Heartbleeds and Cloud Storage-Most people by now have heard of the Heartbleed bug that has swept across the web. It is not hard to see why as the ramifications of the bug are significant. Sites that have been affected by it will have experienced all of their stored data being accessed by hackers. This not only includes usernames and passwords, but also user data, and credit card information and personal details (comprising of home addresses, phone numbers, etc.). This has caused widespread fear and paranoia, as even sites as large as eBay have experienced some false alarms.
The advice that emerged from Heartbleed is for all users to adopt a site-specific login protocol. This means that for each site you create a username for, you create a different password. As a result, if your password is hacked from a site, the hackers cannot use that information to access your accounts on other sites.
Yet, this is still not enough. In a world of social media, many people do not realize how information gleaned from sites like Facebook can be abused. People oftentimes post specific personal details about themselves that can be easily used for identity fraud. These include birthdates, city of birth, and educational institutions or place of work. It is highly recommended not to put these details on the site at all. However, if you would like to share this information, it is advisable to implement the top security measures on offer from these sites, such as Facebook’s ‘only friends’ visibility settings.
Last month, Dropbox made the worst mistake a cloud storage provider could make: a leak. A mix-up within their sharable links resulted in people’s ability to access a user’s stored files without the user’s permission. One such file that was accessed was a tax return form. This was not only embarrassing for Dropbox, but it also provides an insight into the vulnerabilities within cloud storage security.
Since paperless living is becoming the norm, cloud storage is inevitable. Therefore, users have to be extremely careful in where they keep their documents, and more specifically, which cloud storage provider they use. It is essential that users complete thorough research before committing to a vendor.
Some things to consider include if the storage vendor provides pre-transfer encryption. This measure ensures that files are less vulnerable to attack during the transfer process. Users should also consider the level of encryption, such as if a vendor provides 128-bit encryption that is a bank standard, or 256-bit encryption that is of military standard. It is also important to know if the vendor’s security is peer tested and certified, such as if they are HIPAA, ITAR & FINRA compliant.
Another security measure to consider is user password storage. Some vendors offer the option for the passwords not to be stored, meaning that absolutely no one but the user can access the data. This includes employees of the vendor. Though this sounds like an ideal option, it is important to note that since the passwords are not stored, they are not recoverable. So if a user loses their password, they have lost their files as well.