Business questions from the celebrity iCloud hack

By: John McGarvey

Date: 8 September 2014

Jennifer Lawrence{{}}

You can't have missed last week's news that hackers gained access to intimate photos belonging to celebrities, including Jennifer Lawrence (pictured).

The story has raised important questions about what data individuals store in the cloud. Many of those questions have implications for businesses too.

After all, cloud services play a pivotal role in many companies. They're used for all kinds of tasks, from backing up data and sharing files to enabling remote working and reducing the need for expensive in-house equipment.

The cloud certainly has significant advantages, and it's here to stay. There's a strong argument that overall, the security risks of using the cloud are lower than storing data in your own business.

But with cloud technology still developing, could this breach be the spark that forces cloud providers and their users to confront some key questions?

1. What's your weakest link?

Although full details of the iCloud breach have yet to emerge, it seems likely the celebrities were victims of some kind of brute force or social engineering scam.

This means hackers used techniques to work out log in details, rather than exploiting a technical breach.

With cloud security, much of the focus is on measures systems like firewalls and backups. However, if all that stands between a hacker and your data is an easy-to-guess password (like ‘password', ‘123456', or your company name), that's how criminals are most likely to access your data.

Our advice:

Strong passwords are important, and you should really combine them with two-factor authentication to up the security on your cloud accounts.

The biggest problem with strong passwords is that they're a nightmare to remember. We recommend using password management software, like 1Password or LastPass.

2. Do you understand your cloud service?

An interesting piece from Wired argues that we'll all benefit if some of the affected celebrities try to sue Apple over this case.

I won't go into all the arguments, but one key point is we often start using cloud services without completely understanding what we're getting into.

For example, Apple's iCloud terms of service are over 8,000 words long. When you sign up, you agree to them, almost certainly without having read them.

As we use these services to store and share sensitive information, perhaps providers should make more of an effort to really communicate what they do to protect our data, and what we need to do, too.

Our advice:

If you don't understand what a cloud service is going to do with your data, do further research before signing up. A local IT supplier might be able to help.

Don't commit everything to begin with, either. Start by moving non-critical data to the cloud. You can shift more of your business across as you gain confidence.

3. Who can you talk to?

If you're an A-lister, you can guarantee you'll get attention when your cloud services get hacked.

But if you're an ordinary business just trying to get on with work, are you confident you'll get a response from your provider when something goes wrong?

Services like Apple's iCloud and Google Apps are designed to be automated. You can sign up and start using them without having to speak to anyone.

Most of the time, they work flawlessly. But if something goes wrong and you can't figure it out yourself, it can be hard to find someone to help with the problem.

Our advice:

Look for cloud providers that offer comprehensive support and have a good reputation. Search online for reviews and make sure they're well established.

Often, a local IT supplier can help you find the most appropriate cloud services as well as providing support and help when you need it.

Blog by John McGarvey, editor of the IT Donut.

Copyright: s_bukley

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.