Several groups of Backupify customers have expressed a need for Migrator for Google Apps: companies who have purchased another firm and want to transfer the users to the new domain, admins who want to transfer the data from a departing employee to a new user, and universities who regularly transfer students to an alumni domain. In all these cases, Migrator ensures a swift, accurate and secure transfer of data. If you’re interested you can sign up for Migrator for Google Apps here.

Wait, wait (I can hear you thinking) – this isn’t backup! That’s true; it’s not backup. Despite our name, Backupify isn’t just about backup. We’re about helping businesses control their data in the cloud, and while backup is a big part of that, it’s not the whole story. We’re not moving out of the backup space, far from it – we have Backup for Salesforce in beta right now and it will be released shortly. We’ll continue to create great backup tools for additional SaaS applications and improve the services we already offer.

But at the same time we recognize that the challenge companies face in both moving to the cloud and managing their online information is broader than just backing up data, so we’ll continue to look for ways to help. Our goal is to empower your organization to establish the same level of control and convenience in the cloud that you have with your on-premises data.

On that note, we’d love to hear any suggestions you have about other services or tools that would make your life easier as your organization evaluates, migrates to, or uses cloud applications. Thanks for all your thoughts, and keep an eye out for Migrator for Google Apps public launch next month.

Check the picture: You can clearly see the two SSIDs — MLB-Press and MLB-Photos — along with their respective passwords, BWAA#2012 and Photo#2012. (BWAA isn’t a random alphanumeric string, by the way, it’s an incorrect abbreviation of Baseball Writers Association of America, lest you think the Tigers IT staff were trying to make the password less obvious.)

Now, I’m certain Dombrowski gave not two seconds thought to network security when he posed for his television stand-up; he had bigger things to worry about. But I’m also equally certain that the Tigers IT staff doesn’t have a contingency plan in place for “local Wi-Fi credentials get broadcast on national television.”

The Wi-Fi networks are non-sensitive, to be sure, as most sports venues offer dedicated and separate wireless access for the press, often with a standalone high-bandwidth connection for photographers to upload large images and video files during the game. Signs like the one captured in the background of the above photo are found in almost every major sport team’s press room, not just Detroit’s. It’s extremely unlikely the publication of these credentials put the Tigers organization at any risk of a serious security breach.

That said, everyone within a hundred feet or so of the Comerica Park press room can now snag a chunk of free Wi-Fi bandwidth, which means if somebody wanted to prevent the local press from getting online during the next Tigers game by playing bandwidth hog — or simply wanted a nice fat pipe to anonymize their own nefarious outbound traffic — Mr. Dombrowski just gave them exactly what they need. And he didn’t know it. There are hackers out there that would want to spike the Tigers Wi-Fi network just because the team was dumb enough to throw login credentials out on TV, either for the attention or because the hackers bizarrely consider making an example of dumb enterprise security is a public service. In either case, the Tigers computer staff just got sucker-punched through no real fault of their own.

That’s the point.

User error can’t be predicted. Neither can all your risk vectors. Eventually, something will get exposed, corrupted or deleted in a way you never expected, and you’ll have to clean up the mess. That’s the nature of IT security and data integrity.

Hope you’ve got a good backup plan.

I did realize later that I made one mistake — my backup strategy has in fact changed.

It probably won’t come as a surprise that I’m a big backer-upper — at home my wife’s Mac backs up to my Mac, and my Mac backs up to a local drive using Apple Time Machine. In addition I also use a cloud backup provider (Carbonite, in case you were curious) for offsite backup. And of course I have Backupify for my personal cloud services — Gmail, Facebook and LinkedIn are the ones I worry about. So when I joined Backupify one of the first things I did was buy a local hard drive to back up my laptop.

However, after I moved by files to Google Drive I realized there’s nothing left to backup. My music is stored in iCloud, as are my photos. All of my emails, contacts, events and files are stored on Google Apps, which is backed up by Backupify (for a quick review on why Google Drive isn’t backup see my previous post). With the advent of Google Drive, Backupify now backs up my “local” files.

