Cloud Security - fact or fiction?
Frances - I am very sorry to hear of your situation. You are not alone... Those of us that have to deal with this type of situation understand and pray for you...
Most of what Dana said is factual and on-target. There are a few things though that seem a little out of alignment with the reality.
First off, the "Probability" factor. While it is extremely unlikely that any individual person would be "targeted" as Dana indicated, what is left out is that hackers rarely, if ever, target individuals - they target environments. In today's world of rampant identity theft, personal data misuse and even unintentional data leakage from companies, it is important for each person which uses a computer to have a very basic understanding of the digital age in which we live.
We hear all the time about various government agencies or institutions or even large corporations being hacked. Either by individuals, a loosely held together group (such as Anonymous) and now even governments getting into the act of hacking high-value targets. Even the US has been accused of doing this type of activity. So, while individuals are NOT targeted, the environments where there data is stored are.
This leaves it to, what can the hackers hope to gain? Plenty. Simple programs can scan huge amounts of data looking for potentially beneficial information (SSN, CCRD, Bank Balances, etc.) Even if the data does not pan out to be a bank balance, there may be bank routing numbers and bank account numbers embedded in the content, and since major institutions are listed along with routing numbers (needed to transfer funds from one bank to another), finding such a number embedded in the data allows a not-so-savvy programmer to peg and pull surrounding information for a "closer" look. This after never looking directly at an individual's information. Why should they? There are millions of pieces of information in the file they've stolen.
My job is data security through the analysis of human behavior. Not the technical stuff. Yet, I find that most individuals are blase about protecting their own information. The simple statement of "Hey, I'm one of millions. What are the odds of me getting hit by a hacker?" This is the real thought that needs to be considered. Keep in mind though, that while you may only have $100 to your name, along with a million others, $100 times a million adds up quickly. With the programs, very simple ones I might add, are prolific in the digital world where we live, they are effective - once the information is obtained.
Email Security - As Dana indicated, email simply is NOT secure. There is so much information that can be gleaned from a simple email that it boggles the mind. How many little old ladies think to send their friend who lives across the country a recipe for chicken soup, only to start receiving porn spam a couple of months later. Where do you think they get this information? She never even went to such a web site, never even thought that kind of stuff was out there.
It is not all doom-n-gloom though. For those that really want to protect their conversations and still share their information, in particularly the type of situation this family has mentioned, there are a number of ways. As Dana indicated, it all depends on what level of inconvenience you're willing to put up with. Some options offer good security while minimizing the "inconvenience"; while still others take the opposite side of the road (weak security with a facade of high inconvenience covering up the week security).
In today's busy world, and depending on your pocket book, there are some fairly low cost; low inconvenience approaches. One of the best I've seen for safeguarding the sharing of information are what is called VPN tunneling. Several products on the market allow one computer to be setup as the storehouse, and others to access that computer through VPN (or Virtual Private Networking). It doesn't rely on sources outside of your own computers, while allowing you to share information in a fairly simple way. Everything from documents saved (scanned?) as .PDFs to Excel files containing a list of financial transactions, to Quicken books files that are used to track expenses and revenue.
Usually a VPN is a simple installation which establishes the primary (or other systems) with an encrypted link (up to 256bit AES is most common) to different computers that only yourself and those you designate can access. As to email, this is a bit more expensive, yet doable...
Many services offer the ability to send a document for temporary storage, and for those you want to access the document, automatically sends a notice that the information is now available. In the notice is a link to a secured connection where the information may be downloaded. Yes, this service usually has a fee, but since the data is temporary (if anything is now a-days) it offers a way to provide confidential information for a term needed by whatever requires this level of security.
The bottom line - each person must take responsibility for their own information. They must make the decision based on what they have to lose, how it could affect them, and what level their busy lives will be impacted by their decision to protect their own information.
My recommendation; if the information you place in the "cloud" will not lead to your information being obtained that could potentially harm you or ruin you financially - go for it. For all other information that you hold sacred, hang on to it and NEVER put it in a "cloud". Remember, that data has to be stored somewhere; not floating around outside of this physical plane of existence; and the more a company houses, the greater the threat to the data stored there...not just a single individuals - but millions...
Was this reply helpful? (0) (0)