With more and more people wanting to work from home, companies are discovering the benefits of cloud services for consumers. Elements such as easy access from anywhere, lower costs, more available space, faster servers and a good organizational structure are extremely tempting for business owners and network managers around the world.
But there is also the dark side to the coin: cyber security. Although most cloud services have good security measures, users can still make a mess and give unwanted access to their space. This leads to leaks of confidential data and information that can damage the company’s reputation (perhaps forever).
But it wasn’t supposed to be like this. As long as you are aware of the weakness of the system, you can take preventive measures. So we were thinking of discussing this situation from a hacker’s perspective – if we were going to attack a cloud service, how would we do that?
Phishing
It’s the oldest trick in the book, but it still works incredibly well! According to APWG’s Phishing Trends Report for the 2nd quarter of 2008, the number of phishing attacks in the first quarter of 2020 is more than 146,000 phishing sites, 78% of which were using SSL protection!
In addition, malicious actors continue to use phishing methods to attack webmail and software as a service (SaaS) users.
The practice is simple: attackers send users official looking emails (from the WHO or higher) and insert a malicious link that leads to a similar looking login page for the cloud service they are using. The user enters his login details here (he thinks this is an official site), which is then sent to the attacker.
The best way to protect against this is to use two-factor authentication (2FA) in combination with secure remote access to the web, allowing files to be stored in a secure place (the exchange option is also allowed).
Personal equipment for teleworkers
Today’s employee wants more flexibility in the workplace, which has triggered the trend towards working from home. Although this can be a win-win situation for both the employee and the employer, there are certain risks involved.
Cyber security is such a risk.
If you do not understand the risks associated with cyber security breaches, or if you do not work in this area, you are not so concerned about personal devices and their (cyber) health. In fact, many personal devices use outdated software, free versions and even lack basic security measures.
This opens the door wide and allows hackers to spy on various factors, including vulnerabilities of suppliers that were not detected in time.
The best way to guarantee security in this case is to provide employees with secure devices (laptops, tablets, smartphones) and secure communication channels. Also make sure they understand why they cannot use personal devices to connect to the network or tools to solve personal problems.
Completion
In the field of cyber security, human resources are the weakest link. Therefore, simple attacks such as phishing are still very effective. You may have a modern security system, but if your employees are easily tempted to give away keys, your system will not work.
The best way to stay safe in the cloud is to choose a well-designed platform and train your employees in cyber security.
Related Tags:
how hackers get personal information,how do hackers get into your computer,ransomware allows hackers to,shoulder surfing,how to hack the hacker,what do hackers do with stolen information,can cloud storage be hacked,can cloud storage be lost,onedrive personal vault hacked,what is onedrive personal vault,onedrive security risks
