THE BLOG

What Can We Learn From This Week's iCloud Incident?

04/09/2014 15:51 BST | Updated 03/11/2014 10:59 GMT

On Tuesday, it was revealed that individual, celebrity accounts hosted on iCloud has been compromised and personal images accessed by hackers. Apple has released a statement saying that while iCloud accounts were hacked, it was not as a result of any vulnerability. It most likely a result of a targeted attack using malware, social engineering and straight up guess work.

iCloud is a service that automatically stores photos, email, contacts and other information online, allowing users to sync this data across different devices (for example iPhones and iPads) or access it from any internet-connected computer using a log-in and password.

Although Apple's encryption on the data itself is considered robust, access could have been gained through more indirect means - such as guessing users' passwords or simply resetting their accounts by finding their email address and then answering traditional 'security questions'.

While we are still yet to find out the full details of the attack, there are a few things we can learn from it. Firstly you are responsible for your own data and need to be careful what you do with it - sending your data out to the cloud does not take it outside your responsibility. While large cloud companies will do their best, it is our personal data, so be careful where you store it and how you store it.

Secondly, make sure you enable a two-factor authentication process, which provides an extra layer of security to your online accounts. In my opinion, cloud security all comes down to implementing protection in 'onion layers'. Essentially, a two-step verification feature is designed to prevent anyone from accessing or using your account, even if they know your password. There are straightforward tools online which can help, including two step verification for Apple ID and Google's Authenticator.

This week has been a wakeup call to many individuals that hackers target individuals and businesses alike. What we must learn from it is that we are all responsible for our own data and we must all do what we can to secure it.