What can cloud users do to prevent hacking on the client side? Unfortunately, that’s a question many people are asking currently, following two major cloud breaches this fall: iCloud and Sony (the latter we now know to be the work of the North Korean government in response to the Seth Rogen and James Franco film The Interview).
This article will explore hacking prevention as follows:
- General Hacking Climate
- Tip #1 – Two-Factor Authentication
- Tip #2 – Look at Your Links
- Tip #3 – Don’t Repeat Passwords
- Tip #4 – Persistent Vigilance
- Cloud on Demand
General Hacking Climate
The cloud is growing. I know, you get it. You see the hype. It’s virtually impossible to escape. There is so much money in cloud computing that it has become a well-entrenched household concept, with 9 out of every 10 American high-speed Internet users familiar with cloud storage solutions.
Failure to protect cloud information is, then, not just a common oversight of multinational enterprises but of SMB’s and consumers. As Joe Lazauskas so aptly frames the issue in Forbes, “there are few people today who can afford not to be concerned about the safety of cloud computing.”
Lazauskas provides 4 tips for those wanting to keep a single cloud account protected.
Tip #1 – Two-Factor Authentication
You may use two-factor authentication on Facebook or other high-profile Web services. It’s always a wise idea to add that additional factor because it serves as an additional layer for identity verification. The standard way to log into a site, username/password, is referred to as single-factor authentication. Sometimes a financial site will additionally require a PIN, a second factor. Another option is to receive a one-time code through a cell phone app or text message – as available on any Google account.
You typically don’t have to set up two-factor authentication on your cloud, but the bottom line is, use it anytime it’s available.
Cloud security pro Richard Seroter explains that although it’s a hassle to jump through two hoops rather than just one to access any given account, it offers significantly more protection since dual factor compromise is unlikely: “If you’re using a Web application that offers two-factor and you’re not using it—come on.”
Tip #2 – Look at Your Links
Is there security within your links? Seroter notes that cloud hacking often occurs through links (which might not even involve code hacking but link theft).
If you want someone to see a link leading to sensitive information, you want passwords to be required and for the link to be inaccessible after a short window. Seroter conducts regular housekeeping to make sure he is invulnerable on the link front: “I usually go in weekly and sweep through any links I’ve created on tools like Dropbox… and make sure that I’ve deleted them.”
In a public cloud setting where you don’t control the security protocols (obviously, you trust Apple when using iCloud), you need to keep in mind that those files are not on your machine. Determine whether public cloud is the right choice for your data, or if dedicated cloud makes more sense.
Tip #3 – Don’t Repeat Passwords
You are probably aware that you want to use more than a single password for the various sites you visit. Maybe you have five or six you use, and you repeat them sometimes. Is that secure? No, it’s not. You should have dozens of passwords.
“It is smart to use things…that generate random passwords,” says Seroter, “and just accept the fact that you might end up with 50 passwords.” The way that you store those passwords represents another security concern, but you know that any other type of breach will be contained to one account and generally more difficult to crack.
Use a strong random password creator, paired with an application that contains the passwords within encryption and syncs with your PC and mobile devices, such as Sky Wallet.
That makes your security efficient. It places your passwords on a separate platform, and it makes it simple to access login credentials.
Tip #4 – Persistent Vigilance
When a hacking scandal is trending on Twitter and Google News, security becomes our top priority. However, when the news cycle turns a different direction, it’s easy for us to forget that history tends to repeat itself and that hackers are scoring big every day. It’s a continuing concern.
To forget about Jennifer Lawrence celebrity photos and enterprises such as Sony, instead viewing cloud protection from the vantage point of a typical Internet user, Seroter suggests asking oneself: “What happens if my Dropbox [were] exposed tomorrow? Would that… be awkward, uncomfortable or financially compromising?”
Cloud on Demand
You want security and expertise? For your cloud solution, you deserve a support staff that is ITIL Certified, data centers that are SSAE 16 Audited, and a provider that is ISO 9001:2008 Registered.
Start for free with a Flex Cloud VM today.
By Kent Roberts