Biz Features

Should “The Fappening” Change How We Handle Data Security?

by . September 4th, 2014

Probably not. Here’s why most of you shouldn’t worry.

large__7328234992
It what was probably the most publicized breach of data security in recent months, several high-profile celebrities found their private photos released into the World Wide Web.

While I *hate* using the “World Wide Web” out of principle, it’s pretty much describes the whole thing. It covers the whole planet, is much wider than anyone can possibly fathom, and is incredibly sticky – if not outright frothy.

Mental imagery aside, internet security is no joke. The iCloud breach has demonstrated all our greatest fears about private data becoming public. Even more than recent credit and debit card data breaches recently suffered by Home Depot  and Supervalu.

Going back to the celeb data leak,  Apple unconvincingly maintains its systems were functioning as intended and that it wasn’t responsible for the incident, the fact of whether the breach was nothing but an updated con, a “brute force attack ” or the result of a hole in the system pretty moot at this point.

You could probably rest a bit easy though. You probably aren’t as famous as some of the names mentioned in the breach, which makes it less likely you or your business will be specifically targeted.

There is always a risk that your data can fall into the wrong hands. This is regardless of how many precautions you take. Then again, we’re always at risk of meeting an accident when you drive, or that next Quarter Pounder resulting in your untimely stroke.

Let’s get this out of the way:

 

In real world security, there will never be perfect solutions.

 

This applies not just to data security, but darn near every single little step of your entrepreneurial journey. The key is to reduce risks, while maintaining a reasonable expectation of functionality.

This is why we can’t necessarily blame anyone who’s lost their data in the iCloud breach. There was totally a reasonable expectation that the system was secure enough to have prevented this incident, and that anyone who used it understand that any data out of their hands is literally just that.

Perhaps one should consider security and privacy issues differently if they’re famous. While probably unfair, no one even seems to care as much about the identities of the men who had their data leaked in the same breach, or the non-celebs who probably got victimized as well, just because they happened to look similar to someone famous. This only underscores that if there is a huge demand, there will always be people who will try to fill it.

Don’t discount the cloud yet.

large__7557181168
There’s a fundamental reason we love cloud tech. It’s extremely convenient, and you don’t wear out your sneakers or homing pigeons sending data from point A to points beyond. For a lot of us, it’s the only option that makes any sense. In many cases, it’s the only affordable way to back up data, regardless of sensitivity.

The key is to use cloud features in a way that reduces the inherent risk.

The average entrep could probably get away with these minimal precautions

  1. Have passwords or PIN codes on your computers and mobile devices.
  2. When having computers repaired, always see if you can move sensitive data to a flash drive or other external device – not connected to the internet.
  3. If you take pics with your phone, disable  auto-upload features!
  4. Delete photos from your phone or memory card after copying them to a safe storage device.
  5. Don’t sync sensitive information to cloud services – at least without encrypting. These include iCloud, Dropbox, Google Drive, OneDrive, and many others You can encrypt archive files (.zip, .rar), or any of the many service or file-specific encryption tools widely available.
  6. ALWAYS REMEMBER: Send anything over the Internet, and you lose control over it. Once sent, you have zero direct control what the recipient does to your data.

“But I want a secure system!”

Secure from what? If you’re really into worrying, well data thieves aren’t the only thing to think about. Your building could burn down, or your hard drives or servers could fail. You could get caught in an earthquake or a tsunami.

Plus, data isn’t the only found in computers. The moment you convey an idea, whether on paper or voice, you are sending out analog data that could be converted digitally and perhaps sent over the internet.

You get the idea. It’s highly impractical to insist on a totally secure system, especially if your business does not necessarily demand it. E

Of course, let’s assume you’re just concerned with human threats to your data. All you could really do is transfer your data to a computer or storage device that isn’t connected to the internet. You could also disable USB ports on that device to prevent easy access by unauthorized users physically present in the room.

The ones out there with tinfoil hats might also want to do the following:

origin_3195323446
1.) Keep designated secure computers in rooms without windows.

Various methods can be used to gain access through a window. Attackers can case your joint for one. They may also be able to derive important data from what they see. If the window’s covered with glass, they may use lasers to detect vibrations on the glass caused by the sounds in the room – such as a conversation.

It has been suggested that Osama Bin Laden was discovered with this technology, as it allowed the CIA to determine a person who was not visually ID’d outside the compound existed.

2.) Disable all microphones.

Researchers have demonstrated different keys make different sounds — making it  possible to fairly accurately detect what someone is typing.

3.) Never allow devices with gyroscopes near your “secure” computer.

Gyroscopes/accelerometers can act like a mic, detecting sound vibrations from the room.

4.) Disable speakers in all  designated “secure” devices.

Computers can have their speakers hijacked, say via an unsecured USB. The speakers can then transmit sounds beyond the range of human hearing, relaying instructions to a computer with a mic, or a mobile device that is connected to the internet.

origin_467930481
There are plenty of other things to look out for, and the arts of obtaining and defeating security are constantly evolving fields. It’d be impractical to list down all the avenues by which security measures could be defeated.

So are you saying “don’t be prepared”?

Far from it. However, we should be realistic about the threats we face and how we react to them, not give in to media hype. Threats  can sometimes be very real, but totally avoiding them is often a fool’s errand. The only thing preventing millions of head on collisions in highways all over the world is often just a strip of paint. There are drunk drivers and many other potentially lethal obstacles, but most of us travel on these roads, usually every day.

Data breaches are little different. Always remember the goal is risk reduction – not risk elimination. Apply this approach to everything else you do, and you should get far.

 

Image credits: Lamerie via photopin ccDBduo Photography via photopin cc ardenswayoflife via photopin cc Marshall Astor – Food Fetishist via photopin cc GabboT via photopin cc FutUndBeidl via photopin cc

ABOUT THE AUTHOR:

%d bloggers like this: