Published September 11, 2012
Does every cloud have a scammy lining?
Even if you don't know what cloud computing is, it's likely that "the cloud" is playing an ever-increasing role in your financial life. Whether it's a company storing your sensitive financial information on remote computers owned by a third party or you storing financial information on cloud-based money management or tax software, cloud computing means more of your key data are stored beyond your physical reach.
Cloud computing refers to computer storage, applications and other computing services provided remotely via the Internet.
Cloud-based data storage saves money for companies and can increase convenience for consumers, but it also removes a degree of control that consumers have had over their own information, says Tom Rohrbaugh, vice president of information security at Intersections Inc., in Chantilly, Va.
"It's beneficial to the companies because they can reduce the overall cost of delivering services and hopefully pass that on to the consumers, but the other side to it is it's just more people (who have access to your data)," Rohrbaugh says.
There's nothing consumers can do to prevent hackers from breaching the defenses of a company they've done business with or a cloud services provider they've done business with, and access their data, he says. Still, there are a few simple steps consumers can take to reduce the chances that their cloud-based financial data will fall prey to thieves, and limit the damage when data breaches strike.
Being smart about how you create and manage passwords is a key step in protecting your data in the cloud, says Dave Asprey, vice president of cloud security at Trend Micro, a Japanese company with North American headquarters in Cupertino, Calif.
"Passwords do sometimes get hacked, and one of the ways they do that is called dictionary attack," Asprey says. "And that's how you can guess someone's passwords using a list of common passwords, essentially. So you want to make sure that your password isn't a common password."
But creating a strong password probably isn't as hard as you think. While many sites recommend using hard-to-remember "special characters" and numbers to make your password hard for hackers to guess, a password doesn't necessarily need to be complicated, Asprey says.
"Most people can't remember their password because we have these new password (rules) about capital letters, strange characters you can't pronounce and numbers, and mix things like that," Asprey says. "Those are hard for computers to guess, but they're also hard for people to remember. I've been recommending to people that they take a combination of three unrelated words."
Besides creating weak passwords, the other major mistake many consumers make is using the same password for all the sites they visit, Asprey says.
"There are people who use their Gmail password or their Facebook password, (making it) the same as their bank," he says. "People use the same password on sometimes a hundred different websites."
Should just one of those sites get its cloud-based data hacked, thieves can use that one password to access all of a person's accounts, Asprey says.
To keep that from happening, he says it can be a good idea to use a couple of different passwords for different categories of websites. For instance, use one password for social media sites such as Facebook and Twitter, one for banking and investing websites, and one for electronic-commerce sites.
For even more security, Asprey says you can try adding the first two letters of a website's name to the end of your standard password for that category. For instance, if your financial services password is "LawnmowerWaffleCozy," you might make it "LawnmowerWafflecozyWE" for Wells Fargo.
Keeping your computer clean and free of harmful programs called malware can help protect your cloud-based data. That's because hackers use malware to harvest sensitive information, including passwords, from infected PCs, Asprey says.
He says part of that is installing and keeping up-to-date anti-virus and anti-malware software, but part of protecting your computer also means exercising common sense when clicking on links or opening attachments sent via email.
"One common way of getting malware onto your computer is someone who will compromise their friend's account and then send a bunch of spam," Asprey says. "If you get a message from Twitter or on Facebook, or an email that says it came from a friend but doesn't sound anything like what they would say, it's probably not them."
If an email or other communication seems fishy, don't click on any links or attachments in the email. And regardless of how an email looks, it's always a good idea to scan attachments with anti-virus software before opening them.
"One person gets infected. Then he sends infected emails to many other people, and if you click on a link, you'll get an infection. If you open the attachment, you'll get an infection," Asprey says.
Should your cloud-based data be compromised, one way to limit the damage aside from compartmentalizing your passwords is to be sure you don't fall victim to thieves' attempts to use that data against you.
One way they may do that is by using their ill-gotten information to craft highly personalized emails that look like communications from banks and other businesses designed to lure victims into revealing sensitive information, or by installing malware on their computers, Rohrbaugh says.
"Spear phishing is when you're phishing somebody, when you have intimate knowledge of (the person) and what he's transacted, and I get that all the time," Rohrbaugh says. "You have to be extremely critical."
Even if an email looks like a genuine email from a company with which you've done business, never reveal sensitive financial information via email, Rohrbaugh says. Instead, contact the business directly to find out if it is really trying to contact you, and go from there.
In the end, no security precaution you take will help you if it's too onerous to use, Rohrbaugh says.
"The question is, you know, how much pain are you willing to go through to do it the right way to protect yourself?" Rohrbaugh says. "There's a middle ground."