cloud-security-storage-risks-cyber-attacks

Cloud security threats come in many different forms including data breaches, hijacked accounts, data loss, denial of service, and system vulnerabilities. As organizations and individuals continue to adopt the cloud, securing all of the stored information is a top priority. Companies must be aware of the risks and solutions in order to prevent serious damage.

Security Risks to Cloud Data

Data Breaches

Any data stored in the cloud is at risk for cyber-attack. From phishing to security scams, hackers are constantly developing new ways of gaining access to sensitive information. This type of attack can damage a company’s reputation and affect its market position. Furthermore, it can also lead to legal issues if customers’ personal information was released.

Access Management

Without multi-factor authentication and strong passwords, cyber criminals can easily gain access to accounts. Once they’ve hacked into one account, unauthorized users can access private information. Depending on the hacked account’s permissions, bad actors could cause a sizable data breach.

Insecure interfaces

Because your company’s API and UI are exposed to the public, having strict authentication can help ensure that cyber criminals cannot gain access. However, inadequate security leaves your interfaces vulnerable to attack. Possible consequences include jeopardized confidentiality, accountability, integrity, and availability.

Data Loss

Although many cloud providers heavily focus on security, not all attacks can be prevented. Should hackers gain access to your system, it’s possible that they could erase all of your data with the intention of ransoming it. If no backup storage is in place, your organization could face a permanent loss of data.

Hijacking

Account hijacking is a form of identity theft that involves cyber criminals using stolen information in their attacks. When this occurs, your organization can lose control of its account, data, functions, business logic, and any other dependable applications on the account. A breach of this form should be taken very seriously. It can lead to large data leaks and damage to the company’s reputation.

Insiders

While outside hackers may be the first party that comes to mind, they are not the only threat to your cloud’s security. Current or former employees also pose a risk. Because they already have access to the company’s sensitive information, a malicious insider could expose or sell proprietary information. To minimize the risk of an internal attack, it’s vital to ensure user permissions are kept up to date based on employment status.

Best Practices for Cloud Security

As more people store their information in the cloud, the risk of cyber attacks increases. With a larger pool of potential targets, bad actors are furthered incentivized to develop new schemes. Despite this, the cloud is still a worthwhile storage option.

Steps you should take to secure your information include:

  • Encrypting data
  • Using two-factor authentication
  • Understanding open API frameworks
  • Making sure everyone uses hard-to-crack passwords
  • Restricting accessibility to sensitive information

Protect your business

Having the right tools and systems in place can prevent data breaches and cyber crimes. As the world becomes more automated, it’s crucial for your organization to understand the available cyber security measures to protect its data and devices. Cyber Security Tools for Today’s Environment, an online 11-course program from IEEE, helps businesses improve their security techniques.

Contact a specialist today to get access to the course program for your organization.

Interested in learning about getting access to the course for yourself? Visit the IEEE Learning Network to learn more.

 

Resources

Nailwal, Mukesh. (14 October 2019). CLOUD SECURITY BASICS: HOW TO ENSURE THAT YOUR DATA IS SAFE. Techgenix.

Soni, Rakesh. (11 October 2019). The Rise of Cloud Computing Threats: How to protect your cloud customers from security risks. Customer Think.

tips-to-protect-against-cyber-attacks-while-traveling

You are most vulnerable to cyber attacks when you are traveling. According to a recent research report conducted on behalf of IBM Security, those who are traveling do not take all of the necessary precautions, connecting to unsecured public Wi-Fi, charging their devices at public USB stations, and using their private information on publicly accessible computers.

What should be especially worrying to companies is that people are more likely to engage in these risky behaviors when traveling for business rather than for pleasure, with only 13% saying that they have never connected to public wifi. Because employees often work while traveling, many business travelers connect to public hotspots and surf the web.

