiliency / Availability, Physical Security, Privacy and Compliance.

Summary: What is the best way to keep your notes private?

Data security and breaches are becoming more prevalent in this connected world, so to store and safely secure your notes online you need to ensure you do the basics right.

To keep your notes private, you should follow the steps below:

  1. Run a little risk assessment on whether it is practical to securely store your notes in the first place with any company based notes a must.
  2. Am I storing other people’s information = Store securely.
  3. Four things to do to keep your notes private?
    • Encryption – All up to date apps are encrypted = Tick
    • Consider the 5 security and privacy tips included above.
    • Update your passwords to make them longer and more complex.
    • Enable two factor authentication wherever possible.
  4. Review the apps that best suit your risk level in the table above.
  5. Good luck and keep on writing!

John Elder

Director of Operations - The Business Blocks

Recent Posts