Personally I think this is pretty cool — I’ve simplified my life slightly and I no longer have to undock my external hard drive every time I take my laptop to a meeting. It’s an example of how new technology has second-order effects which may not be obvious even to the experienced user. It makes me wonder what other habits I have that I’ll have to change as technology shifts to the cloud.

Has Google Drive changed how you work (or backup)?

We at Backupify are (not surprisingly) big users of Google Docs. Thanks to Google Drive, I can now see and open all my shared Google Docs right from my Finder window. (That’s the Windows Explorer menu for Microsoft users.) Last week I started loading more non-Google documents into my GDrive for sharing with my colleagues. This morning I moved all of the files on my Mac to my Google Drive – that’s right, I’m all in with Google Drive. I’ve changed from local storage to shared online storage for everything.

But one thing that hasn’t changed is my backup plan.

There’s a fair amount of online discussion about uses for Google Drive and it’s surprising how many commenters are confusing synchronization with backup.

A synchronization tool allows users to access the same file from multiple locations – laptop, desktop, tablet, phone, etc. The sync service puts a copy of the file on each machine, which makes it look a bit like backup. But the files are synchronized, which means that a change anywhere affects all the files. If we think about the risks that backup protects you from, Google Drive protects against one of them – mechanical failure of a machine. If your laptop fails, you have a copy of the documents in your GDrive on your desktop. But mechanical failure is only a small part of why we back up files. A sync service doesn’t protect from user error, data corruption, or viruses/hacking. If the file on your laptop is deleted, GDrive deletes the file from all the other locations. If a virus garbles the file on your desktop, all of the copies get garbled. And then there’s collaboration.

The collaboration tools built into Google Apps have changed how I work. In some meetings instead of “presenting” a document with a projector, we all just open it at the same time and make changes together. I can be on the phone with a coworker editing a document in real time, taking turns suggesting edits. However, collaboration can actually increase the risk of user error and the need for backup. If six people share a file through Google Drive, any one of them can delete or modify the file by mistake. The other collaborators wouldn’t even know the file was missing or damaged until they needed it.

Thus, I encourage you to make the switch to Google Drive and find new ways to work. In fact, I’d love to hear how collaboration tools have changed how you do your job. And I also encourage you to make sure that, as your workplace changes and evolves, your backup plan evolves too.

As you might expect, we at Backupify have been preparing for the release of Google Drive over the past few weeks. I’m happy to let you know that our Backup for Google Apps service fully supports Google Drive! Because Google Drive is an upgrade to Google Docs, all of your Google Drive data will now be backed up along with your Docs, and can be found today within your “Google Docs” archives.

Coincident with Google’s rollout of Google Drive, we will be re-labeling the “Google Docs” backup services in Backupify as Google Drive over the next couple of weeks, to match Google’s new branding.

One thing I’m already noticing, though, is how much more of my critical business data is landing in the cloud than before, now that I’m using Google Drive as my sync-service. This only underscores the continued need to back up your cloud application data. Remember: synchronization is not intended to be a backup: all the deletions and corruptions you make on one machine are faithfully reproduced everywhere you sync. Always have a backup plan.

As your cloud-app backup provider, one of our responsibilities is to stay on top of the latest releases and enhancements from all the cloud applications we back up. Our engineering staff is focused on keeping your business protected and your backups up to date.

For those of you with a highly developed sense of schadenfreude, there’s a somewhat risqué but amusing website called F My Life, where the F stands for exactly the four letter word you think it does. Here, users submit brief descriptions of the banal injustices they suffer during the progress of modern life, and the audience can vote as to whether the submitter deserved his or her fate, or was simply wronged by a cruel universe.

In many cases, the real victims here aren’t the submitters; it’s their computers. Do a simple search on FMyLife.com for computer and you’ll discover a cavalcade of bizarre and befuddled abuses of computer hardware and software. Below are some of the highlights.

