It’s pretty great, right? With every silver lining, there is a darker, more dreary side. For cloud computing, it’s the fact that, like all technology, it is not inherently secure. The Cloud is (Basically) Just Someone Else’s Computer When you connect a computer to the Internet, you invite outside entities to try to infiltrate it. Viruses, malware, unpatched vulnerabilities, and other threats can creep onto an unprotected device and take over. This could lead to data theft or data loss. That’s why we all know to use antivirus and avoid using outdated software. That’s why we don’t install random software or visit sketchy websites. I’m pretty confident my reader base knows the drill here. The cloud is essentially no different. It’s just a computer or an array of computers connected to the Internet. If it isn’t properly protected, it can be compromised. If you use Google’s G Suite platform and your email is handled through Gmail, and you are storing files in Google Drive, then you are simply using Google’s computers to do so. If you are using Microsoft 365, then you are storing your email and data on Microsoft’s computers. *Side note, I miss being able to refer to anything related to Microsoft as belonging to Bill Gates. I’d love to be able to tell clients that they are using Bill Gates’ computers to store their Outlook. Maybe I just still haven’t come to terms with the fact that he stepped down from Microsoft back in 2006. The point is, while we can typically trust these massive services to handle our data correctly, we still need to be aware that we are depending on them to do so. On a smaller scale, you might use a local web hosting company, or you might pay to host a server at a smaller data center. The same applies – you are relying on this third-party to keep you safe. My gut tells me to be skeptical whether I’m entrusting a major corporation like Microsoft or a small company with a data center, but at least with Microsoft I know that millions of others are using the service. The Cloud Isn’t Always the Fast Path to Compliance Complying to industry standards like PCI DSS, HIPAA, and the GDPR can be a big undertaking, especially for smaller businesses. Often, a nice big step towards compliance can be to rely on a third-party who focuses on hosted environments that meet those compliance regulations. This means that moving towards the cloud is often a win, but you need to read and understand the fine print before you simply pull the trigger. For example, let’s say you are storing names and credit card numbers. You absolutely need to keep this data encrypted and control who has access. If your cloud host can get around that and employees can access the data, you might not fall under certain compliances. When it comes to protecting the data of your customers, there are a lot of moving parts and considerations, so spending a lot of time upfront and ensuring that your cloud solution can handle this, AND doing regular checks will have to become a way of life. Like Anything Else, It’s Only as Secure as Its Weakest Link (Sorry, End Users) Ever play Jenga, where you have to […]
Let’s Start with the Worst If you are interested in mitigating the risk that unauthorized access to your network can cause, you need to consider the worst-case scenario. The worst thing that can happen to any organization is to have their network breached and have their clients’ and employees’ personal and financial information stolen. This is on par with a fire ripping through your workplace or being caught up in a hurricane or tornado. It’s a slower death; and, with all the tools at your disposal today, it’s largely unforgivable, especially for the small business. Not only would you have to deal with the malware or attack that compromised this information, but you would also have to explain to your clients and employees that their personal, financial, and often medical data has been exposed. There is nothing that can deflate a company quite as fast as a data breach. You lose credibility, lose revenue, and soon, have to scale your business back just to stay alive. Then you are the company who laid off their workforce, further souring your reputation to potential talent. The slippery slope could all be avoided by instituting a comprehensive network security strategy, that includes software protection and training. What Needs to Happen to Avoid Tragedy A comprehensive network security strategy locks away the sensitive information behind stronger security solutions, like an enterprise firewall, making it harder to access if some unwanted entity does find its way onto your network. Additionally, you need to ensure that each member that has access to your company’s network has had threat awareness training. Teaching them about the threats that come from letting unauthorized actors onto your business’ network, can go a long way toward helping you avoid negative situations. We get how tough it can be on a business to invest in their network’s security, but with all the threats out there today, you have no choice. If you would like to talk to one of our knowledgeable technicians about how to implement network security that is right for your organization, call SRS Networks today at (831) 758-3636.
