Are Cloud Services Secure?

Are Cloud Services Secure?

On google search, if you start to type in the phrase “Are Cloud Services..”, right behind “Are Cloud Services Taxable?” is “Are Cloud Services Safe?” 

Cloud services aren’t new. In fact, “The Cloud” has been around since the early days of computing, it just went by a different name back then. I am sure some of our “wiser” visitors remember something called a “Main Frame”. This old IBM article from the 90’s does a great job of explaining, in terms of the time, what it is. Doesn’t sound much different than today’s explanation of the Cloud, does it? The main difference in today’s version of this old technology is one of scale. Here is where the question of security becomes extremely important.

Today’s Cloud (yesterday’s Main Frame) is available not only to individuals within a company, inside their building, on their local network. It’s available, by design, to the entire world. This is both its strength, in that it has revolutionized the way we interact in every facet of our lives and its weakness. The virtues of the transparent, accessible, always on and connected cloud expose important information in a way that can be devastating. That is why the consideration of security in the cloud has some fundamental principles that you should use when you approach any cloud service.

Cloud security isn’t one simple answer but rather a series of different aspects to observe. While there are several aspects to security, we’re going to focus on two in this article; the technology and the user.

 

The Technology

The first thing to consider is whether the technology itself employs key components of a secure system. The short answer, generally yes. Here are the key things to look for as telltale signs that you are using cloud services that are “technically” secure.

 

Encryption

An absolute must-have for any cloud technology, including websites, is encryption. Cloud services encrypt data to keep it in the right hands. What this means is that your data is run through an algorithm to hide your data from anyone trying to get ahold of it that isn’t you. If a hacker were to get ahold of your data, they would need the encryption key and even then it would take a large amount of work and time to process any of that information.

 

Multi-Factor Authentication

When you go to get a driver’s license or a passport, the DMV asks for two forms of identification to make sure you are who you say you are. Cloud Security uses Multi-Factor Authentication in the same way for the same purpose. To gain access to an account via a username and password, you will also need to verify your identity through an associated phone number, email account, or fingerprint.

 

Frequent Updates and Upgrades

Developers are constantly working to maintain and improve their platform’s security. When a developer identifies a vulnerability in their code, they will address it in the form of an “update, upgrade, or patch”. These aren’t just to improve the cosmetics of the UI, but to make you more secure. If users continuously hit “Remind me tomorrow” on necessary updates, they are putting themselves in a position to be victims of data loss.

 

The User

“User Error” is absolutely the easiest and most common point of exploitation to any system. Setting up solid security practices across your digital life is your best line of defense.

It might be You, not them

Both cloud services themselves and the settings you decide on such as password and two-factor-authentication have a lot to do with your cloud security.

You may remember the infamous Apple iCloud hack from 2014. Hackers were able to access the personal data of celebrities and released it to the public. What you never heard from the media, however, was that Apple was never breached. Rather, the hackers were persistent enough to guess the passwords and security questions of the 26 victims.

Following the attack, Apple increased its use of multi-factor authentication, mentioned above, to protect users, however, it didn’t make it the default setting so unless users opted-in, they were left out.

Password Policies

To protect yourself, have a strong password, unique to each account you have using at least 8 characters, mixing upper and lowercase letters, numbers, and special characters. Don’t use any name or number associated with your identity and change it every six months.

Here’s a way to make any password you have more secure.

Say your password was carnival87.

By using alternating upper and lowercase letters, and inserting special characters for comparable letters you could make it C@rN!vAL87. Just by making those small adjustments, your password is now significantly more secure and less likely to be guessed.

 

Phishing

Phishing is the term for hackers that attempt to obtain information from anyone that can be tricked into believing them. Some scams even contain website landing pages that are well designed and allow you to “reset your password” and can even send you a confirmation email after the fact. 

Learning how to identify phishing attacks and even training your staff to do so can protect your cloud accounts from a data breach.

Ask yourself-

  • Is there something weird about the email address?
  • If I hover over a link in the email, does the URL look strange? (DON’T CLICK)
  • Are there spelling mistakes or vague pronouns like “Dear Customer“?

Other things to remember are to not to open attachments, and don’t be fooled by an email just because it appears to be marked “urgent”.

 

Finding what’s right for you

Cloud services aren’t a one-stop shop. Some are built to be more versatile and accessible while others are intended for extreme security.

