“41% of employees use cloud storage at least once a week, while 50% use personal equipment to access work information and services at least once a week.”
Apple’s iCloud is one of the most useful personal data storage and backup tools available to us today. Apple’s service frees up space on our devices and can store hundreds of files in what we suppose to be a safe and secure environment. Questions have arisen, however, as to how safe and secure they really are. It can prove difficult for organisations to maintain control of their data when moving it around has become so easy.
Recent Incidents of iCloud Hacking
Just two years ago, some high-profile celebrities including Jennifer Lawrence and Kate Upton were caught out by the assumption that their iClouds were well protected by Apple, resulting in private photos being released into the public sphere. This year, Pippa Middleton has become the latest high-profile figure to have been attacked by ransomware, stealing personal photos and asking for large sums of money – £50,000 in fact – for their safe return.
There have been a considerable number of reported cases of iCloud hacking, with devices displaying Russian ransom demands for the return of the stolen data. And it’s not just Apple’s cloud storage that is at risk, with Google and Asus having also fallen victim in the last couple of years. In the case of Pippa Middleton, the stolen images included family photos and wedding dresses, but these are not the only things that most people use their iClouds for.
iClouds and Employee Use
Cloud storage facilities, of which iCloud is perhaps the most popular, are fantastically useful, mostly because they negate the use of storage devices like USB sticks which are so easily lost or damaged. As long as you have access to the internet, whether via a laptop, iphone, tablet, or other device, you are able to access your cloud. They make taking work home considerably more convenient, but the threat of iCloud hacking is something that cannot be ignored.
Most of us are now familiar with some form of cloud storage, whether it’s the iCloud, Google Drive, or OneDrive, to name but a few. Employees are able to store any documents they are working on straight to their personal clouds from wherever they are. This should automatically ring alarm bells for any employer who is responsible for confidential information. Use of cloud storage can result in employers becoming unaware of where their data is stored. A survey by WinMagic has revealed that “41% of employees use cloud storage at least once a week, while 50% use personal equipment to access work information and services at least once a week.”
What are the threats?
Ransomware, like that used against Pippa Middleton, is just one example of how iCloud storage can be used against you. If an employee stores confidential client information or documents to a personal cloud to work on from home, for example, that information could be stolen and held at ransom. The financial damage is one thing, but the trust lost by that client could prove even more costly for an organisation. There is also the question of fines from the information commissioner which can arise from insufficient cyber security and data breach resolution.
Cloud storage is also not immune to the usual threats, which are ever-evolving, including malware and spam. In 2015, for example, Google fell under attack by a phishing scam which aimed to trick users into relinquishing control of Google accounts, including Google Drive. Once a device has been attacked by malware or spam, any applications that you access, including cloud storage, is at risk.
Mark James, security specialist at ESET, believes that the biggest problem with cloud storage is that users are always putting their security in the hands of others. One has only to consider the recently reported DropBox hack, which compromised around 60 million passwords, to realise that the cloud storage providers are not unbeatable.
Employees at legal chambers, in particular, must be especially wary, given the nature of their work, not to put too much trust in cloud storage providers to protect their data. Apple has claimed that the majority of those who have been hacked became victims because they chose weak, easy to guess passwords. As a result of this, Apple has introduced the iCloud two-step verification process, but this needs to be backed up with in-house security measures.
Counteracting the Rising Threat
Employers must consider use of cloud storage as a new threat to cyber security and put usage policies in place to reduce the risk of iCloud hacking damaging their organisations. One way in which an organisation can make their data safer is by ensuring all confidential files are encrypted, preventing any unauthorised personnel from accessing the information contained. As with all cyber threats, educating employees on the risks is at the core of all cyber security policies, so regular training sessions which integrate cloud storage security must be implemented sooner rather than later.
There are a number of ways in which your chambers can protect itself from the threat of iCloud hacking. Contact us for more information from our expert advisers.