People fear what they don’t understand, and cloud computing is no exception. You may understand the general concept but don’t really understand if you need it and if it’s secure. But you are already using the cloud whether you realize it or not – Facebook, Gmail, Instagram, LinkedIn – all data stored in the cloud. Use of the cloud can pose security risks, but only if you aren’t a mindful user.
Here are 7 common security mistakes, from CloudTweaks, that you should be aware of:
1. Mistake: You lost control of your data because of the fine print in a user agreement.
Solution: Many cloud services claim ownership of any uploaded data, even after you delete your account. These tricky rules are hidden in plain sight in the terms and conditions. Companies don’t expect you to read all the fine print, and I don’t either. 15 seconds of online research can go a long way before using a new cloud service.
2. Mistake: You sent out a public link to a Google Doc so others could view and edit.
Solution: Creating a public link is a convenient way to share a common document, but this means literally anyone who guesses the link can view the document. You may not care about your grocery list getting loose on the internet, but even documents like a party-planning sheet may have your address or other information you want to keep private. To restrict access, invite email addresses instead.
3. Mistake: You’re a celebrity and had private information leaked from your iCloud.
Solution: This is the famous celebrity nude photo catastrophe. Attackers correctly entered their victims’ passwords, either by brute force (multiple guessing attempts) or with previously stolen passwords. You may not be a famous model, but hackers commonly rely on this same method to steal information from any given application.
iCloud, the service provider in this case, is not necessarily insecure since attackers gained access in the same way the account owners do. It’s the user’s responsibility to confirm their identity, and sometimes a password alone doesn’t suffice. Multi-factor authentication can almost always prevent this type of attack and is a key measure for any service with sensitive information. Set up two-factor verification for iCloud.
4. Mistake: You use the same password for every app on your phone.
Solution: The previous tip discussed how attackers can gain access to your sensitive information by guessing or using a stolen password. Don’t make it easy for them! If you use the same password for all online services, a breach at Twitter may give attackers entrance into your bank, Amazon, and corporate email accounts. Use a password manager to minimize the damage in the event a single service gets breached.
5. Mistake: Web trackers are storing information on the sites you visit online.
Solution: Just like any hunter, knowing where you like to go online helps hackers target and execute attacks. Visiting just a few web pages can attract nearly 50 different tracking services. Many web trackers are useful for the services you use, but they can also pose a security and privacy liability. Services like Ghostery let you selectively choose who can track you, so only sites you trust receive your information.
6. Mistake: You granted an application every permission under the sun.
Solution: Applications request authorization for device permissions, but sometimes these can overstep boundaries. Be discerning when services seem to overstep their bounds by requesting access to contacts or even your camera, for example. These permissions can cost you money by making phone calls, violate privacy, or make a malicious attack more dangerous. Look out for permissions that seem unnecessary for the application’s function.
7. Mistake: A small mobile app startup you know nothing about has access to your banking data.
Solution: Your bank spends hundreds of millions of dollars protecting your account, but that brand new financial app may not implement the same level of security. When you give a service full access to your financial information, you’re essentially circumventing your bank’s security. Keep your bank account secure by applying the tips above to any financial app you use. You should also limit access to only the necessary services, some of which ask for more permissions. A good rule of thumb is to be extra discerning of any service that requires you to enter your online banking password within the app. On the other hand, services that send you back to your banking app to authenticate don’t have as much control.
We want your cloud experience to be secure. If you’d like to learn more about Cloud Computing, contact the experts at Great Lakes Computer. And watch our video, Cloud Computing 101.