The tech news dominating the internet for the better part of the past week or so has been primarily focused on the celebrity nude photo hacking scandal. Dozens of celebrities including Jill Scott, were victims of a widespread attack that flooded the web with personal intimate pictures from their smartphones. Apple’s iCloud service was placed at the center of the scandal, and although the company maintains that an iCloud security breach was not to blame, the negative press has put a huge damper on buzz around the impending rumored announcement of the newest iPhone. But, Apple may have point. More often than not, when it comes to security breaches online, we are our own worst enemies.
When major institutions like Bank of America or Home Depot get hacked, those attacks are typically executed by highly skilled and organized (and funded) groups from around the world whose purpose is high-volume theft or politically motivated retaliation against a particular government or business. But when an individual is targeted, the usual suspect is one or two people and the method of attack is very different. According to a report from Verizon from 2012, 76% of security breaches were due to weak credentials – i.e., your password.
A strong password is your first line of defense against a hacking attempt. In the recent iCloud case, the most probable method the hackers used was brute force – trying different likely combinations of passwords and answers to security questions – until something worked. They collect biographical information online, and continue to guess until they get it right. Apple was negligent in one regard in that a security flaw allowed the hackers to keep guessing without locking them out after a set number attempts, something they say is now fixed. You’ve probably already heard password advice before, but it still stands: use a lengthy combination of upper/lowercase letters, numbers, and other symbols. Don’t reuse passwords across different accounts, and don’t use personal information like your name, your kids’ names, or your dog’s name. And no birthdays either. A password manager like 1Password or LastPass is also a good option as well.
Much has been made about two-factor authentication (or two-step verification) in the wake of the celebrity hack, and it’s also another way to help keep you secure online. Once it’s set up on an account, it gives you an extra layer of security when accessing the account. For example, if someone tried to get into your Facebook account from a computer or smartphone you hadn’t used before, a text message with a code would be sent to you. You would then have to enter that code to access the account. If you are still in possession of your smartphone, your account should be safe. A list of some widely used websites that offer two-step verification can be found here. It can be a bit inconvenient if you don’t have your phone handy, but it is an option that I’d recommend.
Phishing is also a popular method of hacking, and has been partly blamed in the recent photo scandal as well. Phishing can occur when you get an official-looking email from someone pretending to be your bank or credit card company asking you to verify account information. Or you can also be the victim of a phishing attempt when you click on that link that says “See Latest Nude Celebrity Photos Here!” Once that information is sent or that link is clicked, you’ve basically given a hacker the keys to the kingdom and are at high risk of data and/or identity theft. Remember that a legitimate company will never solicit personal information from you via email or text, and none of those links with the clickbait titles are usually worth the trouble anyway.
In the end, selfie security is a lot more complicated than just telling people not to take nude pictures. But, while hacking is a malicious and illegal invasion of privacy, we do have to take responsibility for protecting the content on our devices. And the current panic around disabling your cloud services altogether seems a bit reactionary and premature. If your smartphone is actually lost, damaged or stolen, which is much more likely than you being hacked, not having cloud backup could mean everything on your phone – contacts, photos, etc. – is gone forever. Yes, companies are also responsible for implementing the tightest security measures they can, but ultimately your best line of defense against becoming the victim of hacking is you.