“Today, I guess I accidentally left Facebook open on my work computer while I went to the bathroom, because my boss updated my status to ‘Unemployed.’ FML“

“Today, after being yelled at by our boss because the office computer server has yet another virus, my co-worker and I did a bit of investigating. Apparently, the viruses aren’t coming from client emails as we previously assumed. It seems that the problem is really our boss’s porn addiction. FML“

“Today, the new office IT guy figured the best way to get the virus off my computer was to wipe my entire hard drive. He was kind enough to back my data up and restore everything from the backups. Including the virus. FML“

“Today, my cute co-worker asked if he could use my computer. I told him my password and went to the bathroom. When I came back he said he’d finished. I tried to log in, but my password wouldn’t work. I then noticed a post-it note on the desk saying, ‘Stop stalking me and I’ll change the password back.’ FML“

“Today, I let my friend use my computer to download some music. Now, my computer has 6 viruses and 4 songs, all of which I hate. FML“

“Today, my external hard drive broke. My husband tried to fix it, and the computer told him he needed to format it. Apparently he didn’t know what formatting does, so he did it. I’m a wedding photographer and had a full summer of unfinished wedding photography on there. FML“

“Today, my parents got me a new computer for my birthday. They also took the liberty of throwing out my old computer, with 8 years of photos, videos, music, documents, emails, and bookmarks on it. But that’s okay, I had a backup. They threw that out too. FML“

“Today, I was told that, although I was sick on the last day before break, they would still accept the 24 page essay that I had written. Tonight, as I went to print it out, I found that my dad had ‘cleaned up a bit’ on my computer, including the documents from last semester. I have school tomorrow. FML“

“Today, I let my mother use my computer for school work. Later that day my mom asks me what’s wrong with the computer. I look at it, only seeing a ‘Welcome to Windows XP’ screen. She said that she saw a blue screen and pressed L and C when it asked her to. My mom managed to clear my hard drive. FML“

“Today, my computer stopped working. Me, the technology challenged one, decided to do a system recovery on it hoping that I could make it better. Turns out, system recovery means deleting all the files off the computer including family photos, music and assignments and starting fresh. FML“

From a distance, these technological pratfalls are somewhat funny — until it happens to you. And, make no mistake, virtually none of the “victims” above expected to lose access or lose data. You expect hackers to go after your photos, not your mother. You’re prepared for an intruder to lock you out of an online account, not for your co-worker to hold your data hostage. And, if nothing else, you should now be painfully aware of how willing many users are to simply hand over a logged-in PC, if not a secure password.

For individual users and the IT administrators that support them, this should serve as snarky reminder of the risks you probably aren’t attending to. Hackers aren’t the biggest threat to your data, the real danger is people you share a PC, network or online application with — because they’re already inside the defensive perimeter. They can expose, corrupt or destroy data at any time, either out of malice or ignorance. And, if we’re being honest, many of us can wreak the same havoc on ourselves.

User error is responsible for one-third of all data loss, and 63% of lost data in Google Apps. The best defense against user error is independent, off-site third-party backup. A separate copy of your data is data that user error can’t immediately or accidentally damage or delete.

For external threats to your data, there is security software. As for your coworkers, friends, family and other likely inspirations of FML posts — hope you’ve got a good backup plan.

1. Update to the Latest Version
You could be running an out-of-date version of Internet Explorer and not even know it. (It’s unlikely, given Microsoft’s rather incessant upgrade prompts, but your corporate IT department could have disabled those features.) Step one in any IE security assessment is to ensure you’re running the latest version of the browser with all the most up-to-date defensive features.

2. Run the IE Performance Fixit Tool
Microsoft products are known for the endless layers of customizable settings and features — which can often lead to an over-tweaked instance of Internet Explorer that is vulnerable, unresponsive or both. Microsoft’s standard answer to over-optimized products is a Fixit program. The IE Performance Fixit Tool isn’t exclusively a security tool — it repairs caching issues and uninstalls broken add-ons — but its main purpose is to reset the browser to Microsoft’s recommended security settings, including turning the pop-up blocker and anti-phishing content filter back on. If you want to secure IE, the Fixit program helps you set a good baseline for optimization.

