President Biden brings sanctions against Russia for cyber-attacks. As cyber-attacks become ever more sophisticated, we photographers need to tighten our security and awareness of the risks, with twelve hints to keep you safe.
Catastrophic Loss
A few years ago I shifted my photographic backups from an external hard drive (EHD) to the cloud. My reason behind this was security. If there was a catastrophic loss of my systems from, say, a house fire or flood, then there would be a backup saved remotely.
Although I use that cloud service, I still copy my images to an EHD that remains disconnected from my system when not in use. Why? Because the risk from cyber-attack is a real danger. The only sure way of keeping files safe from online threats is to disconnect them from the world wide web.
Cybercrime: The Third Biggest Economy
Cybercrime is big business. According to Cybercrime Magazine, It is estimated to cost the world economy $6 trillion this year. Only China and the US have larger economies than that. That is likely to increase to over $10 trillion by 2025. No matter how vigilant, we are all vulnerable.
Protecting Our Photos
Photography is a data-driven industry, so we need to be particularly cautious.
As I run a business in the UK, by law, I must protect my client’s data. If I were to have a security breach with data loss and had not taken sufficient care to protect it, I could face an unlimited fine. On the face of it, that seems odd. It is the equivalent of being fined for having my office burgled by a highly advanced, lock-picking thief. But, my customers have entrusted me with their data, which may include their children's photos, their bank details, and their address.
Losing all my photographs would also be disastrous, as would having my bank accounts emptied. Consequently, I am forever tightening up on my security; I see it as another form of insurance. Like my yearly premiums, it is a cost with no associated revenue. But it is, nevertheless, essential.
Types of Attack Photographers May Face
What sort of attacks are we, as photographers, most likely to suffer? Because the photographic industry and hobby comprise large numbers of small players, it is mainly indiscriminate, untargeted attacks that we are vulnerable to. These wide nets target as many people as possible. They come in many forms, although always taking advantage of the Internet’s openness for their evil intent.
The techniques are well known, but they are becoming ever more sophisticated.
Phishing
Phishing attacks often target the most vulnerable. You will notice from the spam that you receive that they often carry spelling and grammar mistakes, and this is deliberate. The criminals use this to filter out better-educated people and attack easier targets. But it isn’t just vulnerable people who are targeted. The FBI estimates that it cost businesses $12.5 billion over five years between 2013 and 2018 using email scams alone. Common phishing attacks currently include emails from people posing as website hosts, banks and credit card providers, tax offices, and providers of web design and SEO services. The security software on my email client is successful at filtering most of these out, but some slip through, and they look convincing.
Never open an email if you don’t know who it is from. When you do read an email from an organization you have a relationship with, always check it carefully. Look at the email address from which the message was sent, although this can be faked. It is good practice not to follow links in emails but to go directly to their site and look for the information that way. Always scan attachments before opening them and only open those you are expecting.
Waterholing
Waterholing is where fake websites are created to trick you into buying from them or parting from your data. It can also include genuine sites that are compromised or URLs that are slight variations of genuine businesses.
If you see offers for cameras that seem too good to be true, they probably are. When buying goods, look for payment methods that offer buyer protection, such as PayPal. In some countries, credit card purchases offer protection to buyers if the purchase amount is above a certain level.
Unfortunately, search engines don’t necessarily filter out these sites. If you search the internet for the latest lens, and see it for sale significantly cheaper on one site than anywhere else, then it is unlikely to be a legitimate retailer. Fortunately, good security software, such as Norton, quickly identifies these sites and can help prevent you from visiting the page.
Scanning
Scanning attacks search the Internet looking for holes in network security. Once identified, malicious software can be placed on your system. Again, good software can protect you from that.
Attacks on Larger Organizations
High-profile businesses are more likely to be directly targeted. This may be through spear-phishing, where targeted emails containing viruses or are sent to individuals within an organization. For example, it was reported last year Canon was subject to a ransomware attack. Back in 2015, Sony was also attacked from North Korea because its Pictures arm was planning a comedy film about the assassination of their president.
It's not just websites that are a security risk. Internet-connected cameras that use Picture Transfer Protocols have also been shown to be insecure and prone to cyberattacks.
Another type of assault is a DDOS (Distributed Denial of Service) attack. This is where cybercriminals use a network of robots to constantly bombard the site with hits, causing it to be inaccessible.
12 Hints to Help Keep You Safe
So what other simple measures can we take to protect ourselves from attack.
- Use a unique strong password for every login and change the password regularly.
- Wherever possible, use two-step verification to protect your accounts
- Use a password locker to protect your passwords.
- Have a separate email address for logging into critical accounts like your online photo cloud storage, your website provider, your bank, etc. I recommend using a Gmail, Outlook, or similar reputable email address for these and not one associated with your URL. They will still be accessible if your website is compromised.
- Have another separate contact email address published on your own website, then anticipate that it will be spammed. Be particularly wary about emails sent to this address.
- Shop from reputable websites. If you don’t know them, check reviews and ask for recommendations in photography forums. Any reputable site will have the padlock appear in your browser address bar, but this is not a guarantee the site is reputable.
- Use a good quality security suite that offers more than the basics provided by free software. Not all security packages are equal, but the following have a good reputation for both security and not slowing down your system. I recommend Norton, Bitdefender, or Kaspersky
- Backup your photos to the cloud, but also keep them on an external hard drive not permanently attached to your computer.
- Keep your computer, phones, and cameras up to date with the latest firmware releases.
- Encrypt your hard drives. Use Bitlocker for Windows Pro or Filevault for Mac.
- Install anti-theft software to all your portable devices, so you can wipe them should they be stolen.
- Read about current threats and learn what you can about cybersecurity.
There’s a lot more to know than I can write about in this short article. It would be great to hear your experiences in the comments, plus any tips you know to help make your systems secure.
I have my photos in three places, but it's not because I think someone is going to see them and think that they can snatch them away and make a fortune. I just have it that way to ensure that if one backup fails, I'll be okay.
Yeah, that's a good plan.
What a perfect warning!
If someone wants to steal my work I would be flattered. Furthermore, it's all over the internet anyway.
Hi Michael, stealing images is another issue altogether that's worth looking at. I've had some of mine used without permission, and it cost the thief much more than if they had bought them from me in the first place.
If you really want to see what is happening in real-time attack wise againt a photography site check out this:
https://lightaffaire.com/download/web-deny-report.log
It is a web deny report that I generate 7x24 listing all the attacks to my web infrastructure.
The following script (.htaccess file) is what I also generate in realtime to stop those attacks being lethal:
https://lightaffaire.com/download/web-deny-access
If you run your own website and want piece of mind click the above link and install the web deny access file.
I do not believe that it is possible to save our photos. If you once uploaded something to the Internet, then everything, consider that it has remained here forever and can be used against you at any time. The same is true with video surveillance cameras, which are also easy to hack by experienced hackers and then merge all the videos into the network. Therefore, I personally trust my security only to Ajax and their motion, smoke, and water leak sensors, because there will definitely be no leaks here. I mean already photos and videos...