Last week Wired writer Mat Honan was subject to an epic hacking attack that took over his Google account, compromised his Twitter account and led to his AppleID account being accessed and used to remotely wipe both his iPhone and his iPad. On August 5, Apple co-founder Steve Wozniak expressed his own wariness of the cloud. In light of this, security expert Christopher Boyd, senior threat researcher at GFI Software, offers tips on keeping information safe online and in the cloud.
The effects of a hack of the nature Mat Honan suffered can have far-reaching consequences. "The biggest impact here is the loss of invaluable personal data," says Christopher Boyd. "Money can often be recovered, fraudulent purchases can be addressed but the loss of photographs and work related material can be devastating."
How to ensure you don't lose data
To safeguard against the loss of invaluable data, Boyd recommends individuals back up their information on a hard drive as well as storing it in the cloud. "Users should take advantage of cheap external hard drives and use one to regularly back up their entire machine, or at least their key documents."
Boyd also suggests using "a further backup at another location -- perhaps stored at a close relative's house."
Use two-step authentication features
Mat Honan admits that he did not use Google's two-step authentication process, by which a pin is sent to a mobile or other device when a person is attempting to log on to an account, to protect his Gmail account.
Boyd recommend that users should always take this step, also noting that "if users are worried about social engineers obtaining their phone number and convincing their mobile operator to redirect SMS texts to phones owned by the attacker, they should install the Google Authenticator application (which even works offline) and bypass that possibility." Information on setting up a two-step authentication code for Gmail can be found at: http://goo.gl/IiTmc
Boyd also notes that "often, an attacker will try to compromise the email listed for password recovery to completely lock out the victim, and the information needed to break into the second account can often be found in the first."
In order to avoid falling victim to this, Boyd recommends "trying to ensure a backup address is at least as secure as the first, doesn't have an obvious password reset question and uses some form of additional verification such as two-factor [authentication code]."
Make data security a priority
Securing your data online should remain a priority. Boyd notes, "There's no excuse for not securing these accounts to the best of your ability. If you have a single 'master email' used for everything from shopping to banking and website logins, at least secure it with authentication devices and don't reveal it online or use it to talk to friends or work colleagues."
Boyd concedes that keeping all accounts separate from one another is difficult, noting that "we [users] have to make do with the tools given to us by the owners of the services we invest in, and we're slowly being given more options as they realize standard username and password options aren't strong enough.
Where additional security tools exist such as with Gmail, it is paramount that users make full use of them."
Cloud storage: Parking space in the clouds
Back in the days of grandfather, one used to backup data on floppy drives. Then came optical drives — CD, DVD... Microsizing brought data cards and pen drives. Now, all you need is a fast Internet connection. Documents, movies, songs and what-have-you-whatever the file there are multiple storage options “in the cloud”, the popular term to indicate huge servers that can be accessed through the Internet. These services give free or paid storage and multiple features such as mobile access, recovery of deleted files and full text search.
Cloud storage can help your files stay safe
But beyond that, I do think cloud computing - the business of using software or storage on the Internet rather than the ones stored in your laptop or desktop PC - makes more sense. While one school of thought on cyber security speaks of keeping confidential files backed up on your own personal storage such as an external hard drive, there is an equal case for cloud-based storage of files, because the service provider can sweep and scan the files, protect it from attacks and keep back-ups for you.
Review: Google Drive, Dropbox, SkyDrive, iCloud
In a connected world you want your data on the cloud so that it's easily accessible. That is exactly what major cloud storage services such as Dropbox, SkyDrive, iCloud and the newly launched Google Drive will do for you. Here's a look at what each service can offer so you can make a choice.