More than 1 in 7 travelers surveyed admitted to having their information stolen while traveling.  In 2017, the travel and transportation industry was the tenth most targeted industry for cyber attacks, but the rankings have shifted dramatically. Recent data shows that attempted attacks on IBM customers revealed that in 2018, it was the second-most targeted industry.

Here are 15 tips to help you avoid putting your personal and business data at risk while traveling:

    1. Know your rights and the local laws before you go to a foreign country. Your local privacy rights, not to mention your federally protected rights as a citizen of your country, disappear at the border. If border guards request access to the digital contents of your laptop, you may have no choice but to provide it. Plan ahead and know your legal rights in that country and the rights the country may have to your data.
    2. Before leaving, reset all of your frequently used passwords. This includes PINs for a safe or security box in your hotel room. Take the effort to make sure your personal information is safe. Avoid using easy phrases or numerical sequences, including the all-too common “123456”. In the National Cyber Security Centre’s worldwide analysis of passwords belonging to breached accounts, 23.2 million accounts used this code. And if you’re a big music-lover or superhero fan, try to stay away from “blink182” and “superman”, the most common musical artist and fictional character used in passwords.
    3. Set up temporary email and cloud storage accounts. When it’s necessary to use a computer that doesn’t belong to you, work from these throwaway accounts. This is especially important if you plan to use hotel business center computers, which are clear targets for malware, keystroke recording equipment, and other cyber attacks while traveling.
    4. Leave personal data at home. Chances are, all your data is stored in the cloud. Before traveling, delete the local copy after disabling the sync feature on your laptop, so that there’s no important data left on your laptop. Make all your updates and edits on cloud-based copies while you’re away and re-enable the local cache when you return home.
    5. Protect copied data. Encrypt your information using products like Microsoft’s Active Directory Rights Management Service to make sure others cannot access it. Even if border guards or thieves gain access, it’s unlikely they’ll be able to view it later.
    6. Disable auto-connect on your phone. Although it’s a handy feature when used at home, it’s risky to use auto-connect while abroad. Before traveling, change this setting on your device so that you must manually connect each time you connect to the internet.
    7. Install anti-virus protection, host-based firewall, and host intrusion prevention software. This is one of the most effective ways to keep your personal data secure while aboard. Use a trusted brand of security software and update it regularly as new versions become available to make sure all security patches are applied. Also, turn off any file or network sharing features.
    8. Only work on secure network options. No matter where you go, steer clear of free Wi-Fi connections. Free internet access is appealing, but it’s also particularly vulnerable to security issues. If you must use internet cafes and free Wi-Fi hotspots, make sure it is not a fake Hotspot set up by hackers and do not log into personal accounts or use sensitive data.
    9. Disable Bluetooth connectivity. If Bluetooth is left on, nearby assailants can connect to your phone and potentially hack into your device.
    10. Make sure all your web surfing is protected by TLS-enabled HTTPS. Try to connect to secure websites only and avoid those trying to put fake digital certificates on your computer, which is a common practice among hackers. Remember that your two-factor authentication (2FA) methods may not work while you are out of the country due to the changes in your service plan.
    11. For business, Use your corporate VPN. If your company’s VPN connection uses split-tunneling, ask a member of the IT team to explain which traffic is secure and which is not secure. You can even use your own personal VPN router when traveling to make sure all connections are secure.
    12. Use a good privacy screen over your laptop display. This will keep wandering eyes off of your screen.
    13. Lock your computing devices anytime you’re not using them. This applies even in your hotel room when showering. Change the PIN numbers you regularly use on your phone, computer, and any other device you plan on accessing. This will help prevent a security breach should you misplace any of your devices.
    14. Be wary of accepting that free flash drive. Although malicious thumb drive attacks are generally uncommon, you may want to think twice about plugging in a USB drive that someone hands to you at a conference. All untrusted media should be approached with caution.
    15. Don’t share your current location with the world. Excessive sharing can create security threats in both your hotel room and at home. Think twice before using social media to advertise that your hotel room is empty while you’re out eating dinner or that your spouse and kids will be home alone for the next week. Wait until you return home to post about your travels so you can protect your assets and your loved ones.

