The cloud has become a YUGE part of our lives
It's amazing how much the Internet has changed the world. You could literally write an entire library worth of books on that topic - and I'm sure people will. Even more amazing to me however is how it has changed our individual lives. We all use the Internet to search, shop, sell, rate, date, and socialize. However, the largest growing impact on our daily lives is the increased usage of cloud based services.
Unlimited online data storage available at the touch of your fingertips. No more storage restrictions for photos on your phone, you've got Google Photos. No more storing music on your phone, you've got Apple Music. No more remembering your passwords or typing them in manually, you've got all your passwords stored on the cloud... Sounds great right? Well, it is great but it also comes with great risk. When we pour our lives into the cloud we are putting our information onto servers that are permanently connected to the web inherently putting as risk every bite of data we upload.
I say this a lot, but it seems like every other week we are reading about another major data breach from a cloud provider, Yahoo! being the latest and biggest possibly ever. Sometimes, these are very sophisticated attacks involving advanced malware that infiltrates these platforms and steals your data... sometimes. Actually, even though cyber attacks are getting more sophisticated the biggest security risk to the cloud is you, the user. I'm here to tell you why you are the biggest security threat to yourself.
1. Reason #1 you're careless with your password(s)
Let's face it, the average person is not very careful with their passwords. Whether it's using a weak password, not remembering the password you're using, or writing your password down on a Google drive document, most people are careless with their passwords. Now, this isn't completely on you. Many cloud based services still do not require more elaborate passwords but that doesn't mean you shouldn't use them. Use at least one capital letter, a symbol, and a number or 2 in every password you have. Just because the service doesn't require it doesn't mean you shouldn't do it.
Another practice which I personally find insane is storing your passwords and other sensitive information on your computer's web browser. The risk from this comes in 2 ways:
- Storing your passwords and credit card info in your web browsers files is a risk in it's self. That information could be stolen should a hacker or piece of malware infect your computer.
- All someone needs to do to use your passwords and log onto your various accounts with stored passwords is gain access to your computer. From there they can use that credit card information you stored to buy anything they want. Don't store your passwords on your browser.
Finally, don't ever use a cloud service that stores all your passwords in one place. I feel like I'm taking crazy pills here but am I the only one who sees the potential disaster looming here? Millions of people putting millions of sensitive passwords onto cloud based servers is just asking to get hacked. If there is ever a major data breach at one of these services the fallout is going to be catastrophic. We all think the Yahoo! breach is bad wait until Bomgar gets hacked...
2. Reason #2 you store sensitive information in the cloud
You may not even realize it, but chances are you're storing sensitive information on some sort of cloud service. You also may not realize that your Gmail account (or really any other email account that is not stored on a private email server) is essentially a cloud service. It's information in the form of emails that is stored on a remote server connected to the internet 24/7. Email is a cloud service. Remember that email you sent to your mom/dad/wife/brother/husband with your social security number on it? Yeah... that's probably still on that email server's hard drive with the subject line "social security number"...
To give you even more real context look at this year's elections. Don't worry, we aren't going to get political here but let's face it, to a certain extent, Hillary Clinton may have been smarter than you think. Yes, she broke State Department protocol by using a private server but if she was exchanging sensitive information (personal, political, etc) it was in her best interest to keep it close to the vest. She may play dumb by saying she was using a private server out of convenience but there's also a chance she just has a better grasp of Internet security than the average person. Look at the Democratic party's email system now? You can basically read every correspondence they've had in the last few years on WikiLeaks - secure right? However, this would ultimately backfire as the security on her private email server was very lacking and was hacked supposedly by foreign actors easily. Ironic right? Email is a cloud service that is more vulnerable than you may think.
On top of sensitive emails you've probably sent using your Gmail account, think about any other cloud services you may use. Those tax documents you filled out, scanned and uploaded to Dropbox? Oh yeah, they have your social security number on them. Those bank statements you downloaded and uploaded to Microsoft one drive? They have your account numbers and banking history recorded on them. We don't think about the risk because the convenience is so wonderful. Being able to share documents and information with the click of your finger or your mouse is awesome.
3. Reason #3 you value the service over the security it offers
When you're looking for a cloud based service to fill an IT need at your company or in your personal life chances are you're not thinking about the security of that service first. Your initial focus is on the product. You're not searching Google to see if that service has ever had any major data breaches or what kind of security measures or remediation practices are in place. You're picking your service based on features, price, and compatibility and you're clicking buy.
This is a big issue, because if you do a little homework, you'll find that some of the most popular cloud services have been breached. Dropbox, one of the largest file storage and sharing cloud applications was breached recently - 68 million accounts were hacked. There are tons of file storage and sharing services that have more levels of security such as SFTP but because of convenience we choose to use the more accessible and popular products at the sacrifice of security.
Bottom line, when people look for cloud solutions a vast majority of the time (especially with individuals) they aren't worried about the security of the product. They assume if it's a reputable company they must be taking the proper measures to protect me right? Well, sadly, that's a pretty big assumption and most of the time these companies aren't doing enough. Next time you're about to sign up for a new cloud service, send customer support an email. Ask them about what they are doing to protect your account credentials and your data. Find out their security recommendations and if their service is approved for storage of sensitive information. Do your homework and protect yourself. After all, the biggest security risk on the cloud, is you.
Be sure to check out our blog for other great articles on Internet and Cloud security!