3. Enable Tracking Protection and ActiveX Filtering
ActiveX allows certain kinds of browser scripts to run properly in IE but, just as with JavaScript, you need to be careful about which sites are given ActiveX privileges. You’ll want to enable ActiveX filtering, but list your Google Apps URLs as exceptions, as they may occasionally require ActiveX to run certain features. In the Safety menu set, you should enable Tracking Protection, which alerts you if any website you visit is displaying content from another site — the content equivalent of a bait-and-switch that may be used to disguise a malware attack.

4. Block All Cookies
Cookies help websites remember who you are, both for tracking purposes and to expedite logins — including for services like Google Apps. Should your laptop fall into the wrong hands, you don’t want saved cookies to give the attacker easy access to your Google Apps account, too. Blocking all cookies in IE means you’ll have to log into Google Apps every time you navigate to your account, but that minor inconvenience is a small price to pay for the added security.

5. Block Saved Usernames, Passwords and Forms
Autocomplete form data is another risky convenience in Internet Explorer, as the browser can save not just the usernames and passwords you use to access Google Apps (or any online account), but form data like your mailing address, phone number or even credit card information. The browser is very insecure place to keep this information, and not just because you don’t want IE divulging that data any time you happen upon a new online form. The browser itself is often a hacking target precisely because this data is often stored there. Disabling these autocomplete features protects your privacy, your Google Apps account and, for online bankers, perhaps even your life savings.

6. Add Google Apps URLs to the Trusted Sites Security Zone
Internet Explorer splits websites into four different Security Zones: Intranet (your local network), Trusted Sites (websites you designate as “safe”), Restricted Sites (websites you designates as “dangerous”) and the Internet (everything not explicitly labeled). You should add all your Google Apps URLs to the Trusted Sites Zone to ensure IE doesn’t overreact to any content or features your Google Account offers up. This also frees you, should you so choose, to ramp up any additional security settings on the other three Zones, as Google Apps won’t suffer any slowdowns from the increased defenses.

7. Block Location Services and Pop-Ups
Certain websites request your location — deduced from your IP address — to customize content for your local area. That’s great if you’re looking to gain an extra three seconds when searching for a restaurant but lousy if you want to keep your location data private. Remember, personal information is the foundation of all social engineering attacks, so divulging as little as possible is good policy. Modify your Privacy settings to keep you location data private, and while you’re there, make sure the Pop-Up Blocker is enabled. Pop-Ups aren’t just annoying; they can open silently (behind the current browser window) and wreak all manner of havoc before you notice them.

8. Install Chrome Frame for IE
More an optimization than a security setting, the Chrome Frame IE Add-On enables a number of Google Apps features that are supported only in the Chrome browser. Drag-and-drop image and file support for Gmail and Google Docs comes back into play, but so does the enhanced JavaScript engine designed explicitly to keep Google Apps speedy and safe. If you can’t run Chrome itself, Chrome Frame for IE is the next best thing.

Maryland is wrong.

Every employer should have the right to ask for your Facebook password. And they should fire (or not hire) you the second you agree to hand it over. That’s right: failure to give your boss Facebook access shouldn’t be grounds for termination; giving your boss Facebook access should get you canned. Why? Because any employee that’s desperate or gullible enough to hand over a personal password to his boss might as well tattoo SECURITY RISK on his forehead.

Social engineering attacks are based on one thing: the attacker convincing the victim she is entitled to legitimately access private information. If a potential employee is handing over private data in the interview, that’s a pretty fair indicator he has a poor grasp of what constitutes private information and/or legitimate access. That’s something an employer should know before hiring anyone. If a current employee does the same thing during a random supervisor sit-down, the boss should seriously reevaluate the employee’s security privileges, and possibly his employment.

By the same token, any job applicant asked to disclose her Facebook login should walk out of the interview. Unless you’re applying for a job requiring national security clearance levels, your employer has about as much right to your Facebook account as it does to read your private diary, search your medicine cabinet or rifle through your underwear drawer. Any place with that sense of entitlement or paranoia is not a place anyone should want to work.

(The issue of requiring students to hand over Facebook login details is separate; putting in legal protections for the privacy of minors is almost always a good idea. Kids don’t always have the resources or wherewithal to stand up to abusive authority figures.)

