1 A DIGITAL LIFE E-GUIDE Keeping Your Cloud Data in Check
3 Creating passwords, installing security software, practicing safe surfing habits these typical security measures are not enough to protect your data stored in the cloud. Many factors can jeopardize it. 1 Cybercriminals, for one, can conduct threat campaigns, where they hack into your accounts and delete or leak your data for either notoriety or money. The cloud service you use can suddenly experience hardware failures or glitches that can wipe out your content. Your internet connection can also become too intermittent, making it almost impossible for you to access your cloud. To avoid unnecessary grief, you need to adopt a securityconscious mindset and take the extra steps to ensure the safety of your data for years to come. 1
4 Make sure only YOU can recover your password. When setting up an online account, pick a password recovery question that only YOU can answer. Cloud services now provide uncommon security question choices, unlike before when they only had questions like What is your mother s maiden name? The more unique the security question, the better. If given the option, create the question yourself. Next, craft answers that are as strong and as unique as the very passwords they re supposed to recover. You can do this by making the answer completely impossible to look up online. For example, if your security question is Who is your favorite cartoon character? no one should be able to guess it by trying all the names of every cartoon character ever made, looking at your social networking page, or checking the cartoons you blog about. The answer should be just like your password, relevant only to you. Jumble up the letters of the answer. Or better yet, turn it into an acronym phrase. Take each letter of your original answer, and use it as the first letter of a word until you come up with a random phrase. To make it more secure, pick an answer completely irrelevant to the question itself. Any cybercriminal will have a hard time guessing a security answer like this. Here s an example: Security Question: Where did you meet your spouse? Bad Answer: At work. Good Answer: Aliens That Want Only Rocket Kits. [This is a good answer since it s random, and the acronym makes it easy enough for you to remember.] Best answer: Pistachio Ice Cream with a Pickle on Top. [This answer s complete irrelavance to the security question will give cybercriminals a hard time figuring it out.]
7 Put your eggs in several baskets, and then secure those baskets! When you create online accounts for cloud services, they usually require your address for registration, verification, and notification purposes. In case you forget your password, these cloud services let you reset your account passwords via . A risk arises if you use the same address for every single one of your online accounts. If a cybercriminal is able to hack into your account, he or she can gain access to all your other online accounts. Remove any password verification or account signup notification s from your inbox so cybercriminals will have no clue what other accounts you have. Assign different accounts for all the cloud services you use. Be sure that these accounts are not tied to the one you use for personal correspondence. If you need help in remembering multiple passwords, use password management software like DirectPass. 2 Whenever possible, also activate two-factor authentication for all your accounts. From then on, accessing your online accounts will require both your password and a unique verification number stored on either your smartphone or token. Even if someone gets a hold of your password, he or she will still need the physical device with your verification number to break into your account. 2
8 Check your devices. Take note of all the devices you use and map out what cloud accounts you access with each one. From there, see how you can secure them. If you access the accounts on your desktop, ensure that it s free of malware, and its software is regularly updated. If you access them on your mobile device, guarantee that it has the necessary security features against physical theft and cybercrime installed and activated. Audit your devices every month or whenever you add or replace a device. When deciding what security measures to take, choose those that are appropriate for your devices. It may be a good idea to enable the remote wipe function of your mobile phone or laptop in case they get lost or stolen, but the same function might not be applicable to your desktop.
11 Create multiple backups. Having a backup of your important data in the cloud may be convenient, but you shouldn t treat it as the cure-all of backup solutions. Nothing is infallible. This is why you should make multiple backups of your data. Follow the rule 3 : Make a minimum of three backups, Two of which should be on different media, and One of them should be stored off-site. Redundant backups reduce the chances of permanently losing your data. With two of those backups on different media, each copy is immune to any damage or malfunction like hardware failure for external HDDs or scratches on DVD backups that may affect the other. Finally, in case any unfortunate event or disaster affects your home or office, you can be sure your data is safely stored off-site. 3
12 Don t tempt fate. If you really want to keep your data safe, then careless Internet habits will have to go. Treat your cloud as the important data storage it is. Refrain from sharing access to your cloud accounts to anyone, even if it s convenient to do so. Some cloud services have certain clauses in their terms of service agreements that allow them to lock down or delete accounts found storing any content violating the said agreement. Unless you completely trust the person you re sharing access to, limit it to yourself. This prevents anyone from uploading malicious or illegal content and protects your cloud from being locked permanently.
14 TREND MICRO Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years experience, we deliver top-ranked client, server and cloud-based security that fits our customers and partners needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro Smart Protection Network cloud computing security infrastructure, our products and services stop threats where they emerge from the Internet. They are supported by 1,000+ threat intelligence experts around the globe. TRENDLABS TrendLabs is a multinational research, development, and support center with an extensive regional presence committed to 24 x 7 threat surveillance, attack prevention, and timely and seamless solutions delivery. With more than 1,000 threat experts and support engineers deployed round-the-clock in labs located around the globe, TrendLabs enables Trend Micro to continuously monitor the threat landscape across the globe; deliver real-time data to detect, to preempt, and to eliminate threats; research on and analyze technologies to combat new threats; respond in real time to targeted threats; and help customers worldwide minimize damage, reduce costs, and ensure business continuity. Copyright 2013 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed to constitute legal advice. The information contained herein may not be applicable in all situations and may not reflect the most current situation. Nothing contained herein should be relied or acted upon without the benefit of legal advice based upon the particular facts and circumstances presented and nothing herein should be construed otherwise. Trend Micro reserves the right to modify the contents of this document at any time without notice. Translations of any materials into other languages are intended solely as a convenience. Translation accuracy is not guaranteed nor implied. If any questions arise related to the accuracy of a translation, please refer to the original language official version of the document. Any discrepancies or differences created in the translation are not binding and have no legal effect for compliance or enforcement purposes. Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro makes no warranties or representations of any kind as to its accuracy, currency or completeness. You agree that access to and use of and reliance upon this document and the content thereof is at your own risk. Trend Micro disclaims all warranties of any kind, express or implied. Neither Trend Micro nor any party involved in creating, producing or delivering this document shall be liable for any consequences, losses, or damages, including direct, indirect, special, consequential, loss of business profits or special damages, whatsoever arising out of access to, use of or inability to use, or in connection with the use of this document, or any errors or omissions in the content thereof. Use of this information constitutes acceptance for use in an as is condition.
