The hacking of celebrity accounts in late August has reminded us how vulnerable private information stored online is. This article provides some guidelines on practices that should result in safer cloud use.
Within the past week or so, various private accounts for a number of well-known celebrities were hacked and about 200 photos were posted on several public websites. One of the platforms hacked was Apple’s iCloud – its cloud based service to which user data, such as passwords, files and photos are stored, and can be accessed across multiple devices.
This recent incident has reignited the debate about the privacy and secureness of cloud systems, especially public clouds. However, software vendors have integrated cloud services into many of their offerings, to the point where persons are unable to use their products without establishing a cloud account. In other words, clouds are likely to remain well into the foreseeable future.
Recognising that it might be futile to avoid clouds – especially when so many services use them, such as for email and social networking – to the extent that we, as users, can, a better approach might be to try to minimise breaches and the losses that can occur, should systems be compromised. Below are four things to consider when storing data in the cloud.
1. Breaches are happening regularly, it may only be a matter of time before your data is affected
Without a doubt, data is the new currency of the digital age. Networks and systems worldwide are continually under attack, and even under the best of circumstances and constant vigilance, breaches occur. The majority of those incidents are not made public, but for those that have been – think Target, Sony Facebook and Yahoo, Microsoft to name a few – millions of users had been affected.
In light of the regularity with which breaches are occurring, it ought to be appreciated that no network is impervious to attacks, and it may only be a matter of time before your data or your network is compromised. With that in mind, but recognising how essential cloud storage and cloud-based services have become, it might not be practical to avoid try to avoid them. Instead, the better approach might be to determine the best way to use them, whilst potentially minimising any fall out that might occur.
2. A reputable provider is likely to be better resourced to address security threats
Although some businesses, particularly large corporates and enterprises might choose to build and manage their own cloud storage, this might not necessarily be an option for smaller businesses, and more so individuals. Furthermore reputable cloud services/storage providers are more likely to be better resourced to establish the needed infrastructure and address security threats than most businesses.
However, it would still be prudent to do the necessary research to learn about the policies providers have adopted, along with the systems that have been set up to store and protect users’ data.
3. There is still an onus on the user to implement good security practices
Having selected a reputable cloud storage provider is perhaps only 25% of the battle. Thereafter the onus is overwhelmingly on users to adopt and consistently and conscientiously apply good security practices. Many of those practices have been discussed at length in earlier articles; however, they are worth re-highlighting in summary:
- use strong passwords and two-factor authentication
- keep accounts separate (do not link them)
- use different passwords for each account
- password-protect all of your computing devices
- use strong encryption
- do not public/free Wi-Fi, and keep Bluetooth deactivated, unless absolutely necessary.
- install remote-erase applications on your devices, which you can activate should they be stolen.
4. Exercise prudence with what is stored in the cloud
Many of today’s computing devices, and even some software applications, have integrated cloud backup into their use, and may even be configured to automatically back up data. Though we might find this feature especially useful, since we may no longer need to manually back up our files, and they may be accessible from a broad range of devices, and even across platforms, this automation also means that we might no longer be in full control of our data.
Essentially, there may be some information that should never be outside of our absolute control. Examples might include highly personal, private and commercially sensitive information. For such material, more prudent options, such as having print copies, and electronic backup on equipment in your physical possession, e.g. USB drives or backup hard drives, might be more appropriate.
Image credits: Daniel Spiess (flickr)