Banks are being hacked. Private celebrity selfies are being exposed. And after a massive break-in, Home Depot may have to do some major repairs.
Summer vacation is definitely over, so it's time to do some fall maintenance of your own – and stop trusting the cloud.
Early this week, hackers broke into some celebrities’ iCloud accounts and dug up and posted their very intimate photos – some of which the victims, including Jennifer Lawrence and Kate Upton, thought they had deleted. Apple, which owns iCloud, initially issued a statement explaining that there was no security breach. But by the end of the week Apple CEO Tim Cook said the company would add a security feature to alert users with a warning when someone tries to restore iCloud data. (The feature should be running in two weeks.)
Banks, email services and other online companies generally send users an email notice when someone tries to log in to your account from an unfamiliar device or tries to change a password.
That means your email account is your last line of defense. So if you do only one thing to protect yourself this month, make sure you use a unique and elaborate password to access your email.
The password should contain the longest string of arbitrary letters and numbers you can recall consistently ("passwordandmybirthday" does not count). Even sentences followed or preceded by numbers are an excellent defense against hacks.
This is important because law enforcement is still investing a break-in that involves several banks, including JP Morgan Chase. How many depositors have been affected remains unclear, but what is obvious is that these attacks are continuing.
As to whether financial institutions will ever succeed in stopping digital thievery, security professionals say don’t hold your breath. Criminals are involved in an escalating battle for your accounts, and they won’t stop. As bank robber Willie Sutton famously said (although he denied it), "That's where the money is."
And that means you should never respond to an email or click on a link in one that asks you to log into an account – even if it is from your bank. Hackers are very adept at faking such messages, along with partial account numbers and official-looking logos. These so-called phishing attacks may look legit, but they'll take you to fake sites that ask for your password. And that’s when you get hacked.
The same goes for LinkedIn requests in e-mails, or even for friends who send you a link that requires a password. Just don't do it. Instead, open a separate browser and go directly to the site you know before you sign in.
Another question being debated this week is whether we can trust the cloud at all, given that more of our personal lives are being stored online. The answer, again, is no.
Services that store your calendars, emails, financial data and entertainment grew exponentially as high-speed Internet became pervasive and cheap storage became commonplace. But security has not kept pace. The fact is, when you use a cloud service, you are trusting someone else to keep your records on their computers and hard drives.
Like the banks, these services are embroiled in a war against criminals. And even if they have the best intentions, they are not impregnable. They may be secure enough to store your e-books, digital movies and music, but everything else? Keep it to yourself.
Finally, as a victim of identity theft, I recommend that you contact the credit reporting companies – Equifax, TransUnion and Experian – and put a fraud alert on your account. It will usually last for only 90 days, but it should prevent anyone from opening a credit account in your name, increasing your credit limit or getting a new card without someone contacting you. (Be aware, though, that it will also prevent you from instantly opening a credit account in a store.)
Is all this work a hassle? Yes. Are we just being paranoid? No. It's not paranoia when cyber Willie Suttons are trying to break into your accounts. Because that’s where the money is.