Beware: Note-Taking Apps are Dangerous for Your Privacy!

For thousands of years, little has changed in the world of note-taking. There was always some form of pen and paper to jot down information. With the advent of digital technologies in the last twenty years, note-taking has entered the modern age.

Leading apps like Evernote now have over 200 million users. People use it to store notes and other vital data like credit card details, account information, security, and PIN codes.

These apps may offer convenience, but there are significant trade-offs in security. What are the risks of storing data in note-taking apps? And what steps should you take to protect your data? This guide will try to answer that and more.

Private Notes in Unencrypted Storage

Everyone remembers the days of post-it notes and notebooks. Note-taking apps replace the clutter and allow you to search for any things you saved. They’re great for grocery lists, to-do lists, or class notes.

But a recent survey found that almost half of Americans saved one or more of the following personal data in their note-taking apps. Here are some of those:

  • Usernames
  • Passwords
  • Credit card numbers
  • Social security numbers
  • ATM PIN codes

No Data Protection in Note Taking Apps

What’s So Bad About Them?

The problem is that note-taking apps don’t have encryption by default. Encryption scrambles data turning it into an indecipherable code to anybody who doesn’t have the password.

Note-taking apps don’t encrypt your notes. It leaves your data susceptible to hackers and other digital threats. In some cases, they may not even have to hack your account. Hackers can also see the content of notes by spying on your network if your data syncs to the cloud without encryption.

It also creates vulnerability since fraudsters who access your device can obtain your login credentials. And it has happened before. A few years ago, 50 million Evernote users had to reset their password after a massive data breach.

Regardless of which note-taking app you chose, you should encrypt your data within your business network. The best way to do this is by using NordVPN Teams. With this, you can create secure business network connections from anywhere. Not only will it keep your notes but all your corporate data safe from fraudsters and other digital threats.

It’s Not Limited to Note-Taking Apps

To be fair to Evernote and other note-taking apps, these security issues are part of more significant cloud security problems. Many cloud storage solutions also don’t rely on encryption.

Likewise, they may suffer from man-in-the-middle attacks while files are in-transit or other platform and account security challenges.

What does this mean for you? Basically, that now is a good time for you to do a digital safety check up on your other apps too.

What You Need to Do Now?

The first thing you should stop doing is putting sensitive data in these apps. Start taking advantage of encrypted note-taking features on password managers to store that information instead. It will also make it easier for you to create, store, and manage passwords.

Business or power users need to go a few steps further to ensure the security of notes. If you’re an owner or manager, ask these questions:

#1. Where is Your Data Stored? 

If the company uses Amazon AWS, then your data is secure. Amazon has excellent security infrastructure and will answer any questions you have about how they secure data and enforce compliance. Google is pretty good, too, as it has rolled out more cloud security enhancements.

And if they don’t use AWS or Google, you should ask for more details about how they safeguard your data.

#2. What Certifications Do the Data Centers Have?

You don’t have to be overly versed in standards. But be on the lookout for ISO 27001, which is the highest security certification. It means the company maintains the strictest rules on data protection, and the ISO approves their practices. Another one to ask about is SSAE 16 (SOC 2). It also includes provisions on the security, confidentiality, and availability of your data.

#3. Do They Have Data Backups in Place?

You need to know what happens to your data in the event of a crash. To be either ISO 27001 or SOC 2 certified, they must have met these standards. If necessary, ask for the types of documentation on file.

#4. Is Your Data Encrypted?

Data Encryption in Note Taking Apps

This is a big one. Your data needs to stay protected both when it’s “at rest” and “in transit.” That means it is not only secure on their servers but as it moves between your devices and the cloud. You need to be sure all confidential data stays encrypted at all times.

#5. What’s the Difference Between Free and Paid Tiers?

Most note-taking apps offer free and premium tiers of service. But some apps also use different security protocols between these versions. Put simply, if you pay, you get better security. If you’re a huge fan of the app, then pay the subscription fee. If not, shop around to find a better option for you.

#6. How Do You Export Data from the App?

You never know when you may decide to leave the app. What happens to your data? Can you export it to another app or into the cloud? Ask about exporting. If you can only use an HTML (Evernote) or JSON format, that’s not too helpful. You should be able to transfer it to bring over all files and attachments from your notes properly.

What’s the Most Secure Option for Taking Notes?

Evernote got a lot of grief in this piece. But there’s also a reason why it’s a top app; it’s user-friendly and feature-rich. You don’t need to ditch it altogether. But you do need to move essential data out of Evernote and into a more secure alternative like:

  • Saferoom
  • Etherpad
  • Bear
  • Metro Wordpad (for Windows phones only)
  • Standard Notes
  • iA Writer

Also, consider using encryption everywhere. Not only your data in transit but also files, passwords, and conversations. There are plenty of tools for that nowadays. But they are no good if you don’t use them. Stay tuned to GeniusGeeks tips section for more such updates on securing your personal information.

Comments (2)

  • Jacky says:

    All of the apps listed could be used easily but with some kind of a security application. Be it NordVPN, or Kaspersky, both are really useful in the times of working from home. Harshil, have you tried using any one of those?


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.