The latest Netskope research has found that a worrying 44% of security threats start in the cloud. Hackers target popular cloud apps and services using well-known techniques of phishing and malware to get access to valuable enterprise data.
“The majority of employees operate in the cloud — especially now, when remote work is booming. While the cloud is considered to be more secure and much cheaper than on-premise infrastructure, companies need to address the potential risks this environment poses,” says Oliver Noble, an encryption specialist at NordLocker.
The most popular cloud services and apps are used for storage, collaboration, webmail, and consumer relations. However, cloud storage is one area where companies should take higher precautions. According to the researchers, Microsoft Office 365 for Business, Box, Google Drive, Microsoft Azure, and GitHub are among the most-targeted cloud services.
According to NordLocker’s encryption specialist, the two biggest cloud-related threats to companies are data loss and data leak. Due to the unsystematic database structure, human error, phishing, or malicious intent, confidential business data can be irreversibly lost or accessed by malicious actors. When the data is compromised, it can end up for sale on the dark web or in the hands of competitors. This might destroy any organization forever.
However, in cloud computing, internal security threats are just as important as external risks. As employees move data between different cloud storages, cloud communication apps, or different risk levels, cybersecurity rules are often overlooked. There’s also a chance of data abuse by a malicious insider who may intentionally leak information for financial or personal incentives. Moreover, employees using their own devices to access the company’s cloud might also pose great insider threats.
How companies can avoid cloud security threats:
Data backup. According to Oliver Noble, data backup is the most important cloud security practice for your company to avoid any information loss. Regardless of the business and the data it handles, regular backups are a must, be it every three hours or three days.
Strong employee access management policies. Permission to your cloud database and storage should be granted only to those employees who require it. To avert any unsafe or dodgy attempts to log in, consider using multi-factor or biometric authentication methods.
Cloud security assessment. Every business that employs cloud infrastructure for its operations needs to conduct a cloud security assessment regularly — not only after something happens. A quarterly review is a good idea.
Data encryption. Make sure you encrypt all your business data, especially if you handle confidential customer information, such as medical, financial, or legal records, before uploading it to the cloud. By encrypting your files, you control who can open them. Even if they get stolen, no one will be able to access their content without your permission. User-friendly tools like NordLocker help your organization stay compliant with the GDPR, protect its reputation, and earn your clients’ trust.
NordLocker is a tool that secures files stored on a computer or in the cloud with end-to-end encryption. It was created by the cybersecurity experts behind NordVPN – one of the most advanced VPN service providers in the world. NordLocker is available for Windows and macOS.