Time to consider our own data security

Recent stories about celebrities’ selfies being taken from their iCloud accounts and posted on the Web should have the effect of focussing everybody’s attention on data security. The problem is that all too often that phrase is interpreted as referring only to whether or not some remote corporation is doing all that it should to protect our personal information.

Very few of us do as much to protect our own material as we do to protecting a bike left outside a shop. But it’s time to change. We have to take responsibility for the security of our own data under our own control.

Unfortunately, in order to be able to do that, we have to understand some of the issues.

Few people, it seems, can be bothered.

It isn’t clear how the celebrity picture hack worked but Apple seems to think that it was the result of hackers getting passwords by social engineering, phishing or guessing security questions. In reality, it’s probably not that difficult to establish a celebrity’s answers to common security questions; it’s the sort of information that’s widely known.

But in order to get a password reset, the hackers must have had access to the celebs’ email accounts. That’s entirely possible given the ways in which people choose passwords. In one recent example, nearly one third of people using one high-profile website had 123456 as their password. Some people are more cunning and use abc123. The top ten passwords were used by nearly two thirds of users. So if you’re trying to crack somebody’s password, there’s a good chance you’ll do it with one of the top ten shown by SplashData.

Even a more challenging password might not provide much protection: I recently demonstrated that an 11 character dictionary password could be cracked by a very ordinary computer in under ten minutes using tools freely downloadable from the internet. Yet it isn’t difficult to set a strong password (as we will show you in next month’s blog.)

But the problem is that people don’t even seem to think about keeping their material safe. For example, suppose you suddenly find your laptop isn’t working and you have to send it for repair. The engineer will probably have access to everything on it. As for smartphones, did you know that in simple terms, anything on a phone can be recovered, even if it has been deleted? Even more worrying is that it’s probably still recoverable from the phone even after a factory reset.

What all this means is that, from a commercial point of view, the idea that has become popular over the past year or so of BYOD (Bring Your Own Device) could be high risk, especially in small companies without a skilled IT department.

Even if an individual is using company-supplied equipment with good password protection, if they’re using the type of home data storage device known as Network Attached Storage (NAS), the company information might still be at risk. That’s because so many are badly configured.

The solution to all of this is for everybody to understand the importance of data security.

From time to time I talk to local school pupils about online security. I always tell them that there is one golden rule they have to understand and remember: always assume that anything you do electronically will be publicly visible forever. It’s a lesson that we should all take to heart.

A safer way to choose a password

Related Posts



No comments made yet. Be the first to submit a comment

Popular Posts

Sydney Paulden
09 October 2013
My mobile rang and I reached into my pocket with difficulty to answer it. ‘Sydney’, said my acc...
174169 Hits
Sydney Paulden
24 October 2013
There is always an exception to the rule. The world continues to complain about sluggish economi...
111632 Hits
Sydney Paulden
25 November 2013
Should something be done about it? And if so, what? Requests for quotations for events are ...
89697 Hits
Sydney Paulden
09 December 2013
How can we get more accurate global statistics?e In 1989, I read in a national newspaper ...
85002 Hits