Recent news stories of celebrities’ highly personal photos being leaked online has caught a lot of people by surprise. In the aftermath of this attack, everyone should ensure that their personal data is safe.
FREE Download: CISO Data Breach Guide: How to reduce risks and overall cost by increasing automation
As it currently stands, it would appear that the photos may have been extracted from cloud services.
Storing personal data in cloud services can create a certain amount of risk. Therefore, should you use a cloud service, here are some tips you should keep in mind going forward:
1. Stop Storing Your Most Sensitive Data on Cloud Services
Cloud services are very convenient, but an attacker might be able to gain access simply by guessing your email address and password. For highly sensitive data, you are better served keeping it off cloud services.
Users should be aware that many devices will automatically upload photos and received messages to the cloud as a backup service. If the sensitive data includes personal photos, people should consider turning backup off, using a different device to take those kinds of photos, or at the very least going into the cloud service and deleting the photos after the fact. This places the burden on attackers to compromise your phone should they want your personal photos, a task which can be a lot harder and is beyond the skill of many attackers.
There are apps that claim to send photos to cloud services security, but you should be aware that there are still risks. For instance, it is important to check that the app is not saving the photo on the phone, whose data is uploaded to the cloud service. Also, the app service itself could get hacked, and this is out of your control.
2. Use Two-Factor Authentication
Even if you prevent your most sensitive data from being exposed on the cloud, you should still do everything you can to secure your cloud access.
Many cloud services such as Google, Apple iCloud and Microsoft Live offer “two-factor authentication“, which means that when you try and log in, an email or text message is sent to your phone to prove you’re you. This means that for an attacker to get into your account, they will need both your password and your phone.
3. Choose Secure, Unique, Passwords
Don’t make an attacker’s life easy! On top of removing sensitive photos and data and activating two-factor authentication on your cloud storage, you should choose strong, unique passwords for each service. That way, if a service gets hacked, the attackers cannot exploit that particular password to log into other services you use. Advice on passwords and on cyber security more generally can be found at https://www.cyberstreetwise.com/#!/passwords/creating.
4. Don’t Get Tricked Into Giving Out Your Password
MWR will often be asked to try and trick our client’s employees into giving out their passwords by email or over the phone. These efforts more often than not prove very successful. You should never give out a password when someone has contacted you. If you have an email from a service trying to get you to log in, never click the link. Instead open a new browser, go to the service as you normally would access it, and log in there to attempt to resolve the issue. It is easy for attackers to create very realistic emails and websites that want to trick you into logging in.
The internet can be dangerous, but with a few simple steps, you can make it a lot harder for hackers to steal your personal data. For further information, the Cyber Street Wise Campaign has advice on a range of ways to do just that: https://www.cyberstreetwise.com/#!/street.
By Alex Fidgen, Group Director, MWR InfoSecurity
MWR is leading the way in which information security is delivered, enhancing the security of vital data and communications resources of ambitious and responsible organisations. As an international company, its teams are considered to be global Thought Leaders on their areas of expertise.
MWR works with its clients by developing a comprehensive understanding of their needs, challenges and opportunities, and, through that, a deep mutual trust.
Such relationships allow it to deliver valuable services and solutions, and build up an enviable client portfolio and an unsurpassed track record of success.
[wp_ad_camp_5]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.