The Leaking Cloud

The Leaking Cloud

 

8th April 2014: Heartbleed Bug discovered having exposed many website credentials including Yahoo, Facebook and Dropbox

31st August 2014: Hundreds of iCloud celebrity photos leaked online

10th September 2014: 5 million Gmail passwords leaked online

13th October 2014: Nearly 100,000 Snapchat images leaked online

14th October 2014: Hundreds of Dropbox passwords leaked online

There has been a common theme during the last 6 months of cloud services being targeted and compromised. Our reliance on cloud services for storage and backup has made them a big target to hackers. The worldwide, high availability which makes them so attractive also makes them vulnerable.

This poses a risk to both businesses and it’s users. Here are some tips to help you stay safe:

 

Company Policy

One of the biggest risks to company’s data is users using their own cloud based services to circumvent company processes. Users have been using Dropbox, Google Drive and Onedrive for their personal documents for years. The risk is that these same users also use their personal cloud services for storing company data, resulting in the business losing control of their important information.

Businesses need to ensure they have a clear policy around what is permitted and what is not, and where company data can and cannot be stored. Companies need to embrace cloud and work with the users. Rather than allowing users to use their personal Dropbox or Onedrive  accounts, the company should implement Dropbox for Business or Onedrive for Business. This ensures the company retain control.

Workstation Monitoring & Web Filtering

To support and enforce the company policy companies should implement workstation monitoring and web filtering. These will ensure that users fall in line with the policy and do not continue to circumvent the company processes by continuing to use their own cloud services.

The monitoring can also be used to ensure the cloud services workstation software is up to date and patched regularly. Ensuring the software is the latest version will decrease the risk of compromise.

Passwords

The password details which have been leaked shows that a high number of users continue to use simple dictionary words for passwords. Passwords should be complex, with a mix of upper and lower case letts with numbers and symbols. Users should also use unique passwords for each service. A company password policy can help enforce complex passwords for users.

Multi-factor authentication

Some business cloud services will offer multi-factor authentication. If so, use it. Using phone app or SMS based verification in conjunction with strong usernames and passwords will help to secure your data.

 

Companies need to embrace cloud services to ensure they stay current and do not fall behind. However, this needs to be implemented in a secure and controlled fashion. To ensure this both the business and the users need to work together. Hopefully our tips will help your business to accomplish this.