How to keep your private data secure

By Hayley Tsukayama / The Washington Post

Data thieves leaked private pictures of some of Hollywood’s top celebrities over the long weekend, raising some alarm bells about the security of what users keep in the cloud. Apple said in a statement Tuesday that its iCloud systems had not been breached; rather, the tech firm said thieves stole celebrity photos from Apple accounts by targeting individuals, probably by tricking account holders.

Regardless, storing photos in the cloud (rather than just on your phone’s hard drive) presents risks. Here’s how to figure out whether your photos are in the cloud in the first place — and if they are, how to better protect them.

Find out if you’re automatically backing up photos. Several companies, including Apple, Google and Microsoft, offer the option to automatically back up your phone or tablet photos into the cloud. These are opt-in features — users have to turn them on themselves — but many people forget that they signed up for these options when setting up their accounts. You can check for these options in your settings. For Apple users, the menu you need is in the “iCloud” section of your settings, under “Photos.” Google users should check the “Auto Backup” setting on their Google+ apps. Microsoft users can find the option to upload photos to OneDrive (formerly SkyDrive) in the settings for their Photos app on Windows Phone devices.

Uploading photos automatically is a useful feature, particularly for when you’re organizing photos and worried about accidentally deleting something you want to keep. But if you’re taking pictures of something — or someone — that you don’t want sent to the cloud, then it’s probably best to turn off that setting.

Use two-factor authentication. Regardless of whether you are automatically uploading your photos, you should protect your data by turning on “two-factor authentication” when it’s offered. Basically, the feature adds another layer of security to your accounts by asking you to enter a short code in addition to your normal user name and password. This code, which is random, is often texted to your phone, or generated by an app. This ensures that even if someone does get your password, that person will still need your phone to get into your account.

Learn to avoid falling for the hackers. Of all the things you have to do to protect your data, this may be the hardest part: not falling for schemes as they come. Attacks often succeed because criminals have been able to trick people into giving up their credentials — no fancy technical knowledge needed, just a willingness to prey on people’s credulity.

Often users get emails that look as though that come from companies they trust — their bank, Facebook, Google, PayPal — that are really vehicles for theft. For that reason, you should be wary of any email that you aren’t expecting asking you to reset your password. If you get a password reset email and you didn’t click a “Forget password?” link for that site, then you should not click on it. And you should definitely not send your password to anyone in response to an email like that. If it happens at work and you’re not sure what to do, send an email to your company’s IT department.

These mysterious emails could be coming from someone who has your email address and is trying to break into your account, or it could even be an email that directs you to a fake site. Either way, it’s not a bad idea to change your password, just in case someone’s trying to hack you. For example, if you get an email that appears to be from Facebook, type in the URL for Facebook in your address bar directly and start the process yourself by clicking the “Forgot password?” link or heading into your account settings.