The best way to store important documents – before disaster hits

From Californians escaping wildfires to North Carolinians fleeing Hurricane Helene, a lot of Americans have had to evacuate their homes in the last year. When a natural disaster strikes, you usually don’t have a lot of heads-up. We often hear about emergency “go bags” for prescription meds and pet supplies – but you also want to be thinking about the important paperwork in your life.

Disaster-proofing documents means keeping physical copies somewhere safe, and having an evacuation plan that includes taking your documents with you. It also means having digital backups you can access, just in case. Let’s get into it.

What important documents should I be disaster-proofing?

There are three classes of documents to think about: what you’ll need access to immediately after evacuating, what you’ll need post-disaster for dealing with insurance claims, and what is good to have because getting replacements is a pain you want to avoid if you can help it. 

These are the important documents you need to save for you and your family:

• Identification documents, including driver’s licenses, social security cards, birth certificates, passports and citizenship paperwork
• Ownership documents, like your car title and house title/deed
• Insurance information, including policy numbers for homeowners/renter, car and pet insurance, coverage documents, and contact information for your agents 
• Financial records, including the last few years of tax returns, brokerage and retirement account information, stock and bond certificates, and mortgage paperwork 
• Estate planning documents, like wills
• Documents helpful for filing insurance claims post-disaster, including appraisals for valuables, photo documentation of the furniture you own, receipts for home improvements, and other receipts for purchases you’ll want to claim
• For renters, a copy of your lease
• Medical insurance cards
• Marriage license and divorce papers
• Pet vaccination records

How to keep important documents safe at home

Keeping your documents safe at home has two parts: picking the best option for storing your hard copies on a day-to-day basis, and having an evacuation plan for your documents in an emergency. 

Home storage

You probably want to store your physical documents in a safe place that can’t be easily accessed by someone you don’t want to gain access, like a home intruder. You can keep papers in a locked filing cabinet or a home safe.

How often you need to access documents, and how many documents you have, may dictate which kind of storage option works best for you. Filing cabinets are generally easier for sorting and finding documents quickly but can be less secure than home safes. Some people use a mix of both in their homes. 

Some home safes on the market bill themselves as fire or waterproof. These can be helpful for house fires or minor basement flooding. But these have their limits. The heat and duration of wildfires can melt “fireproof” safes. We don’t recommend relying on them alone to protect your documents in natural disasters.

Evacuating with documents

Making an evacuation plan that includes your paperwork takes a little work upfront. You want to have your papers sorted and stored so it’s easy to grab what you need at a moment’s notice. 

Elizabeth Ridlington, a Northern California resident and senior policy analyst at our research arm Frontier Group, voluntarily evacuated during both the 2017 Tubbs fire and 2019 Kincaid fire. In 2017, pulling everything her family needed together was a “chaotic hour-long process.” By 2019, she had better systems in place, including keeping documents she knew she needed filed in bright yellow folders in her locked filing cabinet, making it easy to grab and go.

One option is keeping physical documents in your emergency go bag, so they’re coming with you no matter what. You may find if this is your primary storage option that it’s harder to keep your documents sorted in the long-term, and it’s generally less secure than a container that locks.

Ultimately, you may have to experiment to find what’s right for you. 

How should I store digital versions of important documents?

For extra protection in case of natural disasters, it’s not a bad idea to have digital backups of your most important documents. Having digital copies won’t fix all of your problems if you lose the physicals. But sometimes having digital versions will make getting replacement hard copies easier. It will also ensure you have access to important information, like account numbers, when you need it most.

There are a lot of options. What works best may be a little different for everyone.

For example, maybe you want to scan documents and load them onto an encrypted thumb drive and keep it in an easy-to-access place in your filing cabinet, home safe or even in your go bag.

The more technologically inclined and security-minded may want to set up a private cloud with a home server and a backup server at a family member’s home in a different state (so both your servers aren’t ruined in the same disaster).

The option that many will find most convenient is storing digital copies in a cloud, like iCloud or Google Drive. But you want to take some security precautions if you go this route.

Is cloud storage safe and secure? 

It depends. Not all cloud services are created equal, and there’s always a bit of a risk involved with storing files on a server owned by someone else.

Servers can be hacked. For example last year a major data breach of AT&T customer data happened when hackers accessed data maintained by the third-party cloud company Snowflake.

Your account can also be compromised if your email is hacked in a phishing attempt or other breach. If a hacker gets your Gmail login, for example, they’d likely be able to access your Google Drive documents. Or if you’re using a cloud service you signed up for using an email, it’s possible a hacker may be able to gain access to your cloud files using a “forgot my password” link to your compromised email, if you don’t have security backstops in place. 

