The academic year is about to begin (or perhaps has already begun, at least where faculty meetings are concerned). Many of us will, no doubt, be taking advantage of a number of online services for sharing documents, organizing our course materials, buying books both analog and digital, synchronizing documents between our home and work computers, communicating with students and colleagues, storing and streaming media, etc. We’ve certainly covered the range of such services here: Dropbox, Spideroak, Google Documents/Drive, Google Plus, etc.
These services are incredibly convenient. Convenience, however, can have a downside: convenient services aren’t always as secure as we might like them to be (as Dave Parry pointed out last year, in a post that’s still very much worth reading for the questions about security and privacy that it raises). Services that make our data so very conveniently available to us on multiple devices may have security holes—and any service that can help us recover our password can also access our data. (That works both ways, of course. A service that can’t help us reset our password can’t access our data, but if we forget the password, we’ve got a serious problem if the data’s important.)
The most recent high-profile case illustrating the potential for trouble with the online services we find so convenient and useful is what happened to Mat Honan on August 3.
One of the things the Honan story makes clear is that users aren’t the only link in the security chain. There were security problems at both Amazon and Apple that, used in tandem, allowed hackers to get into his accounts. Using strong passwords (and different passwords for each site/service!) is essential, but it wouldn’t have helped in this particular instance. The primary security problems were with the services themselves.
Fortunately, Amazon and Apple have already made some changes in the way they handle things, as Mr. Honan told Renee Montagne on August 9.
There are also a number of things that users can do to reduce their likelihood of being hacked in a similar way. Both LifeHacker and Gizmodo provide a list of such measures, and those lists are well worth reading carefully.
It’s also really important, though, to think carefully about why and how we’re using such services to begin with. A non-exhaustive list of questions to ask ourselves about the data we work with every day might include the following:
- Where do I need to have ready access to this item? What device(s) will I be using? What software?
- What do I need to be able to do with the item once I have access to it?
- What kind of information does the item contain?
- Who owns the item? Whose information does it contain?
- If the item contains information that belongs to someone else, or the item itself belongs to someone else, are there any potentially applicable laws (such as FERPA) that I need to be aware of?
- Can I encrypt an item before storing it online? If so, how does that impact security? How does encryption impact the item’s usability?
Sorting through these types of questions can help us figure out what kinds of services (if any) to use for storing data online. It may well be that we’ll end up using a variety of services for different purposes, taking care to keep each as secure as possible. (For example: I use Dropbox for storing journal articles I want to read, since I have a lot of storage space there and it integrates very well with such tools as iAnnotate. Items that I need or want to be more secure live in Spideroak—I have less space there, but I don’t have that many things that really need more security than simple password protection. I keep all kinds of working documents in Google Drive, bt nothing that absolutely must remain wholly private.)
What about you? What services do you use for what purposes? Why those services rather than others? What steps do you take to keep your data as secure as possible? Let us know in the comments.