Improve Your Security Techniques

Keep your staff members from making careless and costly mistakes that could put your organization’s information at risk while traveling. Cyber Security Tools for Today’s Environment, an 11-course program, is designed to help businesses improve their security techniques. It’s ideal for professionals in IT, computer science, and related fields who need to stay up-to-date on how to protect enterprise networks from potential threats. Connect with an IEEE Content Specialist today about training your organization on how to stay secure.

 

Resources

8 cyber security tips for business travelers. Norton.

Barlow, Caleb. (21 May 2019). How Cyber-Secure Are Business Travelers? New Report Says Not Very. Security Intelligence.

Grimes, Roger A. (1 Jul 2016). 11 essential data security tips for travelers. CSO.

Picheta, Rob. (23 August 2019). How hackable is your password? CNN Business.

Grauer, Yael. (30 October 2015). Should You Plug That USB Drive Into Your Computer? (Beware Of Malware). Forbes.

With the amount of personal information you have saved in your electronic devices, browsing unsecured websites and enabling settings can expose you to a cyber attack.

Leaders at the Forbes Technology Council recently shared the following tips on what to be aware of and what to change in order to boost your cyber security and better protect your data, both online and off:

9 Cyber Security Tips

  1. Apple iCloud Restores
    iCloud backups are not encrypted end-to-end. Because Apple encrypts your iCloud backups, it can also decrypt your backups. Prefer not to expose your backup data to Apple? Disable iCloud backups and encrypt iTunes backups locally instead.
  2. Wi-Fi Hotspots
    Wi-Fi hotspots are convenient, but many are easy to hack. Plus, it’s even easier to set up a fake hotspot. Even if a Wi-Fi network looks legitimate, use a VPN if possible connect to keep your data safe from prying eyes.
  3. Unread Terms and Conditions
    While you may not care about giving certain companies access to some of your sensitive data, that does not mean you want unknown third parties accessing it through a cyber attack. Make sure you read the Terms & Conditions when you subscribe to a service and try to monitor news about these services.
  4. Two-Factor Authentication
    Be sure to enable two-factor authentication (2FA) on every site that offers it. It’s also a good idea to enable 2FA on your smart devices when available.
  5. Unencrypted Media
    Prevent thieves from accessing the data on your lost or stolen laptop. On a Mac, keep important files and information in FileVault, that requires a password to access your encrypted disk. For Windows PCs, consider using Bitlocker for removable drives since they already have data encryption by default.
  6. Wireless Mice and Keyboards
    Beware of “mousejacking” with your wireless devices connecting to your device. This allows someone within about a football field’s range away to take over a computer. Employees in sensitive industries such as healthcare or finance may want devices with attached keyboards.
  7. Outdated Software
    Hackers can exploit out-of-date software. Be sure to make sure you always have the most recent update on your device by allowing automatic updates.
  8. Phishing Emails
    Some tips for avoiding phishing emails include 1) checking the sender’s email address and verifying the domain, 2) alerting colleagues of any potential phishing emails you see, and 3) examining the context of the email before opening it or clicking on links.
  9. Human Error
    Often, human-related vulnerabilities are the biggest security issues. For example, an unwitting participant might accidentally download malware to their device. It’s important to provide staff training on IT security best practices in order to prevent breaches caused by human error.


Playing Defense

Give your team the training necessary to defend your organization from hackers with Cyber Security Tools for Today’s Environment, an 11-course program from IEEE. Produced and vetted by leading industry experts, this program will help your employees enhance their knowledge and stay current in the field of cyber security. Upon successful completion, they’ll receive valuable CEUs/PDHs that can be used to maintain professional licenses. Connect with an IEEE Content Specialist for a quote today.

 

Resources

(19 Apr 2019). 9 Cyber Security Issues That Could Be Leaving Your Data Vulnerable To Attacks. Forbes.