The cloud is now the main place that businesses work. Employees, both in-office and remote, access cloud productivity tools that store much of their business data. Approximately 94% of all enterprises use cloud services, and that number is similar for small and mid-sized businesses.
A number of factors have contributed to the rise of cloud solutions. These include:
- The need to access data from anywhere
- Improvement of business continuity
- Increase in the use of mobile devices for work
- Pandemic lockdowns requiring employees to work from home
- Cost-savings over traditional software
- Levels the playing field for small businesses
But with the move of data to the cloud, hackers have also repositioned their targets. Cloud accounts are being targeted for cloud jacking, which is simply when a hacker breaches and takes over a user’s cloud application or web account.
Examples of cloud jacking would include a hacker accessing a user’s Microsoft 365 account and sending out phishing emails from the attached email address. It could also involve a breach of online accounting software that allows a criminal to transfer money from your company bank account.
Cloud jacking has become a major problem that companies need to address in their cybersecurity strategy. Now 50% of all phishing emails are designed to steal user login credentials to some type of online cloud account.
You May Have More Cloud Accounts to Protect Than You Realise
With the frenzy of cloud adoption over the last 5-10 years, companies now have more cloud accounts than they may realise. As accounts get added, companies aren’t always keeping track of them all and cloud waste has become a big problem.
9 in 10 companies accelerated their cloud adoption due to the pandemic.
The more cloud accounts you have, the more you risk a breach if you’re not properly protected.
Tips for Keeping Your Cloud Accounts Secure
Implement Multi-Factor Authentication
A surefire way to block a majority of malicious cloud sign-in attempts is to enable multi-factor authentication (MFA) on all the cloud app and web logins for users.
With MFA enabled, users are sent a unique, time-sensitive code to a device (usually their smartphone). This code must be entered at login to gain access to the application or website.
This one setting can block as many as 99.9% of fraudulent sign-in attempts in accounts like Microsoft 365, Google Workspace, QuickBooks Online, Salesforce, and others.
Use the Rule of Least Privilege
The user password that a hacker steals can make a difference in how much damage they can do if you’re properly using the Rule of Least Privilege.
This rule dictates that companies should only give users the least amount of privilege possible in an account that is required to do their job. For example, if someone only needs to enter data into a CRM but doesn’t need to add users or configure fields, then they don’t need an admin-level privilege.
If you have more accounts with lower privileges and fewer accounts with high-level privileges, you reduce your risk and limit what a hacker can do if they breach a user account.
Monitor Cloud Logins With Software
Mobile use has exploded along with cloud use. Now, approximately 60% of all company endpoints are mobile devices. Those mobile devices can connect to the same sensitive data as company PCs.
Yet, mobile devices often aren’t monitored. What happens when one is stolen or lost? If it’s logged into a company account, the thief could have access to your cloud data. Mobile devices can also be taken over by mobile malware, just like computers can.
It’s important to put mobile device management software in place, such as Microsoft Intune (part of the M365 Business Premium plan). This type of app allows you to do the following to protect your cloud accounts:
- Monitor cloud access by device
- Remotely update a device
- Remotely lock or wipe a device
- Revoke app access for a device remotely
- Only allow devices registered in the software to access your accounts
Get a Professional to Configure Your Cloud Security
Misconfiguration of cloud settings has become the main cause of cloud data breaches. In a security survey of companies, it was found that 73% of them admitted they’d had multiple misconfiguration incidents in the past.
You can’t just leave cloud apps at their default security settings and expect them to be “good enough.” Cloud application providers expect users to configure their settings according to their needs.
This is why it’s important to have an IT professional configure and manage your cloud accounts to ensure they’re secured from cloud jacking and are fully optimised to meet your company requirements and goals.
Schedule a Cloud Security Consultation Today
Connected Platforms can help your Brisbane area business ensure your cloud applications are properly configured and that you’re using best practices to prevent a breach.
Contact us for a free consultation. Call 1300 866 096 or book a coffee meeting online.