Maryland is trying to legislate common decency and common sense. While I applaud the instinct, the password handover issue is too convenient and powerful a signal to outlaw; it makes careless employees and clueless employers much easier to spot.

Okay, maybe not.

In all seriousness, Maryland is probably right to ban the practice of requesting employee and student social networking credentials — if only to save teachers and employers from themselves. Those levels of access are almost certain to be abused (or inadvertently exposed) by overzealous (or clumsy) supervisors and thereby open up companies, schools and states to all kinds of harassment lawsuits.

That such a ban is even necessary is proof enough that the general public has very untrustworthy instincts about proper password and access security. If you think your online data is safe, bear in mind you’re sharing systems with people who think nothing of asking for — or handing over — access with very little consideration of the long term consequences. You’re sharing the information superhighway with people who are not only careless drivers, but who will let almost anyone who asks borrow their car, too.

Hope you’ve got a good backup plan.

On the one hand, we’re strong believers in openness and communication, because we know that our customers trust us with some of their most important data. On the other hand, as individuals we get a lot of email from services we’ve signed up for and it’s sometimes hard to sort out what’s important. And we’ve heard from users that many of them share this sense of “email overload,” which suggests we should be judicious about when we send out emails.

After talking to colleagues and looking at what other online services are doing we’ve decide to strike what we think is a healthy balance – we will email all of our users (more than two hundred thousand!) when we have a significant update to our Terms of Service, and the email we send will draw the reader’s attention to what changed. But when we make small language changes or fix a mistake or typo, we won’t email all of our users. You can always find a link to our TOS on our homepage, and I should note that our TOS only governs your right to use the service. Actions involving the use of and your access to your data are covered in our Privacy Policy, which has not changed. That policy states we will email you anytime we make changes.

We think this approach is the right tradeoff, though we expect that there will be users who still feel we email too much, and others who would prefer to be notified for every change. As always, feel free to leave a comment or email us with your feedback or questions about this issue.

Firefox has long been considered one of, if not the, most reliable and adaptable browser available today, but that standing is easily undermined by insecure browser settings and user preferences. When running a Software-as-a-Service solution like Google Apps, lax browser security can prove fatal to a Google Apps domain, and to your business. Below are 10 steps you take to maximize Firefox’s defenses against online threats and keep your Google Apps domain safe and secure.

BROWSER SETTINGS
Firefox’s reputation as a highly customizable browser is well earned, so your Google Apps security measures should begin with the Firefox’s internal settings.

1. Disable Advanced JavaScript
For absolute maximum security, you should disable JavaScript altogether, as hackers can use it to execute a number of unscrupulous actions in your browser. However, JavaScript is necessary to operate the interactive features of many online applications, including portions of the Google Apps suite. The good news is Firefox can disable only the more dangerous elements of JavaScript. Under the Content Panel’s Advanced JavaScript Settings, deselect the options to Move Or Resize Existing Windows, Raise Or Lower Windows, and Disable Or Replace Context Menus. This will prevent websites from opening hidden browser windows you can’t easily dismiss or control.

2. Set Custom Browser History Configuration
Firefox offers a Private Browsing Mode that prevents it from recording any passwords, form autofill data, accepting cookies, or saving other history data. This is prudent, as it prevents hackers from targeting your browser to obtain this access information. You can permanently opt into Private Browsing mode by selecting the Never Remember History option in the Privacy Panel, but the smarter move is to configure a Custom History Setting. Within the Privacy Panel’s Custom Settings For History section, deselect every option except Remember Download History. This will ensure you have a record of any items downloaded — knowingly or otherwise — but that any other history data (notably login information) won’t be saved in the browser.

3. Show the Downloads Window When Downloading Files
Some hyperlinks disguise malicious software downloads. Selecting the Show The Downloads Window option in the General Options panel ensures that nothing gets dropped on your hard drive without your knowledge.

