The Leaking Cloud
8th April 2014: Heartbleed Bug discovered having exposed many website credentials including Yahoo, Facebook and Dropbox
31st August 2014: Hundreds of iCloud celebrity photos leaked online
10th September 2014: 5 million Gmail passwords leaked online
13th October 2014: Nearly 100,000 Snapchat images leaked online
14th October 2014: Hundreds of Dropbox passwords leaked online
There has been a common theme during the last 6 months of cloud services being targeted and compromised. Our reliance on cloud services for storage and backup has made them a big target to hackers. The worldwide, high availability which makes them so attractive also makes them vulnerable.
This poses a risk to both businesses and it’s users. Here are some tips to help you stay safe:
One of the biggest risks to company’s data is users using their own cloud based services to circumvent company processes. Users have been using Dropbox, Google Drive and Onedrive for their personal documents for years. The risk is that these same users also use their personal cloud services for storing company data, resulting in the business losing control of their important information.
Businesses need to ensure they have a clear policy around what is permitted and what is not, and where company data can and cannot be stored. Companies need to embrace cloud and work with the users. Rather than allowing users to use their personal Dropbox or Onedrive accounts, the company should implement Dropbox for Business or Onedrive for Business. This ensures the company retain control.
Workstation Monitoring & Web Filtering
To support and enforce the company policy companies should implement workstation monitoring and web filtering. These will ensure that users fall in line with the policy and do not continue to circumvent the company processes by continuing to use their own cloud services.
The monitoring can also be used to ensure the cloud services workstation software is up to date and patched regularly. Ensuring the software is the latest version will decrease the risk of compromise.
The password details which have been leaked shows that a high number of users continue to use simple dictionary words for passwords. Passwords should be complex, with a mix of upper and lower case letts with numbers and symbols. Users should also use unique passwords for each service. A company password policy can help enforce complex passwords for users.
Some business cloud services will offer multi-factor authentication. If so, use it. Using phone app or SMS based verification in conjunction with strong usernames and passwords will help to secure your data.
Companies need to embrace cloud services to ensure they stay current and do not fall behind. However, this needs to be implemented in a secure and controlled fashion. To ensure this both the business and the users need to work together. Hopefully our tips will help your business to accomplish this.