share
by Michael Shapiro | September 26, 2014

The relative security -- or lack thereof -- of our files in the cloud has been a much-discussed topic of late. Many professional meetings management platforms comply with strict data security standards, but what about the way we typically use our phones and tablets at conferences, and how we share information while we're on the road? I chatted with cyber-security expert Scott Schober, CEO of Berkeley Varitronics Systems, about the relative security of the cloud in the real-world sense, and what steps travelers and travel professionals should be taking. Schober recommends a number of common-sense approaches. You may have heard some of them before, but they bear repeating.

1. Limit yourself. "Rule number one is to put some basic constraints about what you're putting on the cloud," advises Schober. "You don't have to back up everything automatically. Personally, I wouldn't put anything out there that I would consider proprietary or confidential in nature. Theoretically, the data there is secure, but it's not 100 percent secure. If your data is in the cloud, do you know where it is? There are hundreds of data centers, and many more globally. And the laws outside of the U.S. are very different from the laws in the U.S., in terms of what to do if somebody hacks in, or what to do if the government wants the data. I mention these things not to make people paranoid, but to make them realize that when you're backing something up to the cloud, it does reside somewhere."

2. Pick a complex password. Although many sites are now requiring longer passwords, Schober says that many people are still using three- to six-digit passwords when they can. "We encourage people to use at least 15 characters — upper-case, lower-case, numbers and symbols. It makes the difference between someone being able to hack your password in a matter of minutes vs. a matter of years using typical hacker programs."

3. Use different passwords for every site. "If you're using something like iCloud or Dropbox, remember to use a different password than you do for any other sites," Schober advises. "If you reuse any part of it, your chances of getting hacked increase tenfold. It's scary."

4. Use two-factor authentication. "This is being touted a lot in the media right now, and it's being pushed more by companies like Apple, even though it was available previously," Schober notes. After setting it up for your account, he says, it works like this: "You enter your name and your password. And then you have another code sent to a mobile phone that you've registered. It's a one-time code that you then have to enter when you're logging into your iCloud or whatever else you're using with two-factor authentication. It's highly secure -- much, much safer than just username and password. Most thieves won't even touch your account once you go to two-factor authentication. Can it be hacked? Sure, like anything else. It's very unlikely, though."

But of course it does no good if you don't set it up for your account. "I keep hearing that people haven't set it up for one reason or another," Schober says. "Over the last two days, I was at two different cyber-security events presenting, and I did a little tally around the room. Most of these people were from very large Fortune 500 companies, some with a security mix. Most of them do not do two-factor authentication, and the reason is they say that it adds another level or step."

5. Use caution within Dropbox. "If you've got files with confidential information, and you put them on Dropbox? Pretty safe," says Schober. "Once you share links or files or folders on Dropbox so others can access them remotely, flags go up. Somebody can pretend to be the person you've shared with and, theoretically, can go in, get the contents and take off. Also, beware of third-party apps that allow access to Dropbox accounts. If you're using another app and you click that it's OK to access your Dropbox app, you're allowing someone to go into your account. It can give hackers access."

6. Install updates. "No matter what your operating system is, if you don't regularly update security patches, it increases your potential for being hacked. Hackers are looking for those holes. Install the security updates, because it makes a huge difference."

Finally, "I wish there were a magic bullet," Schober says. "We're all looking for the ultimate secure solution. But a lot of this comes down to common sense. You could spend billions on security, and still it comes down to the human element. People are a little bit lazy. They don't want to think about security. Unfortunately, we now have to think about it much more, with the sheer number of hacks that are out there. You have to be a little bit paranoid to be safe. It's not a matter of if, it's a matter of when you get hacked or breached, because it's eventually going to happen to pretty much everyone. But once you get paranoid and take extra precautions, the typical hackers don't bother. They move on. They're looking for easy targets."