Lessons Learned From The iCloud Security Breach

Earlier this week you undoubtedly heard of the iCloud security breach that happened to some well know celebrities.  While Twitter and other places lit up with nudie pics of the like of Jennifer Lawerence, there were a lot of people at Apple frantically trying to find the source of the problem.  Was it a real breach?  Was there an inherent flaw in iCloud where anyone and everyone could be compromised?

The short answer is no.  This came down to, at the most basic level, a brute force attack against usernames and passwords. It was the latest in what seems to be a weekly announcement of someone having data security compromised by hackers.  The problem of course is that we all have digital data – digital footprints and fingerprints – all over the Internet.  From our Facebook account(s) to Twitter to our Banks.  Even our identification to remotely access our corporate networks.  Nobody is immune but you can protect yourself as best as possible.

Identification security is something we should all be vigilant about whether it is on our smartphones, our PCs or Macs.  Security breaches happen at the weakest point so the goal is to make it difficult to discourage but also not so difficult that you yourself are unable to access your data.  Here then are a few tips that you should consider when it comes to your personal data security.

Use Complex Passwords

The most basic thing you can do in personal data security is use complex passwords.  That is, use passwords with a mixture of:

  • Upper-Case Letters
  • Lower-Case Letters
  • Numbers
  • Special Character such as @£$%!
  • At least 8 characters long

Passwords should also not be associate with any personally identifying information such as:

  • Birthdays (yours, your spouses, your children, etc)
  • Your address
  • Your National Identification/Social Security Number

Complex passwords serve as a strong deterrent for those who would potentially try to gain access to your data.  While any password can be compromised with enough time, complex ones point hackers to easier targets.

Turn on Two-Factor Authentication

I get it.  This is a proper PITA (Pain In The Ass).  I know it is and I appreciate that it is.  Microsoft, Google and Apple all appreciate that it is.  But you know what?  Locking my front door every time I leave my house or locking my car when I park it is a pain too.  It’s the reality of the world we live in.  Security is not always convenient.

Every major service out there has two-factor available:  Microsoft, Google, Apple, Dropbox, Evernote… the list goes on.  In fact I would contend that if you are using a service that doesn’t offer two-factor authentication you need to seriously think about if you need that service in your life.

At the basic level, two-factor authentication will require that any change to your account be authenticated in a second way, usually by a security PIN begin sent to your mobile device via SMS.  It means that even if someone gets my username and password they cannot change anything on my account (i.e. take it over) without my mobile device and that PIN.

Don’t Use The Same Password For Everything

This is the most common mistake people make.  You get your complex password figured out then you use it for everything.  Think about it folks:  If I get your password, the first thing I’m going to do is try to see if that password works for other sites so I can completely compromise your bank account, Facebook, credit cards,  etc.  It’s the digital equivalent of hiding the spare key under the mat of your front door.  Your data security is only as good as you make it.

The tough part is remembering all those passwords.  I highly recommend getting a digital wallet.  I personally use eWallet from Ilium Software.  They have it for a variety of platforms including Windows Phone (Go Version, not brilliant), Windows, iPhone, iPad and Mac.  This secure wallet has all of my passwords and even includes a password generator that I can use to create these complete passwords.

eWallet from Ilium Software

Don’t Share Passwords With Your Partner/Spouse

This one is a common practice amongst couples, especially those who are accessing the same accounts.  The problem is that if your security is breached, the hacker now has access to TWO people.  Keep your passwords separate from each other and use different accounts to access your data.

Set Your PC and Windows Phone to Lock

It is not uncommon for personal security breaches to happen from someone that you know such as a co-worker.  Locking your PC or

Windows Phone Lock Screen
Windows Phone Lock Screen

Mac when you walk away is critical to making sure that people do not have unauthorised access to your data by simply walking up to your computer and accessing it.

The same is true for your Windows Phone.  To assure security on them, you should have them setup to prompt for a password when you turn them off. You use the simple 4-digit passcode if you want but make sure it isn’t a repeating number (such as 1111) or the last four digits of your Social Security number, your home address, etc.  You do have the option to use a complex password in Windows Phone.  All of these settings are in the Lock Screen settings.

Enable Text and Email Account Notifications

If a security breach does happen with your personal data, time becomes critical.  It does not take long for information to be compromised once someone is inside the walls so finding out they are inside is of strategic importance.  On your accounts, be sure to enable text and email notifications for any changes to your accounts.  For example:  If something changes on my Facebook account (email address, password, a device accessing my account, etc), I have a text message as well as an email sent to me.

Be careful though as you read these emails:  Hackers have learned to mimic these emails to get you to enter in your password so they have immediate access.  Check the URL of an email before you click on it.  If you are not sure if it is from who they say it is (i.e. your bank), call them.  But don’t call the number in the email (hackers are smart, remember?) but call the number on the back of your debit card or on your bank statement.

Be Vigilant

There is no 100% way to keep personal data security from being compromised at this point in our history.  All of us have a digital footprint or fingerprint.  The job we all have is to make sure that we keep that data as secure as possible.  Be diligent and vigilant and don’t compromise security for ease.  Keeping things secure is difficult and yes, a PITA sometimes.  But the alternative of having to spend countless hours cleaning up the mess afterward makes it worth it.