The recent buzz of celebrity nude scandals serves as a stark reminder for everyone who relies on cloud storage for their personal data. While we're not all high-profile targets, we can still fall victim to hackers who gain access to our accounts by guessing our passwords, security question, and user names. This essentially created the perfect storm for the celebrity accounts that were hijacked at the beginning of September. When hackers obtain one set of login credentials, they can easily attack multiple accounts that a user owns, especially if you use the same passwords across services.
Here are four ways to proactive in the face of cloud security risks.
1. Periodically refresh passwords and security questions. Phishing is the practice of misleading users so that they unintentionally provide personal information to hackers. This tactic played a pivotal role in the recent photo leak. Phishing can happen with fake login pages, spammy email links, duplicitous online surveys, and even over the phone.
Cyber criminals can use personal details, such as your favorite color, the last four digits of your credit card and your email addresses, to make educated guesses about your sign-in credentials. They might contact a service provider posing as a user, provide identifying details and gain even greater access to accounts. This is why it is so important to prevent your security credentials from becoming stagnant. Rotate your password every few months and consider using new security questions and answers, too.
2. Enable two-step authentication. Many online account services, such as Apple's iCloud and Google Drive, provide users with an optional two-step authentication system that prevents hackers from getting into your data even if they've discovered your password.
Two-step authentication asks users for a second, additional pin code to sign in and use an account on a new device. If someone is unable to provide this second piece of information, then they cannot gain access to the account and its data.
Unfortunately, many people are unaware of two-step authentication or they find it inconvenient. These accounts are less secure. According to Apple, the celebrity accounts that were recently hacked did not have two-step authentication enabled. The next time you're updating your security settings, make sure to opt into the two-step verification process.
3. Store sensitive data offline. A small flash drive stored in a safe deposit box is much safer from prying eyes than data stored in a cloud account. If you are truly worried about storing sensitive data on cloud accounts, then consider using offline storage, such as external hard drives, to protect your information.
Ultimately, you need to make a decision regarding the value and sensitivity of your personal data. When you upload information to a cloud service, you are handing the responsibility for protecting it to a third party company (just like you entrust a bank to protect your flash drive in the safety deposit box.) When users place their trust in a third party, they must carefully examine the security systems in place and consider the consequences if these third-party services are breached.
These high-profile stories about cloud storage breaches should concern everyone. They demonstrate how vulnerable our data can be when they are stored online. A combination of safe credential practices and data storage alternatives can help you protect sensitive data from malicious parties.