January BlurA January 2nd data breach of an unsecured server at a password management company called Blur exposed a file containing the personal information of 2.4 million users, including names, email addresses, IP addresses, and encrypted passwords. BenefitMallAn outsourced HR provider like BenefitMall is bound to have a ton of personal information stored on its infrastructure, and a security breach due to a phishing attack proved that to be the case. Over a period of four months, the names, addresses, Social Security numbers, dates of birth, bank account numbers, and even more information was exposed for over 110,000 users. AscensionA data analytics company called Ascension experienced an online database breach, leaving the personal information of over 24 million clients unprotected for over two weeks. The data revealed contains names, addresses, dates of birth, Social Security numbers, and financial information. Other January breaches: Oklahoma Department of Securities, Managed Health Services of Indiana, Fortnite, Alaska Department of Health and Social Services, Rubrik. February 500pxThe online photography community 500px was hacked, affecting 14.8 million users. The breach revealed full names, usernames, email addresses, dates of birth, locations, and more. Dunkin’ DonutsDunkin’ DonutsDunkin’ Donuts’ DD Perks rewards members found themselves victims of a data breach for the second time in three months, giving hackers access to customer accounts. Coffee Meets BagelThis dating website announced that they were hacked on Valentine’s Day, revealing the names and email addresses of six million users who had been registered since before May 2018. University of Washington Medical CenterAlmost one million patients have had their medical, personal, and financial information breached as a vulnerability on the organization’s website exposed sensitive information. Other February breaches: Houzz, Catawba Valley Medical Center, Huddle House, EyeSouth Partners, Advent Health, Coinmama, UConn Health. March Dow Jones2.4 million records by government officials and politicians were leaked online. This database was made up of individuals who could possibly embezzle money, accept bribes, or launder funds. Health Alliance PlanThe electronic protected health information (ePHI) of over 120,000 patients was exposed following a ransomware attack. This ePHI contained names, addresses, dates of birth, ID numbers, claim information, and other identifiers. FacebookFacebook was forced to admit that they weren’t able to properly secure passwords of nearly 600 million users. These passwords were stored in plain text and could be accessed by any of the company’s 20,000 employees. Federal Emergency Management Agency (FEMA)Survivors of hurricanes Maria and Irma, as well as survivors of California’s wildfires, have all had their personal information exposed to a data breach. About 2.5 million victims have had their names, addresses, bank account numbers, and birth dates shared and left unprotected. Verification.ioThis particular breach is one of the largest in history, and it was found that Verification.io left a database filled with almost one billion email accounts and personal information on an unprotected server. The company has since closed down. Other March breaches: Rush University Medical Center, Pasquotank-Camden EMS, Spectrum Health Lakeland, Rutland Regional Medical Center, Zoll Medical, MyPillow & Amerisleep, Oregon Department of Human Services. April Facebook (Again)Two third-party applications containing Facebook datasets were left exposed online, resulting in over 540 million records, including account names, Facebook ID, and user activity being compromised. City of TallahasseeNearly $500,000 was stolen from the city of Tallahassee employees’ paychecks, accomplished via redirecting direct deposits into unauthorized accounts. Georgia […]
Cloud Benefits Most applications that your business could use will have a cloud option, but rather than purchasing the solution outright, you’re buying them “as a service.” What this means is that you get full access to the application, as well as hosting, access control, and security options for protecting the data, all without having to manage or maintain the systems; you just have to pay a monthly rate that can easily fit into any budget. The traditional method of software acquisition involved purchasing licenses on an annual basis, but this prevented organizations from purchasing software in the short term. By purchasing software as a service, businesses have more freedom to try new services. Additionally, software as a service is more mobile than traditional methods of accessing solutions, as they can be used by anyone on an Internet connection. This makes it particularly useful for project management and collaboration. How to Pick Your Cloud Services You know what services your organization offers, so naturally, you want to select cloud-based services based on what your business needs. This could be anything from services that help you manage workflow, customer relations, marketing, productivity, and support. The biggest pain point to consider for all of these is the annual cost of such a service, and how it affects your budget. Are there other opportunities for your organization to improve operations? Are they lacking any tools? Any non-legacy software solution can be deployed through the cloud, so addressing your needs becomes easier in general if you know what to look for. The Cloud for Management You can centralize your management through certain Customer Relationship Management software, giving your organization more control over how it manages its customer relationships, including the management of tasks, interactions, and contacts. Professional Services Automation and Enterprise Resource Planning include CRM software to provide organizations with resources to run an entire business, from the procurement stage to distribution. The Cloud for Productivity Businesses that utilize the cloud for productivity have ways to provide scalable resources to end users in a way that gives greater control over software costs. Every organization needs a spreadsheet program, word processor, and presentation software. Cloud-hosted solutions give businesses greater control over these kinds of solutions. There might be other industry-specific software applications that are used exclusively by organizations like yours. If there isn’t a solution out there that does what you want it to, you can purchase server space and host the application on your own cloud platform–or, better yet, get a managed IT provider to handle this responsibility for you. Security Some organizations use the cloud for security to keep unwanted intruders and malware off of their network. Most businesses take advantage of local network protection, but subscribing to security services through the cloud gives you access to more dynamic solutions as a whole that are needed to guarantee systems remain safe and secure. Communications The cloud is exceptionally helpful for communication solutions. Companies are making the jump to Internet-based phone systems, cloud-hosted email, and collaboration platforms that allow for work to get done across departments. Does your company need more cloud-based resources? We can help. To learn more, reach out to SRS Networks’s IT professionals at (831) 758-3636.