Evernote, a Web-based note-sharing service, forced its 50 million users to reset their passwords after hackers stole an unknown number of usernames, email addresses and encrypted passwords over the weekend.
High-profile attacks such as these always prompt a chorus of responses along the lines: “How can you trust the cloud? My information is much safer on my server or desktop.”
The answer for me is always the same. If you think your backup routines, security policies, security hardware and software, employee screening and controlled access to your computers are better than those of brand-name cloud software companies, then hang onto your data.
For the 95 percent of businesses that don’t fall in this category, your data is safer with companies such as Evernote and its business equivalents in the cloud. Why your systems are less secure than the cloud does a great job of explaining why this is the case.
Things to remember:
- Any computer connected to the internet can be hacked.
- Most businesses are essentially defenceless against targeted hacking and highly vulnerable to random hacking.
- Most businesses would never know they had been hacked or whether sensitive information had been stolen.
- Businesses that discover they have been hacked are under no obligation in Australia to tell their customers or partners even if customer information has been stolen.
- The Evernote security team claim they caught the attack in its early stages and that no user information stored on Evernote was accessed, used or lost. All user passwords copied by the hackers were encrypted and unreadable.
Evernote took the opportunity to share tips for protecting your data in the cloud. I’ve added one more.
Tips for security in the cloud:
- Avoid using simple passwords based on dictionary words
- Never use the same password on multiple sites or services
- Never click on ‘reset password’ requests in emails — instead go directly to the service
- Don’t store your passwords in Evernote
If you’re wondering how to remember unique passwords for every online store, blog and sports site you visit – don’t. Use a password manager such as LastPass, 1Password or KeyPassX.
Image credit: Today’s iPhone