There has been a lot of fuss in the media over recent days about somebody’s very private photographs stored on iCloud being made very public. What is not always mentioned is how this happened. It appears that there was no ‘technological’ security breach – Apple were probably not at fault – rather, somebody, somehow, obtained her password, whether by watching her type it, successfully guessing it, or simply because it was too short/simple, and a high-speed password generator just got in by ‘brute force’.
The message for the rest of us is simple – whether or not you have anything quite as interesting to the voyeur, you certainly have information that would be of interest to other online criminals – by taking simple precautions, you can then relax quite a lot:
What do you store online?
By its very nature, ‘the cloud’ is universally accessible. Personally, I try to be quite careful about what I put there. And by the way, since I do use social media, I try NOT to use passwords based on anything I might talk about online!
Online Passwords:
Do you use reasonably long, relatively complex, and DIFFERENT passwords? There are systems for remembering lots of them, and there are also programs for storing them safely. I like Apple’s “Keychain” and keep my (and probably your) passwords in strongly encrypted ‘secure notes’, protected by a master password – the only one I then need to remember! It’s especially vital to use different passwords for anything financial or telecoms-related, so that if one is compromised, they can’t get into any of the others.
Your Computer’s Security:
If anyone gets into your computer, particularly with Administrator access, they can do anything they like. Fortunately, it’s reasonably easy to keep reasonably secure – a few tips…
Browsing habits – be a bit careful where you go and what you click on when you get there. The internet is not a sewer, it’s more like a big city… it has sewers but you don’t have to go there. And if anything asks for your computer/keychain password, ask yourself why!
Passwords – your ‘front door locks’, these are important ‘locally’ as well as online, especially account passwords you type in to log in when you start up. These passwords are not just about who might sit down at your computer and sign in – they’re about who can get in by any route, including your internet connection, and what they can do once they have. Please use a nice secure password for every account on your machine.
Firewalls – these are your ‘window locks and burglar alarm’ – please make sure that the built-in firewall in your computer and (usually) the one in your broadband router are switched on and functioning. They are pretty effective in everyday situations – and if you have greater security needs, ask me about third party security suites.
Anti-virus/malware protection – on Windows a complete no-brainer, and I would strongly recommend their use on Macs too – again ask me about third party security suites.
Backup – please do! On Macs, Time Machine is straightforward to set up, and I also suggest periodically taking a snapshot of your hard disk and storing it somewhere else entirely. Again, I can advise, and set this up for you if need be.
Website Security:
You’ve probably already ‘got’ that I take website security very seriously, updating everything, installing appropriate plugins, and applying some simple ‘hacks’ that make (particularly WordPress) sites very much less vulnerable to attack. There’s a lot that your website can be made to do, often without you even knowing, if somebody has broken in to it, from spreading malware to anyone who views your site, to remotely breaking into other people’s sites, so good security is vital for your reputation and the greater good. WordPress and its thousands of plugins are complex and constantly evolving, which makes it very important that we:
- choose plugins carefully, and
- keep everything up to date, to plug new vulnerabilities as they emerge.
 Clients:
If we’ve agreed that I am responsible for maintaining your website (that’s almost everybody), please DON’T apply updates yourself. Since updates can occasionally have unexpected effects, I always back up your site before and after applying updates – which is a useful thing to do anyway 🙂 And if you’re not 100% sure which of us is responsible for keeping your site technology up to date, please get in touch as soon as possible!!
(BTW, this all applies to clients with Joomla! websites too, but Joomla! changes more slowly, and your sites don’t use as many plugins, so it’s a less dynamic process.)
WordPress have just released version 4, a major upgrade to the software. There is no indication (yet) of security issues with the previous version 3, so I intend to wait a short time for the first crop of bugs in v4 to appear and be fixed, and key plugins to be brought up to date. Sometime in the next few weeks, I’ll apply the new version, and fix any consequent issues with the layout and functionality of your site(s). Meantime, if you log in and see a notice encouraging you to update, please DON’T. As I said above, I never apply any significant updates without taking a comprehensive two-part backup first.