While nothing is 100% hacker-proof, you can take steps to cut down on the possible risks.

How to safely store documents in the cloud

Picking what documents to store in the cloud and how to do it is a matter of finding the right combination of security and convenience that works for you. 

Generally speaking, the more secure a cloud service is, the sensitivity of the documents you can safely store rises. It’s also true that the more secure service you use and the more security measures you take, the more work it will be to set up and the less convenient accessing these documents will be. 

For Thorin Klosowski, the Security and Privacy Activist at Electronic Frontier Foundation – and an L.A. resident himself – deciding what to store and not store on a cloud is partly a question of picking the documents that “the risk of not having is higher than the risk of someone getting into it.” 

Your recent tax returns, for example, are higher risk than a copy of your dog’s vaccination records. A bad actor with your tax data can potentially file a fraudulent return. There’s not that much someone can do with proof your dog has his rabies shot – but you really want to have it if you go to an evacuation center that requires vaccination records. 

Increasingly, many of our important documents are available through online accounts. If your bank offers you a digital portal where you can access your car loan contract, for example, then there may not be much utility in you storing an extra digital copy in your cloud. If you really like having all your important papers in one place, however, then storing those documents in your own cloud account may be for you. 

Even more sensitive files may be worth storing on the cloud. Let’s take a look at ways to cut down on the risks associated with backing up your documents digitally.

Best practices for secure cloud storage

Here are some best practices. We’ll dive into each more below. 

• Use a cloud service that employs end-to-end encryption, like Apple’s iCloud when you have the Advanced Data Protection feature enabled.
• If you want to use a service that doesn’t offer end-to-end encryption, like Google Drive, find ways to boost your document security, like by password-protecting your documents individually before uploading (instructions below). 
• Take advantage of all the security protocols a cloud company has to offer. Enable two-factor authentication and use an extra-strong password on your account.
• Minimize the number of third parties involved. In general, it’s best to store your sensitive documents in as few places as possible and use as few services as you can to get there. The more parties involved = the greater chance your data could end up exposed one way or another. If you’re an Apple user, that could mean using Apple’s built-in cloud storage instead of signing up for another service.
• If you do want to sign up for a new service, do a quick web search of the company to make sure there’s no data breaches or other security complaints. 
• Because cloud storage comes with risks, take other steps to protect yourself from fraud and identity theft, like freezing your credit and signing up for transaction alerts from your bank.

What is end-to-end encryption?

Encrypting a document uses complex math to make the contents of your document illegible to anyone who doesn’t have the document’s security key. Many cloud services use some level of encryption. Not all encryption is equal, however. It’s possible to encrypt documents in a way that makes it possible for employees of a cloud company, the government, or a bad actor hacking into a company’s cloud to access your files.

End-to-end encryption is a special type of encryption that gives you extra protection from those nightmare scenarios. We recommend using services that employ end-to-end encryption. 

It does come with a convenience trade-off, however. Once you’ve end-to-end encrypted your documents, it means if you lose your encryption key, you won’t be able to recover your files, and not even the cloud company can help you. It’s very important you take steps to make sure you won’t lose your encryption keys.

How to keep track of encryption keys

There are lots of ways to keep track of encryption keys. It’s a good idea to print out a physical copy and keep it in your emergency go bag. If you have a password manager you like and trust, you can also store it there. You can give your key to a loved one living in a different state who will be willing to help you out, but won’t be affected by the same natural disaster as you.

Just make sure you’re storing your encryption key somewhere other than in the cloud you’re encrypting.

A look at cloud storage options

Best option for Apple users: iCloud with ADP enabled

iCloud is generally a secure option for your day-to-day files. Turning on iCloud’s new Advanced Data Protection feature gives you extra security. We definitely recommend this for all Apple users, particularly if you want to use iCloud to store sensitive documents. 

Advanced Data Protection (ADP) is great because it gives your documents in iCloud end-to-end encryption. It means that even someone who’s stolen your Apple account login info won’t be able to access your iCloud files.

ADP is available for iCloud users at no cost. Every iCloud user gets 5 GB of storage free, and  affordable monthly subscriptions are available if you need more storage than that. 

Like with all end-to-end encryption, you need to take good care of your encryption key. Thankfully, Apple gives you more options for recovering your data than other services by allowing you to select a recovery contact who can help you get back into your account.

