Everybody Wants To Steal My Girl, Or Steal My Data?

CyberCrimeSecuritySecurity Management

Chris Eng, VP of research at Veracode, highlights 6 ways One Direction can keep their private pictures private

One Direction recently announced that they would be shutting down their iCloud accounts over fears that their private photos could be leaked online.

Whether swarms of dedicated One Directioners follow their lead or not, this move has demonstrated how this high profile breach has shaken up the wider public and instilled consumer fears over security in the cloud.

Jennifer LawrenceThe privacy debate

Following the initial iCloud hack, involving Jennifer Lawrence among others, there was endless debate on how we ended up here and whether the celebrities involved should shoulder any of the accountability. A great deal of conversation surrounded the privacy debate and lamented over an ideal world where companies and services that we rely on should respect our privacy and build foolproof, intuitive user experience. The following was written in response to the iCloud hack:

Sadly, in the real world we have to accept that many companies won’t invest in security or privacy, and even those that do can and will make mistakes. And corporate security policies aside, users will also make mistakes.

There’s no question that consumers should be demanding that corporations do a better job. This is a challenging but worthy goal. And while their celebrity status doesn’t change their right to keep their data secure, celebrities can shout louder than most people. Hopefully in sharing their belief that the security measures in place aren’t robust enough to keep their data private, will spur on companies to do more.

Businesses should be taking notice of their customers and understand that security is a massive priority to those who purchase their services. Consumers should have settings which are secure by default, the UX should be intuitive, and security features should be put in place to mitigate simple attack vectors like brute force attacks. But when push comes to shove, we can’t put the entire burden on others to protect us.

It is important that we understand that some accountability belongs to us. You wouldn’t leave a pile of money on the seat of your car, would you? But unlike One Direction’s response, this doesn’t mean that we all need to retire from storing information in the cloud (or in their case specifically, iCloud).

Let me be clear: nobody deserves to be victimised. But as a user, there are choices that can help me reduce my exposure. Here’s a few that I’d suggest:

Disable cloud synchronisation of photos and/or other data

It is often tempting when a cloud storage provider suggests synchronising all your photos and/or other data. Let’s face it, it saves dragging and dropping files into the cloud or onto an external hard drive, and there’s no lost pictures if your phone gets stolen.

But do you really need every photo that you’ve ever taken to be accessible at all times from every device that you own? Really, do you?

Sadly, there is often a play off between security and convenience. If you have photos you know you wouldn’t want someone getting their hands on, then by disabling synchronisation you can be sure they won’t end up bundled onto the cloud with all your other files.

Disable broadcasting my location in every photo you take

Whilst some people consider our endless selfies to be ‘oversharing’, there’s no need to overshare your information if you do decide to share it with your friends and/or followers. Taking off geolocation reduces the amount of information you share and stops people from being able to track you through your photos.

Ask yourself whether you really gain enough value here to compensate for the risk? Sharing your favourite spots might be harmless, but it leaves an unnecessary trail that someone could take advantage of – and that’s an unnecessary risk to take.

Pay attention to your device’s default settings.

Unfortunately, most devices default to TURN EVERYTHING ON and UPLOAD ALL THE THINGS. More unfortunate is that this information isn’t often clear or well-communicated.

Take a few minutes and maybe a Google search to understand how your phone is configured. A few quick changes may make all the difference to how much you share, and with whom.

Treat my nude photos differently than you treat your other photos

Whilst One Direction previously assured us that they wouldn’t be suffering the same embarrassment, as they don’t have naked photos online, notice I didn’t say stop taking them. This isn’t a morality debate and no matter what one’s celebrity (or non-celebrity) status, your personal business should stay your personal business.

One way to keep them private could be something as simple as using a standalone camera or an alternate device with cloud storage disabled. There is a convenience trade-off, but as I mentioned previously, this is a minimal trade-off for the privacy benefit.

Opt-in to two-factor authentication wherever possible

Using two factor authentication (2FA) means that if you re-use one password everywhere (as many people do, but which I do not endorse), there is an extra layer of defence if/when other sites are inevitably breached.

Many of the tabloid-worthy hacks we’ve seen — from Paris Hilton to Sarah Palin to Scarlet Johansson — could have been prevented by 2FA, if the feature had been enabled. (Although apparently in the iCloud case it wouldn’t have helped this time; remember how I said companies make mistakes?)

Know the 2FA implementation stance of the websites you use: here’s a list of other websites and their stance.

Change your perspective

Without ever relinquishing the belief that you deserve privacy, it is important to remember that systems aren’t perfect and breaches do happen. Think of it as online situational awareness: hope for the best, but always plan for the worst. But planning for the worst doesn’t have to mean retiring from the cloud – it just requires a bit more care and consideration of what you put there.

We already know that, at the end of the day, we have assume the responsibility for our actions. That’s why we give our teenagers practical advice on how to behave safely, both online and offline, rather than shielding them from reality and pretending they will always get the privacy they deserve.

But taking responsibility doesn’t mean removing ourselves from great technology. Fear is detrimental to our enjoyment of technology, and the potential opportunities and benefits it brings. Take responsibility of keeping your information safe and you’ll be able to enjoy what’s out there much more.

How much do you know about hackers? Take our quiz!

Click to read the authors bio  Click to hide the authors bio