4. Enable Security Warnings
Firefox provides a number of defenses and security warnings by default, but you should be certain these options are enabled. Under the Security Panel, select the Warn Me When Sites Try To Install Add-Ons, which will prevent any malware disguised as video player plug-ins or game features from sneaking onto your browser. Then select Block Reported Attack Sites and Block Reported Web Forgeries, which are pretty self-explanatory.

5. Disable Password Storage
Storing passwords in your browser simply makes your passwords vulnerable to browser attacks, putting your Google Apps account and domain at risk. While less convenient, you should disable the password storage option.

6. Set Alerts For Offline Website Data Storage
Some websites will try to store data locally. Most of these requests are legitimate — Google Apps can occasionally make them in relation to its Offline Mode — but you should be aware when these requests are made. Under Firefox’s Advanced Panel’s Network tab, select the Tell Me When A Website Asks To Store Data For Offline Use option to ensure no offline data is saved without your knowledge and permission.

7. Automatically Install Updates
Keeping Firefox up to date means you’ll always have the latest security patches and defenses running on your browser. Under the Advanced Panel’s Update tab, select the Automatically Install Updates option and the related Warn Me If This Will Disable Any Of My Add-Ons option. The former will keep you running the latest version of Firefox; the latter will let you know if any of your security plug-ins are incompatible with the latest Firefox update.

8. Enable Encryption
While selecting the SSL version of any website is prudent, Firefox can enforce the use of the latest and most effective Secure Sockets Layer and related encryption protocols at any HTTPS web address. Under the Advanced Panel’s Encryption tab, select the Use SSL 3.0 and Use TLS 1.0 options.

BROWSER ADD-ONS
Above and beyond Firefox’s native security features, these add-ons impart some much-needed defensive measures into your browser.

9. HTTPS Everywhere
Virtually every reputable website and web application offers an SSL version to accommodate encrypted web communication, including Google Apps. This keeps any data you share with the website — especially passwords — away from prying eyes. The HTTPS Everywhere Firefox Add-On defaults you to the SSL version of any website, making sure you don’t accidentally opt for the less secure version.

10. NoScript
Even with Firefox’s advanced JavaScript settings, you’re still at risk from clickjacking attacks. The NoScript add-on only allows JavaScript from trusted sites to run on your browser. If they’re not on the safe list, the site’s script won’t run, keeping JavaScript fully at bay.

So Facebook bought photosharing mobile network Instagram for tidy $1 billion this week. In all the furor about whether Instagram is selling out or Facebook is frightened of mobile or if this is further proof Facebook’s IPO will break the NASDAQ, we are obliged to ask what this means for data ownership, particularly for Instagram users. The answers are thus:

1. Not much
2. That’s the wrong question

As to point one, Instagram already had a pretty solid lock on the use of any photos you put in their service, as their TOS makes clear with the beneficent caveat that “Content not shared publicly (“private”) will not be distributed outside the Instagram Services.” Whether Facebook constitues an “outside” now that they own Instagram is up for debate, but since the whole point of Instagram is to share photos on Facebook (and other social networks) — and those networks make similar claims to any content shared on their services — Facebook probably already owned distributive rights to your pics. All this buyout means is that Facebook is running the advertising side of Instagram, rather than Instagram keeping the monetizing in-house.

As to point two, let’s take a look at the mass firings, investor vs. executive sniping and near-wholesale management reorganization gripping Yahoo, which is still the fourth most visited website in the world. Do you send messages with Yahoo Mail, hold photographs in Flickr or play roto baseball over at Yahoo Fantasy Sports? Then the meltdown of one of the most popular web enterprises on the planet is of interest you — particularly from a data ownership perspective. Section 9 of the Yahoo TOS states that “with respect to Content you submit or make available for inclusion on publicly accessible areas of the Yahoo! Services, you grant Yahoo! … worldwide, royalty-free and non-exclusive license(s),” which is to say they can use your data for free forever, and make whatever money off of it they want, too. Section 14 of those same Terms of Service warns that “Yahoo! reserves the right at any time and from time to time to modify or discontinue, temporarily or permanently, the Yahoo! Services (or any part thereof) with or without notice.” In other words, Yahoo can shut down anything you’ve got your data in, at any time, for any reason, and they don’t owe you squat.

