Cloud Computing Creates Computer Crises

Sections of this topic

    Technology outpaces security

    Let’s assume (against the odds) that you’ve been thorough about online password security. You don’t use common garbage passwords like 1234, qwerty, or your birthday, you make sure not to share the same passes between accounts, and your security questions have answers that aren’t in the public domain. That means that your web accounts, which hold everything from irreplaceable family pictures to highly classified corporate documents, are safe, doesn’t it?

    Not even close. For those who are unfamiliar with how computer hacking works, a surprising amount does not involve any actual computer work, but rather social engineering – the art of manipulating people into performing actions or divulging confidential information. For example, check out this quote from a Wired article by Mat Honan that details how a pair of hackers took control of his Amazon account, several Apple devices, and email/social media accounts using just his email, billing address, and the last four digits of his credit card, by exploiting an overlap of information between Apple and Amazon’s tech support systems.

    Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.

    These days everything is going on the cloud. Problem is, the very same technology that makes it simple for us to work and play from any device, anywhere, also creates massive new crisis management risks. Currently, cloud computing and the sheer level of interconnectedness pushed by major social media sites and online retailers has simply outpaced web security and the reality is that if a hacker wants your information and has a decent level of skill, or even just a silver tongue, it’s probably theirs.

    Everyone should assume that they will be hacked at some point, and formulate a plan to make it have as little impact as possible. Constantly back up ANYTHING that you’d be upset to lose. If you’ve got confidendential information, store and back up to a computer that’s not shared on your cloud network. If you absolutely must have it easily accessible, use an encryption tool (several good ones are actually available free) to enhance security.

    At the same time, businesses like Apple and Amazon need to work together to eliminate security flaws like that one that exposed Mat Honan’s life to the whims of two teenage hackers out to get some e-fame. Regardless of the fact that they are separate entities, allowing information from one to unlock access to the other is a HUGE issue that greatly undermines consumer faith. If you think you’ve finally got your systems secure, try bringing in a “white hat” hacker. These are security experts, many of whom dabbled in the dark side during their younger days, who specialize in getting into your system, then telling you how they did it.

    After hearing how Mat was hacked, Wired staffers set about to repeat the process, and following a few phone calls were able to take complete control of another linked set of Apple and Amazon accounts. Frightening, and real. Be prepared.

    ——————————-
    For more resources, see the Free Management Library topic: Crisis Management
    ——————————-

    [Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training, and co-host of The Crisis Show. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]