The recent highly publicised case of a number of Hollywood celebrities having pictures of themselves in a variety of undressed states generated a lot of publicity, largely due to the fame of those involved. Beyond voyeurism, it also raised a lot of questions regarding the security of online storage services.
For the record, I’ve got no issue with adults doing whatever they feel like doing in the privacy of their own homes, so arguments about not taking such pictures in the first place hold little water with me. Privacy is, in my view, privacy no matter who you are.
The full story is still unravelling as I write this, but it appears clear that Apple’s iCloud was compromised, and, according to some reports, Dropbox may have been involved. It seems — but is far from confirmed — that the accounts may have been compromised some time ago and stored online, and that possibly a second group may have gained access to the pictures via a first group of hackers before spreading them across the Internet.
You’re probably not a celebrity, but the whole issue has raised the spectre of whether storing sensitive documents, whether they’re potentially compromising photographs, business documents or anything else you’d care to keep private on the Internet is such a good idea in any case.
I’d say it can be, but you’ve got to be aware of the potential pitfalls and make sure that you’re as secure as you can possibly be. Apple’s iCloud solution may have contributed to the current scandal in a couple of key ways that aren’t all that hard to avoid if you’re careful.
Specifically, Apple’s designed iCloud to be as low-fuss as possible, and in one sense this is very good policy. Far too few of us carefully back up our photos and documents as it is, and it only takes one data disaster to realise how valuable actual offsite backup can be. That being said, the single-click install of iCloud assumes that you’re going to want to back up just about everything, and that might not suit you. Checking your iCloud backup settings (which you’ll find within Settings>iCloud as a bunch of selectable toggles) can give you greater security over what you do and don’t share online.
It appears that the accounts may have been compromised via the password reset feature of iCloud, and here there’s another opportunity for you to add an extra layer of security. Most password reset systems (iCloud or not) use basic memory questions to verify your identity. Asking for your mother’s maiden name, the first car you owned, that kind of thing. Not all systems allow you to set your own questions, but all of them rely on whatever you tell them the answer is.
So even if you’re stuck with a question like “What is your favourite colour”, there’s no reason to choose anything from the actual colour spectrum. Tell the system that your favourite colour is “Mal Meninga”, and it’ll be perfectly happy. As long as you can recall that — password management software can help there, as I’ve noted previously — then you’re set, because you can choose an answer that no hacker is likely to guess.
Apple offers two factor authentication, sending a code to your device every time a new device accesses it or when you make purchases, which adds security to those transactions, but annoyingly it doesn’t do so for iCloud access over the web. That may well change after this current furore, and it’s still worth keeping in mind depending on what level of cloud security your online storage provider offers.
There’s a final level of security you should consider, especially if you’re storing business documents in the cloud, and that’s encryption. If you encrypt your data before sending it to the cloud, then you’ve hugely improved your overall security, because even if your account were to be compromised, your actual documents, whatever they are, will be useless to the hacker without a decryption key. No system will ever be 100 per cent secure, but that’s a very good way to lock out all but the most determined hacker, and a good way to keep your cloud-stored documents essentially secure.
If you’re still not happy storing in the Cloud, then the one thing you absolutely must do is sort out an automated backup solution, preferably offsite or easily transportable away from your work systems. A single hard drive won’t cut it, because like all technology, it’s not a question of if it will eventually fail — it’s just a question of when.