Cloud of suspicion?

Cloud of suspicion?

Written on 08/17/2020
SHEQ Management

The latest research from Netskope, a security cloud service provider, has found that 44% of security threats start in the cloud. Hackers target popular cloud apps and services using well-known techniques of phishing and malware to get access to valuable enterprise data.

“The majority of employees operate in the cloud, especially now, when remote work is booming,” says Oliver Noble, an encryption specialist at NordLocker – a tool that secures files stored on a computer or in the cloud with end-to-end encryption.

He adds: “While the cloud is considered to be more secure and much cheaper than on-premise infrastructure, companies need to address the potential risks this environment poses.”

The most popular cloud services and apps are used for storage, collaboration, webmail and consumer relations. However, cloud storage is one area where companies should take greater precautions. According to the researchers, Microsoft Office 365 for Business, Box, Google Drive, Microsoft Azure and GitHub are among the most-targeted cloud services.

According to Noble, the two biggest cloud-related threats to companies are data loss and data leak. Due to the unsystematic database structure, human error, phishing or malicious intent, confidential business data can be irreversibly lost or accessed by malicious actors. When the data is compromised, it can end up for sale on the dark web or in the hands of competitors. This might destroy any organisation forever.

How companies can avoid cloud security threats
Data backup. According to Noble, data backup is the most important cloud security practice for your company to avoid any information loss. Regardless of the business and the data it handles, regular backups are a must, be it every three hours or three days.

Strong employee access management policies. Permission to access your cloud database and storage should be granted only to those employees who require it. To prevent any unsafe or dodgy attempts to log in, consider using multi-factor or biometric authentication methods.

Cloud security assessment. Every business that employs cloud infrastructure for its operations needs to conduct a cloud security assessment regularly – not only after something happens. A quarterly review is a good idea.

Data encryption. Make sure you encrypt all your business data, especially if you handle confidential customer information, such as medical, financial or legal records, before uploading it to the cloud. By encrypting your files, you control who can open them. Even if they get stolen, no one will be able to access their content without your permission.