Remember at the end of 2013 when most of us were getting ready for the Holidays, hackers were in the process of stealing around 70 million Target customer’s information. This security breach was one of the worst to date, granting hackers the access to millions of customer’s names, addresses, and phone numbers. However, Target was not the one completely at fault in this case. Instead, Fazio Mechanical Services a smaller HVAC company that worked for Target was the origin of the hack. By hacking this smaller company the cyber attackers discovered themselves to the secret ingredient, the sensitive credentials that retrieved personal information from millions of shoppers.
The moral of this crisis is that small and medium sized businesses are the ones hackers are trying to lure in; though there is not much gain in the beginning, the end prize may just be as big as Target. We cannot chalk instances like Fazio Mechanical Services all up to ignorance, instead it is best to understand where the risks lie when it comes to using Cloud services and how a few changes in procedure can eliminate those risks. As we have learned, you never know if you could be next.
We all know that a data breach is the loss of crucial company information, but we may not know that the Cloud gives hackers multiple opportunities to attack the master computers holding this information.
For example, we tend to use local restaurants, hotels, and coffee shop’s Wi-Fi or our own hotspots to do business work. This leaves our phones vulnerable because hackers are preying on us to open sensitive documents from our email or other applications that use the Cloud in order for them to steal the information. Also, some of our social media applications such as Skype, Twitter, and instant messaging apps use local hotspots without your knowledge. Therefore, typing out a client’s personal information via the messenger app can leave you at fault for allowing confidential information to get in the wrong hands. One last way a hacker can get information over your phone in a public area is using VOIP which allows them to listen in on conversations during a Skype or Facetime meeting.
However, there are some ways to prevent data breaches such as these over your personal or company’s phone. You can make your information more difficult to access depending on your location. This would mean more questions to pass before you can visit your client lists and calendar full of appointments and meetings, but it also means the hacker a few feet away from you will have a hard time getting every access question correct. You can also simply avoid unsecured networks such as those at your local coffee shop or restaurant; instead, you could choose to do any vital work activities at your job or at home.
Another Cloud security risk that no one likes to think about is data loss. What is worse is knowing that it can be an accident. We expect our data center support to help keep things running smoothly, but sometimes work mishaps occur. Remember the last time you thought you lost a crucial thumb drive, but in the end, it was in your second briefcase at home.
Another example of data loss is through the use of a BYOB policy. Employers can be unaware that their employees’ phones, iPads, and computers are jailbroken or rooted. This turns the device into a less secure version of its original. Also, employees’ devices may not have the newest edition of a security application, use short passwords, and have many accepted permissions. However, the issue with solving BYOB matters is that “according to the Ponemon BYOC study, a majority [64%] of respondents say their companies can’t confirm if their employees are using their own Cloud in the workplace.”
Data loss through the use of the Cloud does occur, but there are a few ways your company can prevent this security risk. First, you may want to try working with a Cloud expert, either an IT analyst or a third party auditor to ensure your Cloud Provider Services are compliant. For further reading "Seven Questions to Ask Before Moving to That Application to the Cloud." It is best to know which devices and applications your staff is using, and possibly dismantle the BYOD policy if it is not an efficient system.
One of the risks that many Cloud users forget is that a database has multiple users on a single infrastructure. Like an apartment infestation, when one company is hacked, the other companies feel the pain. Cyber criminals have an easier time hacking into everyone’s data once they have the special credentials to access one company’s information. Also, if a Cloud Provider is careless then this can hurt everyone using their infrastructure.
A shared infrastructure means that you should not only encrypt information during entry into the Cloud, but it must be encrypted in the Cloud. Encryption should take place before uploading to the Cloud, and can then only be decrypted by those that own the correct credentials. Lastly and as always, to prevent any future risk due to this make sure your passwords are strong by using various characters, cases, and numbers.
As we recall Target’s data breach, we must remember how it all started with a single medium sized business. Yet, anyone can prevent all of the risks that come part and parcel with Cloud computation by taking a few simple steps forward in a secure direction. For more information about Cloud computations risks, and prevention recommendations to eliminate those risks take Total Computer Solution’s free Cloud consultation. TCS has plenty of experienced analysts to help sort out your fears about Cloud moving.