The Celebrity-Hacking Scandal Is a Rude Wake-Up Call on Cloud Security
Entrepreneur's New Year’s Guide
The latest hack involving celebrities is much more than an embarrassing moment for a few superstars. It’s a wake-up call for all of us.
Virtually everyone depends on the cloud to share sensitive information, but now we know that whether it’s sensitive pictures or critical business plans, it’s all potentially vulnerable.
While there are a million theories about how these images were obtained, including several focused on Apple’s iCloud, it isn’t clear where hackers got these pictures. Some suggest these images came from a ring of cybercriminals who brag online about “wins” from storage services such as iCloud and who offer to hack individual accounts for money. Read these threads and you’ll realize that anything saved to your phone should be fit for public broadcast.
Whatever happened to expose these pictures, the results are devastating. Everyone who uses a smartphone should now be wondering whether their data is safe. We're so used to the automatic convenience of sharing in the cloud we’ve completely lost track of security. With hindsight, these services should have included end-to-end encryption from the start. Two-factor authentication shouldn’t be an option, it should be a requirement.
The risks of the cloud are nothing new -- Richard Stallman, a well-known open-source activist, has called cloud-storage services “a trap” numerous times, and comedian Louis C.K. warned against the dangers of handing over our photos to services such as iCloud back in 2012, on Jimmy Kimmel Live of all places.
We’ve all put these risks aside and made a collective compromise. We’ve opted for convenience over security when the professionals creating these services should have been building greater security into cloud services from the start.
Business professionals and entrepreneurs have a strong interest in security and privacy and we should demand end-to-end encryption and two-factor authentication for every service we depend on. Today, you should pause and assess your exposure to cloud-storage systems and answer the following questions for your own business:
1. How many people use an iPhone or an iOS device to conduct sensitive business transactions or share attachments for business?
2. When you take a picture of a whiteboard during a sensitive meeting about a secret project, do you know if your images are being automatically uploaded to Dropbox or iCloud?
3. When you receive an email with an attachment from a colleague at work do you know what happens to that attachment? Does it end up on Dropbox or iCloud if you open it on your phone?
4. How about backups? Do you backup the contents of your iPhone to iCloud? If so, do you know whether that backup contains all of your data, including images?
This week, none of us has a quick answer to the question, “Is your data safe?” Our mobile devices are leaky faucets for emails, images and attachments, and everything we do ends up generating a trail of data.
This scandal is a call to action for anyone who depends on the cloud. We practically live our lives on these mobile devices and we certainly conduct critical, sensitive business on smartphones every single day. Here are some concrete steps you can take to secure your business:
1. Understand what’s in the cloud. When you share a document, send an email or take a picture on a phone, you and your employees may be inadvertently sending sensitive data to insecure servers. Know what’s in the cloud.
2. Use end-to-end encryption for email. If you use Gmail or other cloud-based email services, you shouldn’t assume that these companies are securing your information at rest. Use systems that encrypt information on your devices before it is sent to the cloud to become an inviting target for hackers.
3. Preserve the ability to take things back. If you send sensitive business documents to colleagues and partners, you need to have a strategy in place if they are compromised. You can take all security measures available to secure your information, but if email recipients are not as diligent, your information can still be compromised. Use services that secure information and give you the ability to track, control and revoke access.
So here’s the wake-up call: As entrepreneurs and small-business people, you simply can’t trust that service providers will always protect your sensitive information. It’s time to take the necessary actions to protect yourself.