All Cloud Services weren’t created equal

When it comes to cloud storage, different services function differently. SpiderOak, for example, encrypts your data before it is sent to them and leaves the encryption key local to your device. This means it’s only accessible by you; not even SpiderOak employees.

If you want to learn more about different services and how they function, you can read more here on TechAdvisor.

While there are many different functions of cloud services, security needs to be thought about this way:

 

If the answer to those questions are all yes, then your cloud services are secure.

Other Articles You Might Be Interested In:

Why Do I Keep Getting Pop Ups?

Why Do I Keep Getting Pop Ups?

Pop-ups are part of almost every site nowadays, but if you notice that you have started to get more pop up than you are used to, or worse yet you get them while not on the internet, you may have a serious problem.

read more

Have a Question?

How would you generally categorize your question?

Is My Website Really Secure?

Is My Website Really Secure?

It’s pretty normal for someone to go weeks without looking at their own website. After all, if you know what you put up there, why would you unless you wanted something changed?

Imagine, to your dismay, receiving a phone call or email from a long standing client, troubled by your website. You go on only to see the content on your site altered maliciously and your reputation tarnished, both personally and professionally.

That’s not the time to wish that you had a more secure site.

To know if your site is really secure, ask yourself these questions and if it’s not, we have 4 tools for you.

Is it up to date?

When a hacker tries to seize control of a site, what they look for is vulnerabilities in your sites code. They can do this in various ways but generally, it doesn’t take them frantically pounding away at a keyboard like they do in the movies.

Just as hackers work against your site, the developers behind your site constantly work to make their code more secure. When developers find an area of weakness, they will send out updates, patches, etc. that fix the issue. If you don’t keep both your site and its plugins up to date, hackers are going to be more likely to exploit those areas.

 

Does your site use HTTP or HTTPS?

Sites use HTTP by default. It stands for Hypertext Transfer Protocol. HTTPS stands for Hypertext Transfer Protocol Secure. You probably see where I’m going with that.

HTTPS is for sites that utilize SSL or Secure Sockets Layer. This means that information that is transferred between the visitor’s browser and the website’s server is encrypted. For someone to decipher the information, they would need the encryption key that is only available on the web server.

SSL certificates are cheap, if not free with most hosting services. If you are utilizing any type of online shopping, HTTPS is a must but overall, it will make your site more secure. 

Does your site use parameterized queries?

This one is a little more involved but the main idea is this; instead of entering a username and password into a field, hackers can enter bits of code aimed at corrupting systems or retrieving information inside of your website. This process sets “parameters” for what can be entered into a “query”. For more information, check out this article from Microsoft.

 

How strong are your passwords?

I can’t believe I’m saying this but in 2018 the most commonly used password is still “123456” followed by answers like “QWERTYUIOP” (which is just the first row of letters on the keyboard.)

Having a company-wide password policy that dictates the strength of passwords will keep your site secure from a would-be-hacker getting access.

 

So is your website really secure?

Ask yourself these questions and you will get your answer. There’s no one-sided answer to your security and as threats continue to evolve, your security will need to evolve with it. If you are questioning your security, check out these tools.

Wordfence – Firewall and Malware Security

At over 2 million downloads, Wordfence is one of the highest rated security plugins for WordPress and has over 2 million active installations. Wordfence’s free plugin blocks malicious traffic going to your site and their premium version offers more robust features.

VIP Scanner

VIP Scanner scans the code of your site, including all themes and files you may use to identify any potential security loopholes that may leave you vulnerable. 

iThemes

iThemes bans users that have previously attacked other sites by blocking their IP address.

BBQ – Block Bad Queries

This plugin protects websites from injection-related attacks. At over 90,000 downloads and a perfect 5/5 in reviews, this is a simple but comprehensive solution with a BBQ Pro version available.

Other Articles You Might Be Interested In:

Why Do I Keep Getting Pop Ups?

Why Do I Keep Getting Pop Ups?

Pop-ups are part of almost every site nowadays, but if you notice that you have started to get more pop up than you are used to, or worse yet you get them while not on the internet, you may have a serious problem.

read more

Have a Question?

How would you generally categorize your question?

Introducing TipsonDemand

Introducing TipsonDemand

Understanding technology doesn’t have to be difficult. At ITonDemand, we are all about making your technology work for you. To help with that, we have started TipsonDemand.

What is TipsonDemand? 

TipsonDemand is our series of 30-second videos that we release on social media that focus on easy, actionable, pieces of tech advice. Each week, we present an idea, new technology, or security tip meant to make technology that much simpler.

