In the wake of the latest celebrity photos leak, DrPete wonders who's really to blame when it comes to breached security.
While it's nothing new, whenever explicit pictures (pictures that were meant to be private) become public, the internet usually responds in two distinct ways: The first is sympathy for the unwitting person's now broken privacy, and the second blames the victim for putting their private documents in a place to which an attacker could gain access.
But there's another concern - how secure is that place in the first place? Of course this is not just a concern for the general public, but for businesses too.
Something else to consider is that there are two ways for an attacker to gain access to your content. The first is to try and hack into the overall system (e.g. Google Drive, Dropbox, iCloud) and find the data you want from their servers. Of course for many services this is almost impossible thanks to modern security measures, and if anyone did retrieve data this way, it would undoubtedly be the company's fault.
The second way for someone to get to your content is by guessing your password, and this is where the issue gets a little trickier. One the one hand, when you set your password, you are taking responsibility of how secure that password is (i.e. how easily guessable it is). On the other hand, should there be other ways to verify that the correct person is accessing the content if someone's trying to get to the content on another device, in an unusual location, or at a strange time of day? Should you have to enter a code sent to your mobile phone, for example, or pass a face scan?
Of course, many services do offer these features and on a personal level, it makes sense to let the user choose whether to use them or not. For businesses, this would be a management decision.
Do you agree, or do you think we're wrong?
If you'd like to talk about security for your business, please contact us.
Meet some of our team