After iCloud Breach, Five Steps to Secure Data
Hackers victimized celebrity users of Apple’s iCloud file storage service. While the iCloud investigation proceeds, here are steps to protect private data.
4 September 2014
Hackers victimized celebrity users of Apple’s iCloud file storage service, as many news outlets have noted. Various sites posted some of the private images and video files, and the FBI and Apple are investigating how the hack occurred.
Currently, Apple claims “certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions.” Also, the vendor stated that this sort of attack is “all too common” on the Internet. (Incidentally, the iCloud news was enough to largely drown out coverage of another potentially huge breach, much different in nature.)
Five Consumer Data Protection Tips
While the iCloud investigation proceeds, we can generally note that people don’t always take simple precautions to protect their Web content. But here are five steps to help everyone keep their private data confidential:
- Use two-factor authentication. If your file storage and sharing service offers two-factor authentication, apply it. That way, when you log in from a new computer and enter your password, you must enter a code before you can access the account.
- Apply strong passwords. You’ll want to create a unique, strong password for any site you access. You can also try a password management service such as Password Safe.
- Verify privacy settings for your file sync and share (FSS) service. Confirm your service actually supports privacy settings, which ensure that only people with access to your files can view them. Most FSS applications default to a “public” setting, meaning that anyone who has a link to your files can access them. You should change your account settings to “private” to prevent unauthorized access to files.
- Delete public folders holding sensitive content. If you’ve already shared private information in a public folder, just changing the status of the folder to private may not always protect it. Delete any items that are private within the public folder.
- Keep business and personal files separate. It’s never a good idea to share personal information and business data through the same FSS service or account. Many employers have rules about storing sensitive information in consumer-grade file sharing tools. Always be ultra-careful not to put confidential business information at risk when using consumer FSS services.
Losing control of private data is scary. But when business data does leak, the consequences can be truly severe. Then, you could face lost reputation, sanctions from regulators, and financial costs.
But you can do something about data security now — and these latest incidents offer more reasons to do so.
Mushegh Hakhinian represents Intralinks at the Cloud Security Alliance SME Council, is a certified information systems security professional, and is a frequent contributor to industry publications. Prior to joining Intralinks, Mr. Hakhinian lead security functions at a multi-tenant online banking service provider and an international bank.