The Naked Truth – What Your Business Should Learn from the iCloud Celebrity Photo Scandal

The naked truth – what your business should learn from the iCloud celebrity photo scandal

It is easy to assume that the internet is a secure place to store information.  Amazon, Google, Apple – these are all huge billion-pound companies that get paid to look after our photos, documents, videos etc.

They are the professionals, right? They know what they are doing.  Well, not always, as the recent iCloud celebrity photo scandal shows.

Jennifer Lawrence – star of The Hunger Games and victim of the iCloud celebrity photo scandal

Somehow hackers managed to access Apple’s seemingly secure iCloud service, specifically targeting celebrities such as actress Jennifer Lawrence. (She was in The Hunger Games films, in case you have never heard of her.)

Potentially all they needed to do was crack the celebrities’ passwords – the bread and butter tactic for your run of the mill hacker.

Apple insists that the breach was not through any failure of its own security systems per say, instead blaming easy-to-guess passwords and phishing scams to get user log-ins.

The technology giant now says it is now adding extra security to thwart future hacking attempts, with email and push notifications alerting users to any suspicious changes or activity on their accounts.

What is that phrase about horses bolting and shutting gates?

Two-factor authentication, currently being lauded by Apple as the security answer to all its problems by requiring users to have two or more pieces of information to access an account, such as a password and a separate, one-time four-digit code, is nothing new and we were talking about multi-factor authentication early last year.

In fact, you have always been able to enable two-factor authentication on iCloud – Apple just seems to have done a poor job of letting people know. It’s an opt-in measure rather than opt-out.

What Does All this Have to Do with Your Business?

At the very least, it should highlight just how easy it is to assume that the Internet and/or Cloud services are secure places to store sensitive information – which is not necessarily the case.

Never assume that the Cloud is secure.

You need to know what electronic data your business has, how sensitive it is to your business and, crucially, where it is stored, who has access to it and when are these people accessing it.

Believe it or not, there are still a lot of people, especially smartphone and tablet users, who might not even realise that information they have on their phone is being backed up to the Cloud.

Depending on what you find out from this exercise, your business may need to make changes to how it stores and processes electronic data.

Almost 20 years ago, when I was still new to the technology industry, I was taught that the most effective security is the most restrictive.

But you must also consider how being too secure could impact on your ability to work effectively.  There will always be the battle between security and usability and the trick is to meet somewhere in the middle.

Not all Security Breaches are External to Your Business

A 2011 US survey revealed up to 40% of small and medium-sized businesses had suffered security breaches due to unsafe web surfing by staff – i.e. accessing websites that allowed viruses and malware onto office systems and putting the security of their data at risk.

Read more about this in our 7 Things For Better Technology Security blog – it is an oldie but a goodie.

Essential Travel Ltd, a former Thomas Cook subsidiary fined for lax security

And finally, the best way to ensure that all of your sensitive data is securely stored is to bring in an IT professional, who will be able to advise you on the right system for your business.

Just a few months ago, a former Thomas Cook subsidiary was fined £150,000 by the Information Commissioner’s Office after its security failings allowed a hacker to access thousands of people’s details.

For a small or medium-sized business, this would be enough to send them under.

Data protection is not optional, it is the law.

In a few months time, nobody will care about a few leaked photographs of naked actresses.  But for those of us in business, the consequences could last much longer.