You will have doubtless seen the media frenzy surrounding the recent exposure of private pictures of high profile celebrities, reportedly obtained through compromised Apple iCloud accounts, which has generated many headlines recently; all very embarrassing for the individuals concerned and for Apple.
The cloud is increasingly being used not only by celebrities with a proclivity for naked selfies, but also by businesses large and small for services ranging from simple file storage to complete CRM (customer relationship management) and other databases.
Whilst the security of cloud based data stores for general business are nowhere near as interesting or sensationalist to the headline writers, they certainly are to the owners of the files which can often include financial, confidential and commercially sensitive information, the type that most of us would really rather not see in the hands of unauthorised individuals or competitors.
While the cloud undoubtedly provides a myriad of compelling and difficult to resist benefits, giving a competitive advantage to businesses; security concerns have dogged the cloud concept since its inception, and is usually one of the first objections raised by my clients when discussing their options.
Last February, at a joint press conference at RSA; Microsoft and Google declared that “that it’s time to stop fearing cloud security and embrace the future.” In light of the recent hacking of iCloud accounts, should that now be revised? Should you consider moving some or all your most important and personal data off the cloud? Should this prevent you from considering a cloud based option?
The answer to that is an emphatic no!
As with anything in life it is a question of relative risk vs benefit. I can’t personally see the appeal or fascination of taking naked selfies and it is doubtful that the hackers who expended considerable time and effort to seek out said pictures of international female celebrities will find equal motivation in the contents of a Cambridgeshire SME’s Dropbox account. That isn’t to say however that you should be complacent and the best way forward is to better secure your data
How do I do that?
The first step is simple; get a good password for your cloud system and ensure your colleagues do likewise. The recent iCloud breach was blamed on easily guessed passwords and this is the rule, not the exception. We frequently see individuals using the same, often weak and predictable password for many uses and if one is breached then all are consequently at risk. Mix it up a bit in terms of both complexity of password and also which passwords you use for each system. The Linkedin breach last year caused quite a panic; not because of the data on Linkedin itself necessarily, but because many used the same password as they used on their company networks and cloud systems.
What else can I do?
Avoid traps that can compromise your information in the first place. Ensure you have an effective antivirus. Be especially careful about clicking on suspicious emails or website links. Don’t respond to emails purporting to be from your provider, such as the very credible looking “Apple iCloud” email sent so us by a customer just last week; asking the recipient to click on a link and confirm their iCloud credentials. Refrain from downloading anything from untrusted websites, and try to stay off WIFI networks you can’t be sure are reputable.
The last thing you should do is stop using the cloud because something went wrong. Similar to driving, which carries inherent risks, stay alert and be aware of what happens around you. Cloud security is generally fairly impressive, and while Apple, Google, Microsoft and the rest can undoubtedly (and will) do more, the human element and desire to “get on” often leads to weak and overused passwords, easily researched security questions compounded by the casual use of WIFI networks where availability seems more important than security.
Don’t assume! You may not be an international movie star, however, your data will be be of interest to someone, perhaps a competitor as an example, but equally don’t become risk averse and a cloud Luddite; there benefits far outweigh the risks and there are endless possibilities you will miss.
Published in Business Matters – Oct 2014
As both an entrepreneur and an IT specialist, Lindsey offers a blend of deep technical expertise and commercial insight, delivered in language business owners can really understand and trust. She works with clients to provide a full range of services from strategic advice through to project management and infrastructure support.
Lindsey is an accredited Cyber Essentials Consultant