7 Common Cloud Security Missteps

7 Common Cloud Security Missteps

Cloud Security Missteps

Cloud computing remains shrouded in mystery for the average American. The most common sentiment is, “It’s not secure.” Few realize how many cloud applications they access every day: Facebook, Gmail, Uber, Evernote, Venmo, and the list goes on and on… People flock to cloud services for convenient solutions to everyday tasks. They are so easy to start using that consumers rarely think twice about setting up an account or downloading a new app.

Regardless of whether you acknowledge it, cloud usage incurs risk to your personal information. The data breaches in the news have much worse repercussions than just the need to reset your password. Cloud usage from your phone or computer may expose your data to criminal hackers who sell the information on the black market, or Darkweb.

cloud-security-tips

Of course, no one advocates for avoiding cloud use altogether – an attitude analogous to keeping money safe (but idle) under your mattress. Cloud services enable a brave new world of productivity and convenience, and consumers and businesses should take full advantage of these benefits. At the same time, you should be aware of common threats and take steps to minimize the risk that a wrong click leads to a fraudulent charge call with your credit card company.

A recent trend in the cybersecurity industry has removed the “blame” of security failures from technology users and shifted the focus to making security easy. With that in mind, there are simple choices people make online that affect the likelihood of becoming a victim to cybercrime. You don’t have to be a security engineer to beat the vast majority of hacking attempts.

Take heed of these common cyber security pitfalls:

1. Misstep: You lost control of your data because of the fine print in a user agreement. Solution: Many cloud services claim ownership of any uploaded data, even after you delete your account. These tricky rules are hidden in plain sight in the terms and conditions. Companies don’t expect you to read all the fine print, and I don’t either. 15 seconds of online research can go a long way before using a new cloud service. Google, “_______ shady user agreement.”

2. Misstep: You sent out a public link to a Google Doc so others could view and edit.

Solution: Creating a public link is a convenient way to share a common document, but this means literally anyone who guesses the link can view the document. You may not care about your grocery list getting loose on the internet, but even documents like a party-planning sheet may have your address or other information you want to keep private. To restrict access, invite email addresses instead.

3. Misstep: You’re a celebrity and had private information leaked from your iCloud.

Solution: This is the famous celebrity nude photo catastrophe. Attackers correctly entered their victims’ passwords, either by brute force (multiple guessing attempts) or with previously stolen passwords. You may not be a famous model, but hackers commonly rely on this same method to steal information from any given application.

iCloud, the service provider in this case, is not necessarily insecure, since attackers gained access in the same way the account owners do. It’s the user’s responsibility to confirm their identity, and sometimes a password alone doesn’t suffice. Multi-factor authentication can almost always prevent this type of attack and is a key measure for any service with sensitive information. You can follow these directions to set up two-factor verification for iCloud.

AloneTime(FP)-02

4. Misstep: You use the same password for every app on your phone.

Solution: The previous tip discussed how attackers can gain access to your sensitive information by guessing or using a stolen password. Don’t make it easy for them! If you use the same password for all online services, a breach at Twitter may give attackers entrance into your bank, Amazon, and corporate email accounts. Use a password manager to minimize the damage in the event a single service gets breached.

5. Misstep: Web trackers are storing information on the sites you visit online.

Solution: Just like any hunter, knowing where you like to go online helps hackers target and execute attacks. Visiting just a few web pages can attract nearly 50 different tracking services. Many web trackers are useful for the services you use, but they can also pose a security and privacy liability. Services like Ghostery let you selectively choose who can track you, so only sites you trust receive your information.

6. Misstep: You granted an application every permission under the sun.

Solution: Applications request authorization for device permissions, but sometimes these can overstep boundaries. Be discerning when services seem to overstep their bounds by requesting access to contacts or even your camera, for example. These permissions can cost you money by making phone calls, violate privacy, or make a malicious attack more dangerous. Look out for permissions that seem unnecessary for the application’s function.

7. Misstep: A small mobile app startup you know nothing about has access to your banking data.

Solution: Your bank spends hundreds of millions of dollars on protecting your account, but that brand new financial app may not implement the same level of security. When you give a service full access to your financial information, you’re essentially circumventing your bank’s security. Keep your bank account secure by applying the tips above to any financial app you use. You should also limit access to only the necessary services, some of which ask for more permissions. A good rule of thumb is to be extra discerning of any service that requires you to enter your online banking password within the app. On the other hand, services that send you back to your banking app to authenticate don’t have as much control.

The Bottom Line: Don’t be afraid of the cloud. On the contrary, the typical user is probably better off storing even sensitive information in the cloud. The human is almost always the weak link in security. Cloud services are designed to be easy to use, security features included. When you store data in the cloud, someone can’t get your information just by stealing your computer or phone. And it’s a lot easier to implement multi-factor authentication and encryption on a cloud service than on your own personal device. Plus, you get to take advantage of all the convenience and mobility of cloud. So enjoy those apps, but take a few extra minutes to reduce the risk that a cybercriminal will ruin your week.

By Harold Byun

About Harold Byun

Harold is currently VP of Product Management at Skyhigh Networks. Prior to Skyhigh, he worked at MobileIron where he focused on mobile application delivery and security. Prior to MobileIron, he led the product management group at Zenprise (acquired by Citrix), where he launched their mobile DLP product and cloud offering to market. He also worked with the Vontu/Symantec DLP group and is the co-inventor on a patent filed for security risk visualization and scoring.

Find out more
View All Articles

Sorry, comments are closed for this post.