To be fair, these are standard clauses for almost any web application TOS, and Yahoo was actually pretty up-front when it came to shutting down Delicious (and then, due to outcry, selling it instead). What should worry the data-conscious among us is that Yahoo is in turmoil and its users’ data is its greatest asset. Desperate times call for desperate measures, and Yahoo may start shuttering services more forcefully and less carefully than in the past. Or, worse, Yahoo may be tempted to get into some very onerous data-mining and profile-scraping to keep the lights on and hold position as the number four game in town.

Facebook is making flashy moves to justify a $100 billion pre-IPO valuation, but they’re courting goodwill right now. Yahoo is fighting for its life. Which company would you more gladly trust with your data, and which should you be wary of? I know where my attention will be.

If you’re a user of Yahoo services, I hope you’ve got a good backup plan.

One of the great advantages of Software-as-a-Service solutions like Salesforce and Google Apps is that you can access these tools from any Web browser, rather than simply from a PC connected to the corporate LAN. With this reward comes some risk: Your data is now transmitted via Internet connections you don’t control — including public Wi-Fi hotspots with dubious security measures.

Below are five simple steps to make sure your web apps stay safe, even over the sketchiest wireless network.

1. Disable Automatic Wi-Fi Connections
For the sake of convenience, most laptops are configured to automatically seek out and connect to available wireless networks, often without you even noticing. The security risks involved are fairly obvious. You should disable automatic Wi-Fi connections to ensure your computer doesn’t wander into any unsavory wireless neighborhoods.
Instructions: Windows | Mac

2. Disable Sharing
Both Mac OS X and Windows natively support shared network printers, directories and hard drives, and hackers use faked printer and storage connections to sneak onto your laptop over public wireless networks. Shutting down remote sharing is a must for a laptop in the wilds of unknown Wi-Fi.
Instructions: Windows | Mac

3. Choose the Most Secure Network
Just because the SSID name reads “Free public Wi-Fi” doesn’t mean it’s actually provided by the local venue. Hackers often set up false networks simply to gain access to your computer. Before you logon to any wireless network, make sure it’s legitimate. Most public spaces, particularly airports and hotels, post the names of their Wi-Fi networks. If the SSID name isn’t posted, ask the staff. Never assume.

That said, there are often multiple legitimate networks available in the same area, especially in business offices and conference centers. If given a choice of Wi-Fi connections, choose the one that’s most secure. In order of most to least secure, WPA2, WPA and WEP are the preferred security protocols. Secured networks typically require a password to access, but that minor inconvenience is worth the added level of encryption that secured networks provide. If no secured networks are available, proceed with caution.

4. Use a Personal Firewall
Both Mac OS X and Windows provide personal firewalls to block malicious traffic from reaching your computer. Any application that tries to access your laptop must clear your firewall first. Turn your firewall on and keep it on at all times, but especially when surfing public Wi-Fi.
Instructions: Windows | Mac

5. Use SSL At All Times
Secure Sockets Layer encrypts web traffic, making your passwords and communications that much harder to eavesdrop or steal. All Google Apps services and most webmail providers offer an SSL option, noted by the HTTPS web address and the padlock icon in the address bar. Bookmark the SSL version of any online service you use, and don’t waver in that preference.
Instructions: Chrome | Firefox | Internet Explorer

BONUS: Use a VPN
A Virtual Private Network creates a secure, encrypted communication channel within a public Internet connection. They aren’t free (or, rather, the ones that are free often impose advertising on your web surfing), but they do offer an added level of protection that is generally worth the cost. You can choose from a number of reputable VPNs here.

What is the value of a tweet? How much does Yelp value a review? As a participant in the social media economy, how much value does your participation create for companies like Facebook and LinkedIn?

These questions came to mind recently as we had a deep discussion at Backupify about the value of data in the cloud. Sometimes people ask me why they should backup their cloud data. The answer that I give comes from asking thousands of Backupify customers why they do it – because the data is valuable, and it is always important to protect valuable assets.

