Sophos Cloud Optix
Following the news this week that multiple celebrities had naked photos posted online, Apple confirmed it found no evidence of a security breach, but that some individual iCloud accounts were compromised.
The company said that the individual accounts were accessed the old fashioned way – by figuring out the victims’ login credentials.
Of course, it isn’t just film stars who have sensitive data on their Apple devices – employees will often have corporate data on their iPhones and iPads while home users may also have their personal pictures and videos stored on their iOS device.
With that in mind, here are 3 tips to help keep your photos and other data safe:
1. Use a strong password
This is an easy one – it’s important to make sure you use a strong, unique password for your iCloud account, especially as Apple hasn’t yet enabled two-step verification for iCloud.
To do this, make the new password long (minimum 14 characters), avoid using real words and switch between UPPER, lower, d1g1t5 and \/\/@ckies. If you have trouble remembering such a complex password, consider using a password manager.
And while we’re here, make sure you use unique passwords for every account on every website that you use. It’s important because if someone gains access to one of your accounts, they can only access that one – not every account you own.
2. Limit what you backup to iCloud
Now is a good time to check what exactly is being backed up to your own iCloud account.
Go to Settings on your device and then select iCloud.
Here you will see a list of all the apps on your device that are being backed up to the cloud.
Each can be individually toggled on or off. You need to decide for yourself as to what you want to backup – for example, you may decide to not backup your Photos (especially if they’re a little risque), but keep backing up your Mail and Documents & Data.
It’s a case of weighing up the risk of losing or bricking your device, versus the risk of having your information stolen through the cloud. Of course, there’s always the option of…
3. Turn iCloud off and backup locally
If you feel that the risk of having your iCloud storage hacked outweighs the convenience of the service then you may wish to delete your account entirely.
Doing so is very easy.
Go to Settings on your iDevice and then select iCloud. Scroll all the way to the bottom of the screen and you will see the option to Delete Account.
Of course, that means your device will no longer be backed up, so you’ll need an alternative means of backing up your data. Fortunately, you have that with Apple’s iTunes which offers a manual alternative.
1. Make sure your computer has the latest version of iTunes
2. Connect your iOS device to your computer
3. Choose File, then Devices and Back up.
If you decide to backup your devices this way, remember to continue backing up on a regular basis.
And, if you’d like more generic advice for keeping your smartphone safe, read our 10 tips for securing your smartphone.
My husband somehow was able to log into my iCloud. He doesn’t know how to use it, so I have no clue how he got on there. Somehow I ended up with some pictures I really didn’t want to see on my cloud. I asked him, and he said he clicked the “sign in thingy” so it would go away. Not sure how it got him in there: he didn’t have the password. (and he hates clouds and doesn’t want one of his own) Just in case someone needs to know..
Enable “encrypted” backup in iTunes, the benefit is that the backup will only then include usernames and passwords for your apps. You will thank me if you ever need to restore your device.
The author is repeating mostly old suggestions without considering the practicality. This is typical of security commentators. For example, it would be almost impossible to fing someone who can remember long, complex passwords that are different for every single account. At 14 characters, you’ll have to be either a savant, or have only a very few accounts. If you want to blog about this, focus on promoting schemes that might be practical.
It is entirely practical to use distinct, complex passwords on all the websites you use. If you’re unsure how to generate a strong password that’s memorable you might like to try these:
How to choose a strong password
http://nakedsecurity.sophos.com/2010/02/03/choose-strong-password/
Or, XKCD’s perennially popular ‘Correct Horse Battery Staple’
http://xkcd.com/936/
If remembering them is a problem then you can use a password manager or, if you prefer not to store them electronically, just write them down.
Security is all about weighing risks.
Assuming you have a strong password, and that you lied in your security qustions, which risk is higher, data loss through not having a backup, or being targeted like the celebs were?
My money is on the former being much more likely. Advising people to switch from an automated backup to one that they have to think about without giant big bold letters and flashing lights is frankly irresponsible IMO. A simply throw-away line about remembering without even bolding it is just not enough.
You are recomending people avoid an over-hyped media risk and replace it with the very real risk of data loss.
I always try to add a few more things, just to continue the conversation.
a. Think about the password recovery process. Be aware of how easy your answers may be or email account is to guess. Make sure that email account is also well protected.
b. Don’t let other people use your devices unsupervised.