SECURITY IN CONTEXT LATERAL MOVEMENT: How Do Threat Actors Move Deeper Into Your Network? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is
A DIGITAL LIFE E-GUIDE Files in Flight: What You Should Know About Cloud Storage What Is the Cloud? Back then, all your files were stored on hardware. Party photos, spreadsheets, and school projects were
TrendLabs When attackers have reached this stage, it is not a big issue for them to transfer data out. Spencer Hsieh Trend Micro threat researcher Advanced persistent threats (APTs) refer to a category
Trend Micro Incorporated Research Paper 2013 Who s Really Attacking Your ICS Equipment? By: Kyle Wilhoit LEGAL DISCLAIMER The information provided herein is for general information and educational purposes
A Trend Micro Research Paper Suggestions to Help Companies with the Fight Against Targeted Attacks Jim Gogolinski Forward-Looking Threat Research Team Contents Introduction...3 Targeted Attacks...4 Defining
This document has been provided by the International Center for Not-for-Profit Law (ICNL). ICNL is the leading source for information on the legal environment for civil society and public participation.
A Trend Micro Research Paper Cybercriminal Underground Economy Series The Brazilian Underground Market The Market for Cybercriminal Wannabes? Fernando Mercês Forward-Looking Threat Research Team CONTENTS
BELGIAN CYBER SECURITY GUIDE PROTECT YOUR INFORMATION This Guide and the accompanying documents have been produced jointly by ICC Belgium, FEB, EY, Microsoft, L-SEC, B-CCENTRE and ISACA Belgium. All texts,
Targeted Attack Trends in Asia-Pacific A TrendLabs SM Report TREND MICRO LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and
V 1.0 November, 2010 CYBERSECURITY The protection of data and systems in networks that connect to the Internet 10 Best Practices For The Small Healthcare Environment Your Regional Extension Center Contact
Securing Your Web World Top 10 Tips to Keep Your Small Business Safe Protecting your business against the latest Web threats has become an incredibly complicated task. The consequences of external attacks,
IT CHECKLIST FOR SMALL BUSINESS INTRODUCTION A small business is unlikely to have a dedicated IT Department or Help Desk. But all the tasks that a large organisation requires of its IT Department and Help
13 Personal and Small Business Online Banking Agreement Table of Contents Table of Contents... 2 Online Banking... 3 Bill Payment... 10 Mobile Banking... 13 Mobile Remote Deposit Capture... 21 Page 2 Date
Cyber-Security Essentials for State and Local Government Best Practices in Policy and Governance Operational Best Practices Planning for the Worst Case Produced by with content expertise provided by For
T s And C s. General terms and Effective conditions April 2012 Effective April 2015 It s Ours. a What s Inside Here. General provisions 1 1. What are these terms about? 1 2. When can our terms and product
Issue 4 Handling Inactive Data Efficiently 1 Editor s Note 3 Does this mean long term backup? NOTE FROM THE EDITOR S DESK: 4 Key benefits of archiving the data? 5 Does archiving file servers help? 6 Managing
ICC CYBER SECURITY GUIDE FOR BUSINESS ICC CYBER SECURITY GUIDE FOR BUSINESS Acknowledgements The ICC Cyber security guide for business was inspired by the Belgian Cyber security guide, an initiative of
IBM Global Technology Services Managed Security Services Research Report IBM Security Services 2014 Cyber Security Intelligence Index Analysis of cyber attack and incident data from IBM s worldwide security
Product Overview for Windows Small Business Server 2011 December 2010 Abstract Microsoft offers Windows Small Business Servers as a business solution for small businesses by providing a simplified setup,
Personal Online Banking Agreement This Personal Online Banking Agreement ( Agreement ) states the terms and conditions that govern your use of Personal Online Banking, Online Bill Pay and Mobile Banking
The Definitive Guide To tm Identity Management Archie Reed Introduction Introduction By Sean Daily, Series Editor The book you are about to enjoy represents an entirely new modality of publishing and a
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
Things you need to know and do to operate safely online An initiative of the Australian Government that brings together existing resources, tools and websites to help small businesses understand and manage
G DATA TechPaper #0273 Mobile Device Management G DATA Application Development TechPaper_#0273_2015_04_21 Contents 1. 2. 3. 4. Introduction... 3 Mobile devices in the enterprise... 3 2.1. Benefits... 4
Best Practices Series Microsoft Exchange Server 2010 in the Cloud White Paper A Step-by-Step Guide to Planning and Architecting Your Migration Introduction Microsoft Exchange Server 2010 offers a number