WHAT IS CLOUD STORAGE?
At it’s root, cloud storage is online data storage supplied by a third-party provider. Cloud storage lets you store your files, pictures, videos etc. on the server of your provider of choice. The disadvantage of cloud storage is that you don’t have direct control of those files because they’re not saved within your own walls. On the other hand, there are some important advantages, including:
1. Visibility: You don’t have to be tied down to a particular work station. You can access your files through a secure connection.
2. Bandwidth: It is less confusing to send and receive files. You can just send a link to that file in your drive and provide access to whomever you choose.
3. Built-in Disaster Recovery: Your files are being backed up for you if your computer crashes.
MORE COMMON PLATFORMS
Choosing which reputable cloud storage provider to use is less importantthan understanding how to securely store your data in the cloud.
From our perspective, the top five providers of cloud storage are:
· Drop Box
· Google Drive
· Microsoft One Drive
· Amazon Drive
Ultimately, it doesn’t matter which of these vendors you choose — all of these providers have good security measures in place. What matters mostis how you configure them so that you’re using your cloud storage securely.
YOUR CROWN JEWELS
Putting online data storage for your organization into perspective of the big information security picture, cloud storage is one important aspect of the technology category. In order to keep your critical data secure, you need to take good care of each of the following cyber security categories: People, Processes and Technology. A common misconception is that when data that has been entrusted to your organization is stored elsewhere, the risk is transferred along with it to the cloud provider. Unfortunately, from a legal perspective, this is not the case; You are responsible for safeguarding this data.
Before you store any data in the cloud, the first step you must take is to be aware of your data. What are the crown jewels, the most sensitive information belonging to your customers, business partners, vendors, clients, and shareholders, in your organization? From there, you must be aware of the risks you face when you choose to store any data in the cloud.
WHAT IS THE UNDERLYING RISK?
The top four inherent risks in cloud storage are:
1. Risk of unauthorized access to your sensitive business data.
2. Legal, contractual and compliance risks such has health care information which can’t be stored outside of Canada.
3. Cloud storage vendor security risks in that the vendor might not have the proper security controls in place.
4. Availability (down time) risks if the platform goes down and you can’t access your files.
HOW DO WE ADDRESS THOSE RISKS?
Firstly, make sure you take the time to go through the access controlsprovided by the cloud provider to ensure that they mirror your internal access permissions within your company. You can take security a step further by encrypting your files before you store them in the cloud so it’s not being sent as raw data.
Secondly, understand what categories of critical data you have and which files you can store on the cloud. Then, go down the lists of your legal, contractual and regulatory compliance obligations when it comes to where and how you store critical data. This will enable you to effectively and securely manage your data.
Thirdly, if you are considering smaller cloud service providers, take time to do your due diligence on your chosen provider, either internally, or through a trusted third-party expert.
Fourthly, familiarize yourself with your Service Level Agreements with your provider. If the cloud provider can provide up-time to your required level, chances are they can do a better job than what you could achieve in-house. Find out what percentage of up time are they committed to and what happens when there is downtime (i.e. you get money back).
The main and most important takeaway from this article is to be aware of your data and understand how to store your files in the could securely. In order to experience the benefits of storing your information in the cloud, you need to do three things: Choose a reputable provider, understand the risk you face and take the steps outlined above to address those risks. Doing cloud security properly is the right thing to do for your shareholders, vendors, business partners, employees and customers.
We have more for you to read
I remember the first time I got the call. The person had an message on the screen that was demanding payment to regain access to the files and data their business relied on to operate. Oh, and they had to pay with something called Bitcoin AND the payment needed to be made within 72 hours or they’d lose access to the files forever.
It was only 4 short years ago, and luckily for the caller, back then it was fairly easy to recover the data and get the company back operational. Today, not so much.
The bad guys have spent a considerable amount of time and energy perfecting this kind of “business” model, to the point it is now a Billion-dollar industry. Yes, billion with a “B”. What other “industry” do you know of that went from 0 in revenue to a Billion in just 4 years?
Today’s reality is, if you haven’t taken steps to thwart such an incident so your business could survive such an attack, you will be faced with a VERY difficult decision.
Re-create all the data from scratch. Imagine what that would cost and how manually intensive such an undertaking would be, and that is IF you had enough information to recreate it (Paper files anyone?)!!
Pay the demanded ransom and HOPE the bad guys that infected your files will the “good” kind of bad guy and actually give your files back – stats show 25% of the time, they don’t.
The dollar amounts demanded are also rising as the cyber thugs continue to perfect their craft making it virtually impossible for an unprotected company to recover without paying the money. In Canada we’ve see demands of $25 - 50 thousand dollars. How many businesses have that kind of money sitting around in anticipation of paying such a ransom? Not many.
The highest reported Canadian ransom paid? Just over $440,000. Only the biggest of the big companies could survive such a demand!!
UPS Capitol, one of the larger insurance companies reports that 60% of companies go out of business within 6 months of an attack.
We have more for you to read
Email is the number one way into your computer or network. Since the onslaught of the Covid Pandemic my company, BeckTek, saw just over 53% of all inbound email to our clients was junk, spam and Phishing emails.
There are several varieties of Phishing email, today we'll break down a real world example of an email I received. I'll walk through how to tell it's a Phishing email and some reasons behind why the scammers did what they did as part of the scam. Here is an example of one I received.
In this example, there are four (4) quick warning signs that the email is not legitimate.
1) Sending email address. The scammers are trying to pretend to be Staples Canada. Referencing "staplesdirect" in the sending address may fool some people. However Staples website is actually staples.ca and NOT staplesdirect.shop . Even if Staples decided to send out email form the online store as "staplesdirect" it would normally still end in staples.ca. For example: @staplesdirect.staples.ca
2) Email starts with Hello Consumer instead of an actual name. If you purchased something online, you had to provide them a first and last name. As such, the greeting in the email would be specific to you and not some generic opening.
3) File attachment requires a password to open. By enforcing the use of a password to open the file, the scammers are trying to slip the email past traditional security. Traditional security software wouldn't have the password to open the file to scan the contents for problems increasing the chances of the email getting delivered to your inbox.
4) Instead of a PDF document used my most online retailers to provide a receipt, the scammers have sent an Excel spread sheet. Why an Excel spreadsheet you might ask?
Excel (as well as most office type documents) provides for the use of something called "macros". This allows for software code to be embedded into the file. Used for good, this can add additional functionality to the program and streamline operations and processes.
Used for evil, it can allow the hackers, scammers and cyber criminals to embed malicious code directly into the application. I've even see the bad guys get creative, to try and fool traditional Anti-Virus. They won't run the malicious code right in the file. They'll put instructions into the code to go out onto the internet, download a malicious payload (infected file or virus program) and install it on the local computer. Once a machine is infected on a corporate network it can then try and spread to other systems within the company.
How to deal with the threat?
There is no one "magic bullet". The best approach is to have multiple layers of protection. Things like:
Cyber Security really is a team sport - between management, staff and your in-house or outsourced IT Department. One segment of the team performing poorly can have catastrophic results. Don't just take my word on it.
I've created a free report called "The 7 Most Critical IT Security Protections Every Business Must Have In Place Now To Protect Themselves From Cybercrime, Data Breaches And Hacker Attacks" which is available here.
We Have More for You to Read