How easy is it for cyber criminals to access your cloud hosted systems and steal your confidential information or even get access to your funds? It's a critical question to ask because organizations are increasingly moving more and more of their systems to the cloud.
Well, the answer is - it depends.
I know we like to live in a black and white world with definitive answers, but it doesn't always work this way. The reality is, "the cloud" means different things to different people. And sometimes, it's not just the meaning but rather the delivery is quite different. Completely hosted SaaS (Software as a Service) solutions - like Microsoft 365 or Salesforce or QuickBooks Online requires different security considerations than say hosted infrastructure like Microsoft Azure or AWS. And even then, technically, data may reside outside the boundaries of simply "in the cloud."
That said, for SaaS solutions - while it may be harder for cyber criminals to gain access, it's still very doable. So, you still have to take the right security precautions. This is because most reputable cloud service providers have stringent security measures in place to protect your data - from the back end. Unfortunately, this leaves securing the front end up to you.
The principal weak spot is actually you, the cloud service user (ie: the front end). Keep in mind, most cyber criminals that break in to cloud services are able to do so because the cloud service user, rather than the cloud service provider, has failed to keep how they access their cloud accounts secure.
Here are 8 of the most important things you should do to ensure that your organization keeps your cloud accounts secure.
1. USE A STRONG PASSWORD
Three quarters of all cloud breaches are caused by users choosing weak passwords, which cyber criminals can easily guess. That’s why you should use a password made up of at least 13, and preferably more, upper and lower case letters, numbers, and special characters such as ! or &.
For maximum security, choose a password made up of random characters rather than a combinations of words. Too often, complex passwords are so difficult to remember that users tend to simplify them - reducing their security footprint. In this case, you should use a password manager to store them. And of course, NEVER write them down.
2. USE TWO FACTOR AUTHENTICATION (2FA)
When you activate 2FA for a cloud account, you need to provide your password and also something else such as a code which is sent by text message to your phone, before you can log in. This makes your cloud account far more secure, because in order to break in a cyber criminal would have to guess your password and get access to your phone at the same time. This is one of the best ways available these days to ensure your accounts are as secure as they can be.
3. USE ENDPOINT PROTECTION SOFTWARE
Malware or more specifically, keylogging software, can infect your computer as a result of a phishing attack and is capable of recording your password when you type it on your keyboard and then sending it to cyber criminals. The best way to protect against keyloggers and other malware is to ensure that any computer that you use to access your cloud service is protected with up-to-date Anti-Virus or endpoint protection software.
4. TURN ON ACCOUNT ALERTS
Many cloud services offer the option of providing alerts whenever someone logs in to the cloud service, or when they login from an unrecognized computer or from a new or different IP address. These alerts can be very valuable to help you monitor your organization's cloud account usage and to spot when unusual activity is taking place with the account - giving you the ability to address a potential breach timely.
5. USE A VPN ON PUBLIC WI-FI SPOTS
Open Wi-Fi hotspots at your local café or eatery can be very insecure - often unsecured at all. This makes it that much easier for anyone with basic hacking skills to intercept your passwords as they travel over the Wi-Fi connection. Public Wi-Fi access points that require a password are far more secure because each Wi-Fi user’s traffic is encrypted with a unique key. But despite this they still provide opportunities for criminals to access your cloud accounts. The solution is to use a VPN connection to encrypt all your data as soon as it leaves your computer or mobile device and before it goes over the Wi-Fi connection.
6. CHECK CONNECTED APPS AND ACCOUNTS
Some cloud services allow you to connect to them through a variety of external apps and accounts (often through APIs), and this can be very useful. However, it's important to review which apps and accounts have access to your cloud services regularly and remove access to any that are no longer used.
This is important because external apps and accounts may be hacked by cyber criminals, so the fewer of these that can access your cloud accounts the better. It’s also likely that you may not take care to secure any apps and accounts that are no longer used.
7. CONSIDER USING A CLOUD ACCESS SECURITY BROKER
A Cloud Access Security Broker (or CASB) is a piece of software which your organization can run in its office or access from the cloud to help keep its cloud accounts secure. It works by sitting between cloud service users and the cloud services they want to access, monitoring all activity, enforcing security policies (such as password policies or the activation of 2FA), and preventing malware attacks. Here's a list of some CASBs from Gartner with reviews and ratings.
8. DON'T FORGET TO LOGOUT
It may seem obvious, but one of the most important ways to keep your cloud data secure is to ensure that you and your users get into the regular habit of logging out of the service after you've finished using it. Failing to log out means that anyone gaining access to your computer either in person or remotely can completely bypass many of the security measures which you've put in place to protect your cloud hosted system.
I can't stress enough that "moving to the cloud" doesn't absolve you of the responsibility of securing your data housed there. Remember, the cloud is only someone else's computers. So, this means the potential for them being breached via how you and your staff access them is no different. And the best place to start is to approach the security aspects of your cloud hosted infrastructure the same as you would with your on-premise network. As with most things in IT, it's all about the approach.
Let me know what you think. Please share your thoughts. Let me know what you think in the Comment box below or send an email if you’d like to chat about this in more detail.