How to protect your data in the cloud
NEW YORK— The circulation of nude photographs stolen from celebrities’ online accounts has raised questions about the security of storing information over the Internet, a growing practice known as the cloud.
Apple confirmed Tuesday that some celebrity accounts were compromised by a targeted attack on usernames, passwords and security questions. Although Apple said there was no general breach in any of its systems, such as the iCloud storage service, it appears hackers were able to gain access to individual accounts simply by figuring out passwords and answers to security questions.
So if celebrities’ information isn’t safe, then whose is? Here is a closer look at how safe data is when stored remotely on these services.
Q. What is the cloud?
A. The cloud is a way of storing photos, documents, email and other data on computers located elsewhere, so you’re not using space on your computer, phone or other device. Amazon, Apple, Google and Microsoft all offer cloud-based storage. Smaller companies like Dropbox and Evernote do, too.
The advantage is that you can access the same information from any device. And if you lose your phone, for example, you don’t lose your vacation pictures.
The drawback is that you are putting your information somewhere else, so you run the risk of a hacking attack on those systems and accounts.
Q. Is it secure?
For the most part, yes. Companies invest a lot on trying to ensure that people’s private information stays private.
“The short answer is the cloud is often more secure than other storage,” says Rich Mogull, CEO of security research and advisory firm Securosis.
But that doesn’t mean it is completely immune.
“Like a lot of internet services, there are a lot of attackers who have a lot of time,” Mogull says.
Q. How can individuals make their data more secure?
A. You need passwords to access your accounts, so choosing a strong one is important.
Tim Bajarin, an analyst at technology research firm Creative Strategies, recommends having different passwords for each account you hold online, so a breach in one system won’t compromise another. It is also important to have a number and punctuation mark in each password, or a creative spelling of a word to make it harder to guess. Also, avoid using common words or notable birthdays as passwords. A strong password is particularly important if you store sensitive information online.
Another way to make your information harder to hack is called multi-factor, or two-step, identification. That means the first time you log onto an account from a new device, you are asked for a second form of identification. Usually, that involves getting sent a code as a text on your phone or an email.
“If you have physical possession one of your other devices, the identification is really hard to break,” Mogull says.
Most major cloud services, including Apple’s iCloud, Google Drive and Dropbox, offer this kind of protection. Amazon’s Cloud Drive is the notable exception. But you usually have to turn this on.