Comic
InformationWeek Reveals Top 125 Vendors Taking the Technology Industry by Storm

InformationWeek Reveals Top 125 Vendors Taking the Technology Industry by Storm

InformationWeek Reveals Top 125 Vendors Five-part series details companies to watch across five essential technology sectors SAN FRANCISCO, Sept. 27, 2016 /PRNewswire/ — InformationWeek released its list of “125 Vendors to Watch” in 2017. Selected by InformationWeek’s expert editorial team, the companies listed fall into one of five key themes: infrastructure, security, cloud, data management and…

Part 1 – Connected Vehicles: Paving The Way For IoT On Wheels

Part 1 – Connected Vehicles: Paving The Way For IoT On Wheels

Connected Vehicles From cars to combines, the IoT market potential of connected vehicles is so expansive that it will even eclipse that of the mobile phone. Connected personal vehicles will be the final link in a fully connected IoT ecosystem. This is an incredibly important moment to capitalize on given how much time people spend…

Embedded Sensors and the Wearable Personal Cloud

Embedded Sensors and the Wearable Personal Cloud

The Wearable Personal Cloud Wearable tech is one avenue of technology that’s encouraging cloud connections and getting us all onto interconnected networks, and with the continued miniaturization and advancement of computing the types of wearable tech are always expanding and providing us with new opportunities. A few years ago, smartwatches were rather clunky devices with…

SWIFT Says Bank Hacks Set To Increase

SWIFT Says Bank Hacks Set To Increase

Bank Hacks Set To Increase SWIFT, whose messaging network is used by banks to send payment instructions worth trillions of dollars each day, said three clients were hacked over the summer and cyber attacks on banks are set to increase. The theft of $81 million in February from Bangladesh’s central bank using SWIFT messages rocked…

Security: Avoiding A Hatton Garden-Style Data Center Heist

Security: Avoiding A Hatton Garden-Style Data Center Heist

Data Center Protection In April 2015, one of the world’s biggest jewelry heists occurred at the Hatton Garden Safe Deposit Company in London. Posing as workmen, the criminals entered the building through a lift shaft and cut through a 50cm-thick concrete wall with an industrial power drill. Once inside, the criminals had free and unlimited…

Don’t Be Intimidated By Data Governance

Don’t Be Intimidated By Data Governance

Data Governance Data governance, the understanding of the raw data of an organization is an area IT departments have historically viewed as a lose-lose proposition. Not doing anything means organizations run the risk of data loss, data breaches and data anarchy – no control, no oversight – the Wild West with IT is just hoping…

Cloud Services Providers – Learning To Keep The Lights On

Cloud Services Providers – Learning To Keep The Lights On

The True Meaning of Availability What is real availability? In our line of work, cloud service providers approach availability from the inside out. And in many cases, some never make it past their own front door given how challenging it is to keep the lights on at home let alone factors that are out of…

How You Can Improve Customer Experience With Fast Data Analytics

How You Can Improve Customer Experience With Fast Data Analytics

Fast Data Analytics In today’s constantly connected world, customers expect more than ever before from the companies they do business with. With the emergence of big data, businesses have been able to better meet and exceed customer expectations thanks to analytics and data science. However, the role of data in your business’ success doesn’t end…

Three Factors For Choosing Your Long-term Cloud Strategy

Three Factors For Choosing Your Long-term Cloud Strategy

Choosing Your Long-term Cloud Strategy A few weeks ago I visited the global headquarters of a large multi-national company to discuss cloud strategy with the CIO. I arrived 30 minutes early and took a tour of the area where the marketing team showcased their award winning brands. I was impressed by the digital marketing strategy…

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards.…

Internet Of Things – Industrial Robots And Virtual Monitoring

Internet Of Things – Industrial Robots And Virtual Monitoring

Internet Of Things – Industrial Robots And Virtual Monitoring One of the hottest topics in Information and Communication Technology (ICT) is the Internet of Things (IOT). According to the report of International Telecommunication Union (2012), “the Internet of things can be perceived as a vision with technological and societal implications. It is considered as a…

The Business of Security: Avoiding Risks

The Business of Security: Avoiding Risks

The Business of Security Security is one of those IT concerns that aren’t problematic until disaster strikes. It might be tomorrow, it could be next week or next year. The fact is that poor security leaves businesses wide open for data loss and theft. News outlets just skim the surface, but hackers cost business up…

The Internet of Things – Redefining The Digital World As We Know It

The Internet of Things – Redefining The Digital World As We Know It

Redefining The Digital World According to Internet World Stats (June 30th, 2015), no fewer than 3.2 billion people across the world now use the internet in one way or another. This means an incredible amount of data sharing through the utilization of API’s, Cloud platforms and inevitably the world of connected Things. The Internet of Things is a…

Driving Success: 6 Key Metrics For Every Recurring Revenue Business

Driving Success: 6 Key Metrics For Every Recurring Revenue Business

Recurring Revenue Business Metrics Recurring revenue is the secret sauce behind the explosive growth of powerhouses like Netflix and Uber. Unsurprisingly, recurring revenue is also quickly gaining ground in more traditional industries like healthcare and the automotive business. In fact, nearly half of U.S. businesses have adopted or are planning to adopt a recurring revenue model,…

5 Predictions For Education Technology

5 Predictions For Education Technology

Education Technology Although technology has fast influenced most sectors of our world, education is an area that’s lagged behind. Many classrooms still employ the one-to-many lecturing model wherein the average student is catered for while a few are left behind, and others bored. Recently, there’s been a drive to uncover how to use technology successfully…

Cloud Infographic – The Future (IoT)

Cloud Infographic – The Future (IoT)

The Future (IoT) By the year 2020, it is being predicted that 40 to 80 billion connected devices will be in use. The Internet of Things or IoT will transform your business and home in many truly unbelievable ways. The types of products and services that we can expect to see in the next decade…