Apple iCloud Data Breach: 5 Lessons for MSPs and Their Customers
The Apple (AAPL) iCloud data breach showed the cloud is not a substitute for good data management practices. What are the key takeaways from the incident? Here are five lessons for managed service providers (MSPs) and their customers.
![The Apple AAPL iCloud data breach showed the cloud is not a substitute for good data management practices What are the key The Apple AAPL iCloud data breach showed the cloud is not a substitute for good data management practices What are the key](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt82bd4f1b54b7799d/65247a6e0ea1528f0f451f18/iCloud-hijacked-accounts-1_0.png?width=700&auto=webp&quality=80&disable=upscale)
The Apple (AAPL) iCloud data breach showed the cloud is not a substitute for good data management practices. What are the key takeaways from the incident? Here are five lessons for managed service providers (MSPs) and their customers.
Your organization has plenty of data, but what information do you want to store in the cloud? Castagnoli suggests examining what data you want to create and share and determining how you plan to use this data. By doing so, you can make an informed decision about where various data should be stored.
Safeguard your critical information by establishing rules for what data can go into the cloud. Castagnoli recommends defining sensitive or high-value data, communicating that definition to employees and executives and then reinforcing this learning through repetition, imagery and patterns.
Two-factor authentication is vital, according to Castagnoli: “Weak passwords remain a consistent and ongoing problem. Wherever possible, use strong two-factor authentication for highly sensitive data.” Castagnoli also suggests out-of-band authentication, such as mobile device proximity, one-time passwords and tokens, to shore up the weakest links in your data-exchange chain.
How will your organization handle a data breach? Plan ahead for a data breach to mitigate the problem. Castagnoli recommends identifying who you contact after a data breach (including law enforcement, others with whom you share the data and the owners of the data that was breached) and in what order to contact them.
When it comes to sensitive data, it is always better to err on the side of caution. Be proactive about your cloud storage activities and consider all of your options to determine the best choice for your organization to protect its critical information.
When it comes to sensitive data, it is always better to err on the side of caution. Be proactive about your cloud storage activities and consider all of your options to determine the best choice for your organization to protect its critical information.
The Apple iCloud data breach raised questions about cloud security not only for celebrities such as Jennifer Lawrence, Kate Upton and Kirsten Dunst, but also for managed service providers (MSPs) and their customers.
Apple CEO Tim Cook told The Wall Street Journal that various celebrities' iCloud accounts were compromised after "hackers correctly answered security questions to obtain their passwords, or when they were victimized by a phishing scam to obtain user IDs and passwords."
Cook noted Apple will alert iCloud users via email and push notifications when someone tries to change an account password, restore iCloud data to a new device or when a device logs into an account for the first time. These new features should be available in the next few weeks.
Educating iCloud users about the dangers of hackers also is key to prevent another data breach, according to Cook.
"When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," he said.
What can MSPs and their customers take away from the iCloud data breach? Independent security consultant Charisse Castagnoli recently provided several cloud security lessons from this incident.
Check out this gallery to learn more about the iCloud data breach and steps MSPs and their customers can take to manage cloud security.
Also, I welcome your thoughts via Twitter @dkobialka or email at [email protected].
About the Author(s)
You May Also Like