If you're a fan of Jennifer Lawrence, Kirsten Dunst, Kate Upton and others, you may be aware that some of their sensitive personal photos were apparently leaked online over the weekend. These photographs were allegedly obtained through a brute force attack on Apple's cloud storage sites and services to which the photographs had been uploaded. Beyond "change your iCloud settings," what practical takeaways does this incident provide and how can we safely use convenient cloud and mobile services for work and play?
First, we must acknowledge the risk. The loss of sensitive data though the use of connected devices was highlighted in the Websense Labs 2014 predictions, "Attackers will be more interested in cloud data than your network" and, "Cybercriminals will target the weakest links in the "data-exchange chain."
Realistically, we are going to use the cloud and our mobile devices both for work and personal data as the convenience of availability enables us to be more effective in our jobs and to share with our friends and family. However, with convenience comes responsibility, so with both our business data and our personal data we should all be more mindful and have a standard protocol for safely integrating the use of these technologies.
Remember, the cloud is not a substitute for good data management practices, but by having a data use, creation and collection plan you can minimize the risk of threats to you or your organization.
This plan can be as simple as proactively examining: what data you want to create and share; what you plan to use the data for; and knowing where that data will be collected and stored.
For businesses a data use and classification plan simply gets users on the same page and can help avoid costly data loss issues. For personal use, this doesn't need to be a big written policy. You simply must make a proactive choice on what you want to share to avoid later surprises.
Here are a couple of steps that I take in both my personal and professional life that may help guide your use of these convenient services:
1. Establish rules for what data can go into the cloud
As an organization the first step toward safe cloud and mobile use is to acknowledge that there is risk in these applications. Some data should never go to the cloud, without stringent protections. So go through the process of defining sensitive or high value data, communicating that definition to employees and executives and then reinforce this learning through repetition, imagery and patterns. For your personal data plan that also means educating family members (especially younger, internet active types). It is also beneficial to know how to remove data that accidentally gets into the cloud.
Sign up for CIO Asia eNewsletters.