Today, many - well, let's be honest, most - employees access public cloud solutions with little control or oversight by the internal IT team. This is, and rightfully so, a major concern for CIOs and CEOs worried about the security of the valuable information found in their network. This practice can put organizations at risk for data loss and does increase compliance challenges.
But what if it isn’t the public cloud itself that you need to worry about the most? It’s more likely that your own internal processes are the biggest risk when using and adopting cloud solutions, no matter public, private or hybrid.
A recent Gartner report predicts that through 2020, 95 percent of cloud security failures will be the customer’s fault, not the service provider’s. Naïve users are a security risk whether your applications accessed via the on-premise data center, a public or private cloud, or a hybrid combination. The old low tech standbys such as writing down passwords can still be an issue, but today, many users unknowingly engage in much riskier behaviors that put your information security at risk. Some examples of this are:
- Downloading unauthorized applications that bring unwanted tagalong apps such as keystroke loggers or malware that can steal or destroy data
- Using simple passwords or reusing passwords making it easy to gain access to the network. If a breach occurs at one site, hackers with sophisticated automated tools will usually try the same password at other sites—including your company’s VPN.
- Opening unexpected attachments that causes malware proliferation. Phishing scams are growing at an alarming rate, and hackers can easily spoof the look and feel of legitimate emails and websites. Trusting users often open email attachments that appear to be from co-workers or business partners.
- Disabling virus scanning or other protective software on their devices opens up network vulnerabilities
- Using public Wi-Fi networks to access an organization’s network without using a VPN connection allows hackers to intercept network and application access information.
- Storing passwords on computers or mobile devices can be stolen and used by outsiders.
As hackers continue to develop more sophisticated methods to gain access to your network, the attacks will only increase in frequency and intensity. We need to accept that today our networks are borderless and even the best firewalls and malware protection will not 100% protect your organization especially if the threat finds its way inside by employees opening the door.
After educating your team on the risks of phishing campaigns and other malicious attacks, the next step is to work with a cloud and hosting provider who understands and implements the cybersecurity measures needed to keep your organization safe in the cloud. Your cloud provider can ease the security burden that is overwhelming your IT staff and decrease your risk at the same time. To see how our risk management experts can help your business, contact OneNeck IT Solutions today.