Jennifer Lawrence is having the worst week isn’t she?
Once again the big, bright, blinding spotlight is shining directly on how fragile our digital lives have become, and how vulnerable even the most popular and innovative cloud service providers can still be at times.
But the reality is, as much as our cloud service providers put an emphasis on security, the hacker world is working just as hard, if not harder, on identifying and exploiting the weak spots. Nobody is safe.
As we are more and more carefree over what we capture, store, and share, it’s comforting to think that all the details of our lives and photos we keep in the cloud and on our devices are kept locked safe and sound in a tower. Made of Vibranium. Surrounded by a moat. Filled with hacker-eating crocodiles.
No such luck. As cool as that would be. Just ask your IT service desk.
In any organization, the IT service desk is deemed to be the front door. A guard at the gate who will protect the software, accounts, processes, even the very product of a business. And while Hollywood may seem far removed from your IT server room or data center, the same hacking methods used to violate the privacy of Jennifer Lawrence, Kate Upton, Rihanna, Selena Gomez, and others, is the same science that is attacking corporate infrastructures.
The spotlight reminds us there are still lessons to be learned and best practices to be adhered to for IT departments and their internal, enterprise customers.
In the business of solving problems, IT service desk technicians need to get into the inner workings of an individual’s instance of technology including account profiles, setting, etc. But a responsible organization will balance how they protect the integrity of their user’s credentials with how they access systems to do their work.
We’ve all been there. A bug, a blue screen of death, no access to an online system. Whatever it is, you can’t wait for the IT service desk to come and save the day. The fate of all things productive hangs in the balance. And then maybe you’re headed out to lunch or into the next meeting. So you hand over our password to your laptop or mobile device so the superstar (and completely trustworthy) service desk tech can get in and get to work on magically making it all better.
Let’s stop right there.
Sharing your password should never be expected or an option. Don’t share it with your boss. Don’t share it with your mother (no offense, Mom – love ya.) And don’t share it with your IT service desk technician. DO NOT SHARE YOUR PASSWORDS.
Your IT service desk, network administrator, or anyone who has jurisdiction over the actual equipment you use to do your job, has the ability to access what they need to get the work they need to done. Without knowing your middle child’s birth date mashed together with the name of your first pet.
While it may seem harmless enough, it’s instances in our business life where we may feel immune to the threat (you know, because we have a moat), that make us more lackadaisical in our personal lives. There is a lot of advice out there and schools of thought on what makes a secure infrastructure, but let’s remember the basics.
Here we go again in no particular order:
Mix. It. Up. Recently, a friend’s son was doing a science project and needed to survey a group of people around how many passwords they used for various devices. I found this fascinating, and I’m actually anxious to see his results. How many of us repurpose a password for different accounts because it’s easy? Just keep in mind how easy that makes it for the bad guys, too. There are several tools out there that can lock down your passwords and make it easy for you (and only you) to get access to them if your forget. An ounce of prevention, right?
Enable all back-ups, and back-ups of back-ups. In Ms. Lawrence’s case, the photos lived in her iCloud account. Many apps offer two-step verification in some form. Google, Facebook and Apple, all have a second line of defense for logging into accounts. For example, if you use Gmail, you can set it so that every time you log-in, you must enter a security code that is immediately text to your cell phone. Use these functions anytime they are available.
It’s suppose to be hard. Isn’t it frustrating when you are setting up an account and the smarty pants app tells you that your new password is “weak.” And what’s with all the special characters? They matter. It should be tricky. Play your best James Bond and outsmart the other guy. As best you can.
Change it often. Mark it on your calendar. Like checking the air in your tires (you need to do that too, huh?), changing your passwords to work and personal accounts should be done on a regular interval.
Regardless of what the material is, or whether or not you deem it inappropriate or even important is not the point. It’s a flagrant violation of privacy and can have far devastating consequences than the slight inconvenience it may take on the front end in setting things up.
As the FBI and other agencies continue their investigation on the Jennifer Lawrence incident, we are sure to learn a greater level of detail about exactly how the breach occurred. We know that iCloud and other provider apps will take heed, and do their part to firm up security. Should we demand and expect these providers to take responsibility? You bet. But should we also be looking at how we manage our own domains? Absolutely. As cases like this remind us, we are all at risk. We all have to do our part. We are the primary guards at the gate.