What will I learn?

Subjects can range from knowing how to protect yourself through the ongoing data privacy debate to what to look for while shopping for your next computer. If you have a specific question, you can always email, message, or comment on a video for us to get your answer (or fill out the form to the right). Like ITonDemand on Facebook and follow us on Instagram to see these videos every Friday. You can also find them archived on our website here.

Submit an Idea for a Future Tip

How would you generally categorize your question?

Other Articles You Might Be Interested In:

Why Do I Keep Getting Pop Ups?

Why Do I Keep Getting Pop Ups?

Pop-ups are part of almost every site nowadays, but if you notice that you have started to get more pop up than you are used to, or worse yet you get them while not on the internet, you may have a serious problem.

read more
Why Do I Keep Getting Pop Ups?

Why Do I Keep Getting Pop Ups?

Pop-ups are part of almost every site nowadays, but if you notice that you have started to get more pop up than you are used to, or worse yet you get them while not on the internet, you may have a serious problem.

 

The Culprit

Additional pop-ups are typically caused by a rogue process or application running on your computer. You may not even know how it got there, or how to get rid of it but it is hogging your computer’s resource and may be leaking sensitive data. The main term for this is malware, and we did a pretty extensive look when a large piece of malware swept the web a few years back. Now you may not have something as intrusive as WannaCry but it still is an issue you need to address immediately.

 

The Solution

Malware prevention software like Malwarebytes Anti-Malware Free can remove most common malware. There is a fantastic product, Webroot, that we use in all of our client environments. It’s very lightweight and does a fantastic job as one of the layers in our multi-layered approach to security. These types of software try to consistently stay ahead of the malware world but are not the best way to stop it. The best solution is prevention.

 

Prevention is Key

The key to prevention is monitoring and vigilance. The best kind of prevention is knowledge and familiarity. The most common entry of malware into an environment that we’ve seen is via email. Spammers are very clever social engineers and adept at getting unsuspecting individuals
to give up the most sensitive information, or worse, large sums of money. Everyone will tell you to never open attachments or email from unknown sources, but accidents do happen and an email scanning setup before the email arrives in your inbox is key. If you don’t have a good
spam filter or email scanner, here are some things to look out for:

 

1. If you get an email asking you to verify your information, unless you initiated this process minutes before from a known account that you have, delete immediately. This is a tell-tale sign of spam, even if it looks legit.

2. Never, ever give personal information like bank accounts, social security numbers etc. to anyone that asks for it in an email. Even if it looks like it is from someone you work closely with. If you get a request in an email from someone you know to provide this kind of information, then call that person and verify it.

3. Remember, even though the prince of Egypt probably has a lot of money, he’s not going to share it with you if you give him your bank account. If it sounds too good to be true, then it probably is.

Other Articles You Might Be Interested In:

Why Do I Keep Getting Pop Ups?

Why Do I Keep Getting Pop Ups?

Pop-ups are part of almost every site nowadays, but if you notice that you have started to get more pop up than you are used to, or worse yet you get them while not on the internet, you may have a serious problem.

read more

Have a Question?

How would you generally categorize your question?

I Forgot to Save My Word Document, Can I Recover My File?

I Forgot to Save My Word Document, Can I Recover My File?

We’ve all done it. You get so involved in your work that you forget to save the word document you are working on and then something catastrophic happens. Either Word crashes or you lose power and all is lost. Or is it?

We have a recommendation for you that will help save you from this dreaded scenario. Turn on Auto Save in your office programs. If your computer shutdown or crashed, here’s a quick set of steps you can take to recover your work.

To Access AutoRecover files follow these simple steps:

1. Go to Microsoft Word.

2. Go to Files tab.

3. Select Recent.

4. From the menu, choose Recover Unsaved Documents.

5. Browse for the file in the list.

6. Click on it and restore it.

Of course, we can’t recommend enough that you have a backup solution in place. As we mentioned in a previous article, backing up your data is essential, particularly if you are a business. Of course, photos of the kids are very important too!

Other Articles You Might Be Interested In:

Why Do I Keep Getting Pop Ups?

Why Do I Keep Getting Pop Ups?

Pop-ups are part of almost every site nowadays, but if you notice that you have started to get more pop up than you are used to, or worse yet you get them while not on the internet, you may have a serious problem.

read more

Have a Question?

How would you generally categorize your question?