Quantifying the value of data to a business is relatively easy. For customers who use our Backup for Google Apps or Backup for Salesforce products to protect their corporate data, it boils down to three basic concerns:

1. How difficult it would be to recreate that data
2. How much revenue would be lost if the data was lost
3. How much productivity would be lost if important data could not be accessed

The value of social data (for both consumers and businesses) is a little bit harder to quantify. We decided to take a shot at it by building off some publicly available information to figure out what social data, which social media companies, and what social media actions are the most valuable. The results are in posted in the Backupify Social Data Value Infographic below.

We plotted the data in two different ways. The first is by average per-user value, which of course has Facebook as king of the hill. The second plot shows how many users a service would require to reach a $10 billion valuation. As you can see, most of the companies are unlikely to ever get that big.

So take a look, and let us know what you think. Are Yelp reviews really worth more than tweets? Who should we have put on the graph that didn’t make it? Which pieces of social media are over or under valued? Leave a comment, write a post, or just tweet @backupify with your thoughts.

Click for full size version

The web-centric moral outrage du jour is currently centered on a tasteless iOS mobile app called Girls Around Me, which in its most polite moments has been decried as a creeper app and in less forgiving terms as the ultimate online tool for stalkers. Girls Around Me aggregates public check-in data and, at the user’s request, highlights how many girls are presently at or near your location. In blunt terms, it helps iPhone-owning guys track down the venue with the best odds of hooking up. You can see how someone might find Girls Around Me to be a bit offensive.

What’s really offensive is the naivete at work here.

CNET’s Molly Wood, Forbes‘s Kashmir Hill and PCWorld‘s Sarah Jacobsson have all decried the outrage against Girls Around Me from essentially the same viewpoint: What, exactly, did everyone think would happen when they shared their location data online? All check-in apps are based around a certain level of exhibitionism — from “hey, everybody, I’m a the hottest club and you’re not” to “I’m at the premiere of The Hunger Games, ping me later if you want spoilers” — in that you want people to know what you’re doing and where you’re at. The naivete is the assumption that only your friends would be interested in the data, and that anyone who sees your check-in information will use it for your benefit.

This is the type of thinking that drives I.T. staff, particularly security professionals, absolutely nuts. No small portion of the Girls Around Me outrage stems from the sudden realization that any information you share can be used against you. Users don’t like to consider the downsides to broadcasting their personal information. This same willful ignorance leads to users taping Post-It notes of their passwords to their computer monitors. Sharing check-in data makes it easier for your friends to find you, just like keeping your password out in the open (or in your browser autofill directory) makes it easier for you to log into Gmail.

Convenience comes at a cost. That cost may well be outweighed by the benefits — your check-in data is far more likely to be used by your friends than by creepy jerks in a bar — but you should at least consider the risk-reward before sharing information. Too often, users can’t or won’t ponder those tradeoffs, which is how Girls Around Me gets published, and passwords get stolen.

The same people shocked that Girls Around Me can harness their check-in data are the same people logging into your Google Apps domain or Salesforce database. It’s time for those users to grow up and become responsible adults when it comes to data-sharing. Whether that happens remains to be seen.

Until then, hope you’ve got a good backup plan.

I should be clear that the video you see below is really me really deleting my entire email account. This is my business account for Backupify, which is more than 2 years old, and contains important emails about fundraising, key partnerships, employee hiring, and many sensitive and important business matters. After I did this, I was actually sweating. It’s nerve wracking to think about how hard it would be to reconstruct all that data, and how lost I would be without it. Not to worry though, Backupify came through and restored everything with the click of a button.

One third of all data loss is user error. That doesn’t go away when you move to the cloud. Add to that a world where more and more third party apps are accessing your data via APIs and any bug in any one of them could cause data loss. So on World Backup Day, be sure to backup your stuff – on your PC, on your mobile device, in the cloud, or wherever else it may be. So Happy World Backup Day. Celebrate by watching me delete my entire Gmail account.

Deleting and Restoring (with Backupify) Entire Gmail Account from Backupify on Vimeo.