Zoom, Microsoft 365, Google Suite—these kinds of cloud computing services (especially collaboration and production applications) have become standard for employees.…
But like every other technology that is introduced (too) fast, this also bears risks for the cybersecurity. Previously, employees could only connect to these services via the secure company network. Nowadays, users are extremely mobile and have access to applications from anywhere, more specifically access that can be very insecure.
What are the risks of this?
Collaboration tools, application suites and company VPNs are the new preferred target of hackers. Generally, their security systems are wrongly configured, which opens the door for potential hackers and gives them an easy game. A user name and password are all that’s needed to access these tools. For cybercriminals, it’s easy to steal logins by means of phishing or classic hacking.
Hackers use cloud services as entryways to infiltrate company networks and sneak in classic viruses such as ransomware. This can lead to catastrophic damages to the victims,
making it so important for companies to get equipped with the right security tools, in the light of daily use of cloud services.
63% of CISOs think its necessary to employ additional security measures to the standard ones offered with cloud applications (Source: CESIN barometer)
Which tools are available in this regard?
Multi-factor authentication.
The user requires more than one user name and a password to access cloud services. There are different modes of authentication. Hardware (with a secure USB stick) or software (a notification on the user’s smartphone). Not only does this prevent unauthorised users from accessing accounts, the message the service sends also warns the employee that someone has tried to access their account.
Encryption.
Encryption is a proven local security solution on users’ PCs. For the cloud, the principle remains the same: The data saved in the cloud are encrypted and become either unreadable or hidden for others without a cryptographic key.
A few words from a specialist
Jeremy Wingert, security and infrastructure consultant
Security is above all a set of best practices that reduce the risks a company faces.
- Do not click on random links or suspicious attachments.
- Do not use unknown USB devices.
- Be wary of suspicious emails.
- Use your VPN when on the go.
- Use your phone's hotspot instead of public Wi-Fi.
Stay on your guard to reduce risks. The human factor is the last defence in the event of an attack. It’s up to you to put up as many defences as possible to reduce the success of attacks.