Jennifer Lawrence is the best. She’s an excellent actress, she’s hilarious and her whimsical modesty is delightful. And it’s a shame that she’s at the forefront of the latest celebrity photo hack. Nonetheless, I’ve had a phone with a camera since 2007 – and I got one of the first digital cameras back in the mid ‘90’s – and I’ll pay $10,000 cash to anyone who can find a nude selfie of me anywhere. Because there aren’t any.
It’s a universal truth, however, that sometimes humans simply do dumb things. Also true is that for most of us the cloud is a part of our everyday lives either personally, professionally or both and oftentimes whether we even know it or not. The issue is getting lots of ink this week and when we translate it into “Business-Continuity-ese,” it means our data and other proprietary information may not be as secure as we think. So what can you do to prevent sensitive material from falling into the wrong hands? I spoke with Russell Holliman, an IT expert with 30 years of experience and Continuity Housing’s technology advisor, to find out.
First of all, the easiest lesson to learn is that just because you delete a photo from your phone doesn’t mean that it has disappeared forever.
Same goes for your hard drive if you’ve backed up to the cloud.
Next, says Holliman, “Be selective about what you use the cloud for. Opt to actively back up onto your computer instead of just letting it run in the background.” Yes, it’s less convenient, but only in the same way that it’s less convenient to heat water for tea in your microwave as opposed to just getting it from an on demand tap. I mean, who actually boils anymore? And funny enough, restoring data from your computer to your phone is actually faster than restoring from the cloud.
So what if you want to keep using the cloud anyway? “Ironically, iCloud, like many of the other cloud services, already offers two-factor authentication that might give you a little peace of mind: once you set it up, any time you need to access your backup account, it sends a text to the phone that’s registered with that account with a code that you have to type in before it will allow you to have access.” Also, once the access process has been initiated, the code that is sent to your phone has a very short lifespan – usually under a minute – which is yet another layer of protection. The trick is that you have to subscribe to the option, install it (if necessary) and then use it . . . every single time.
“A lot of companies have already implemented two-factor authentication (although a lot do not force customer to use it) and there are a lot of third-party apps to help. For instance Coinbase uses Authy for two-factor security. And many banks – JP Morgan, Wells Fargo, Bank of America – not only offer proprietary two-factor authentication but actually require that their customers use it for remote access. There’s also a Google app that does essentially the same.”
And how to avoid the particular issue that’s in the news right now? Says Holliman, “If you go to your Settings on iPhone, you can turn off Sync to iCloud and the same settings can be modified in iTunes so that you can selectively choose what does and doesn’t get backed up to iCloud – your photos, your calendar, emails, reminders, etc.”
While we’re at it, what exactly is the cloud? In short, it’s shared, distributed server space. It’s not dedicated, proprietary data storage such as your hard drive or a company’s private server. Your photos on Facebook, for instance, are cloud-based – and once you upload a photo, Facebook owns it always and forever, even if you delete your account. (And yeah, that was in the fine print in the terms of service you agreed to when you started your account.) Conversely, other similar-acting services such as Dropbox and Google Drive use secure encryption specifically for your data. Says Holliman, “If you delete one of your folders from DropBox, it will be gone as soon as you clean out your trash. All data is encrypted on their server and also, and by design, if you forget your password, you’re out of luck.”
What a Coinbase access authorization code looks like.
Note the tiny lifespan.
For business continuity and other professional users, he says, “First and foremost use a very difficult password. Contrary to what a lot of people think, hacking is not always simple guessing.” Hackers aim for the lowest-hanging fruit: and when they do resort to “guessing” (i.e., a brute force attack) the easier the password and more often you use it (don’t ever use the same password twice), the easier it is for them to figure out.” Holliman recommends using a service such as LastPass which is “a browser-based plugin that generates very complicated passwords for the sites you commonly log in to and then they keep a record of them. There’s even a LastPass app for the iPhone but in order to use it on your phone you have to switch from the secure site you want to access to LastPass, type in your encryption login, copy the password and then paste it into the site you want to visit.” A pain in the butt . . . but much better security.
And only because it bears repeating, don’t use the same password twice.
Holliman continues, “Consciously select companies that use two-factor authorization and actively support those companies. It’s very important to get in the habit of supporting them even if you just buy the lowest-tier of service. Speaking of which, Apple actually uses very high-end encryption both on the storage side and when the data is in transit.” But you have to actively participate in the process and not just set everything to automatically save every time you sync your phone.
This isn’t the first time celebrities have been victimized by cloud hacks. Several years ago a number of the rich and famous discovered that hackers had managed to gain access to their voice mails by using a fairly simple VoIP scheme and taking advantage of the fact that many of the celebrities had failed to simply set up their voice mail access code option. Again, another inconvenience but one that pays dividends.
From a corporate standpoint, a lot of companies that don’t even allow DropBox to be used by their employees. Again, says Holliman, “Don’t upload anything [to a non-proprietary server] that you don’t want people outside the company to see. If it’s company confidential, you should have adequate space on a proprietary server.” And if the backup server is a dedicated point, make sure it’s the company’s own storage. “A lot of backup server providers actually outsource the service and put their name on it.” And some of them store the data where? You guessed it – in the cloud.
Bottom line: “Don’t ever use the cloud, regardless of how it’s branded, for backup of corporate or personal proprietary information.”
And never, ever take nude selfies.
Continuity Housing helps companies enhance their business continuity plans by pre-arranging guaranteed housing and providing logistical support for mission-critical employees during disasters. Subscribe to the Continuity Housing blog (in sidebar at right) and follow us on Twitter, on YouTube, on LinkedIn and on Facebook. To subscribe to our mailing list and/or to find out about a free 30-minute consultation, let us know.