Do you believe that ignorance is bliss? In IT, it simply means not fully understanding the risks you are exposed to and not being fully aware of best practices to reduce risks. Critical data getting into the wrong hands is so common it’s hardly newsworthy anymore. As a cloud provider that focuses on Secure Australian Cloud, we decided to make a top 3 risks list.
1. Host your data in the USA or with an USA owned company
Storing your data in the US or with a US owned company is the most sure-fire way to make sure your data is not private. The recent leaks from Edward Snowden on the NSA have made that very clear. Even encryption was easily bypassed within the largest American organisations (Microsoft, Google, Yahoo, etc) and they simply use a dragnet approach, taking everything they can get their hands on.
In an attempt to calm the public outcry in the USA, NSA stated: “NSA applies Attorney General-approved processes to protect the privacy of U.S. persons — minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention, and dissemination.” In other words: no restrictions or boundaries if you’re not American.
As Neelie Kroes, Vice President of the European Commission, put it: “Why would you pay someone else to hold your commercial or other secrets, if you suspect or know they are being shared against your wishes? Front or back door – it doesn’t matter – any smart person doesn’t want the information shared at all.” We couldn’t put it better ourselves.
2. Don’t apply the latest patches and best practises
Another excellent way to spread your private property around the world is leaving your door with a broken lock. Many servers run out-dated software and get hacked. This is true for all servers connected to the Internet as an extensive scan of nearly all of the Internet’s IPs showed.
However, servers running a website with a CMS are especially at risk. i.e. WordPress or Drupal. Unfortunately there’s no easy way to be completely safe. However, frequently applying the latest security patches is the easiest way to vastly improve your chances.
3. Use easy to guess passwords
Many people still use easy to guess passwords. As revealed by the recent hack of Adobe, this often means using standard passwords such as ‘password’, ‘123456’ or ‘qwerty’.
Google recently released a list they created by analysing their own databases. This is their list that will hopefully be a wakeup call for many:
- Pet names
- A notable date, such as a wedding anniversary
- A family member’s birthday
- Your child’s name
- Another family member’s name
- Your birthplace
- A favourite holiday
- Something related to your favourite sports team
- The name of a significant other
- The word “Password”
Conclusion: Lock your door if you want to keep thieves out
It’s common sense to have a good lock on your door that you use when you leave the house. Similarly, it should be common sense to securely lock your server. Make sure there are no backdoors, by not hosting in the USA, or open windows, by not patching. And most of all, use a key that’s difficult to copy.
Security is only as strong as the weakest link. That’s why it should always be front of mind when deciding to host and manage servers. These issues are not unique to the cloud either. They’re relevant for any server that’s connected to the Internet.