How to turn on Apple Advanced Data Protection

ADP is only available in more recent Apple software updates, so make sure your iPhone, iPad, Watch or Mac has been updated recently and running at least iOS 16.2, iPadOS 16.2 or macOS 13.1. 

You also need to turn on two-factor authentication in order to use ADP. (You can find instructions here.) We highly recommend turning on two-factor authentication on all your Apple devices. That not only makes your digital life more secure, it helps make sure you’ll be able to access your files once you’ve turned on ADP. 

Once your devices are updated and two-factor is on, you’re ready to activate ADP.

How to turn on Apple Advanced Data Protection on iPhone

1. Open Settings
2. Click your name at the top of the screen to access your Apple account
3. Select iCloud
4. Scroll down to the bottom of the page and select Advanced Data Protection
5. It’ll show you an informational screen about ADP. Select Turn On Advanced Data Protection
6. It’ll show you a screen warning that you are responsible for data recovery. Select Set Up Account Recovery
7. It will then ask you to Add Recovery Contact. Choose someone who you can rely on – and ideally lives far enough away they aren’t going to be affected by the same natural disaster as you. One of you needs to have access to a trusted Apple device, and if both you and your recovery contact lose your Macs in a fire, you’re increasing the odds you’re going to lose access to your iCloud.
8. From there, you can follow the rest of the on-screen steps – they’re pretty straightforward. Don’t forget to store your encryption key somewhere safe!

Proton Drive

Proton Drive is a privacy-first favorite, and has gotten positive reviews from reviewers like PCMag and TechRadar. It uses end-to-end encryption. It comes with 5GB of free storage, meaning if you use it as a place to store only your important documents, you’re likely not going to have to pay. They have reasonably-priced paid tiers if you want to switch all your file storage needs to Proton.

Your password manager

Many password managers come with file storage. If you’re already using a password manager that you like, and it offers end-to-end encryption, that may be a great option for you. 1Password, for example, uses end-to-end encryption. Bitwarden also offers a vault option to store documents with end-to-end encryption. 

If something happens to your primary device during a disaster, you can log into your password manager from a different device.

Microsoft OneDrive’s Personal Vault

If you’re a Microsoft user, OneDrive may be an attractive option for you. It’s worth noting, however, that it’s a little unclear if OneDrive offers end-to-end encryption. If your Microsoft account is hacked, it’s possible your hacker may be able to access your OneDrive files. 

You can help mitigate this by using OneDrive’s Personal Vault feature to help boost the security of your documents. Accessing docs in your Personal Vault requires a form of two-factor authentication to access, like a fingerprint or SMS code. A strong security option would be to set up your two-factor through the Microsoft Authenticator app. If you set up your Personal Vault two-factor with a PIN, make sure that PIN is not the same PIN you use anywhere else.

If you want to use Google Drive for storing sensitive files

If you’re a Google user, Drive may be an attractive option for you. However, it’s important to note Google does not have an end-to-end encryption option, and it doesn’t give you the option to encrypt individual files. The biggest downside is if your Gmail gets hacked, odds are good your hacker is going to be able to access your Drive, too.

If you want to store sensitive documents on Drive, here’s steps you can take to boost your security: 

• Turn on two-factor authentication for your Google account. This is the biggest step you can take to help cut down on the chances someone who has gotten ahold of your Google login will be able to get very far. See Google’s instructions for how to turn this on. 
• Protect each of your sensitive documents with their own passwords. Google doesn’t currently let regular users set passwords inside Drive, so you’ll have to set the passwords elsewhere and upload that version of a file to your Drive. You can do this using Microsoft Word or Adobe (if you have a paid subscription). PC Mag offers a list of third-party PDF encryption apps.

If you have some technical chops, you may consider using a third-party encryption service like VeraCrypt that allows you to create an encrypted container and then upload it to Google.

How should I scan my files?

Uploading your important documents requires some kind of scanning. 

Klowoski suggests that from a security-perspective, it’s better to use the tools you already have over introducing new third parties if you can. If you have an iPhone or iPad, your device comes with a built-in scanner in the Notes app. Some Android phones — including the Galaxy line — also have built-in scanners. If you’re using Google Drive for file storage, you can use the Google Drive app to scan. Microsoft Lens lets you scan documents straight into your OneDrive and Personal Vault.  

Numerous third-party scanning apps are out there. If you want to opt for one of these, check if the company encrypts files, and make sure it doesn’t store your files once you have them downloaded or mention anything in its privacy policy about selling or sharing your data. It’s also always a good policy to look up the company online and make sure there have been no complaints about it related to security and safety.

Thanks to Stephen David Cooke for his contributions to this article.