Are Cloud Services Secure?

Are Cloud Services Secure?

On google search, if you start to type in the phrase “Are Cloud Services..”, right behind “Are Cloud Services Taxable?” is “Are Cloud Services Safe?” 

Cloud services aren’t new. In fact, “The Cloud” has been around since the early days of computing, it just went by a different name back then. I am sure some of our “wiser” visitors remember something called a “Main Frame”. This old IBM article from the 90’s does a great job of explaining, in terms of the time, what it is. Doesn’t sound much different than today’s explanation of the Cloud, does it? The main difference in today’s version of this old technology is one of scale. Here is where the question of security becomes extremely important.

Today’s Cloud (yesterday’s Main Frame) is available not only to individuals within a company, inside their building, on their local network. It’s available, by design, to the entire world. This is both its strength, in that it has revolutionized the way we interact in every facet of our lives and its weakness. The virtues of the transparent, accessible, always on and connected cloud expose important information in a way that can be devastating. That is why the consideration of security in the cloud has some fundamental principles that you should use when you approach any cloud service.

Cloud security isn’t one simple answer but rather a series of different aspects to observe. While there are several aspects to security, we’re going to focus on two in this article; the technology and the user.

 

The Technology

The first thing to consider is whether the technology itself employs key components of a secure system. The short answer, generally yes. Here are the key things to look for as telltale signs that you are using cloud services that are “technically” secure.

 

Encryption

An absolute must-have for any cloud technology, including websites, is encryption. Cloud services encrypt data to keep it in the right hands. What this means is that your data is run through an algorithm to hide your data from anyone trying to get ahold of it that isn’t you. If a hacker were to get ahold of your data, they would need the encryption key and even then it would take a large amount of work and time to process any of that information.

 

Multi-Factor Authentication

When you go to get a driver’s license or a passport, the DMV asks for two forms of identification to make sure you are who you say you are. Cloud Security uses Multi-Factor Authentication in the same way for the same purpose. To gain access to an account via a username and password, you will also need to verify your identity through an associated phone number, email account, or fingerprint.

 

Frequent Updates and Upgrades

Developers are constantly working to maintain and improve their platform’s security. When a developer identifies a vulnerability in their code, they will address it in the form of an “update, upgrade, or patch”. These aren’t just to improve the cosmetics of the UI, but to make you more secure. If users continuously hit “Remind me tomorrow” on necessary updates, they are putting themselves in a position to be victims of data loss.

 

The User

“User Error” is absolutely the easiest and most common point of exploitation to any system. Setting up solid security practices across your digital life is your best line of defense.

It might be You, not them

Both cloud services themselves and the settings you decide on such as password and two-factor-authentication have a lot to do with your cloud security.

You may remember the infamous Apple iCloud hack from 2014. Hackers were able to access the personal data of celebrities and released it to the public. What you never heard from the media, however, was that Apple was never breached. Rather, the hackers were persistent enough to guess the passwords and security questions of the 26 victims.

Following the attack, Apple increased its use of multi-factor authentication, mentioned above, to protect users, however, it didn’t make it the default setting so unless users opted-in, they were left out.

Password Policies

To protect yourself, have a strong password, unique to each account you have using at least 8 characters, mixing upper and lowercase letters, numbers, and special characters. Don’t use any name or number associated with your identity and change it every six months.

Here’s a way to make any password you have more secure.

Say your password was carnival87.

By using alternating upper and lowercase letters, and inserting special characters for comparable letters you could make it C@rN!vAL87. Just by making those small adjustments, your password is now significantly more secure and less likely to be guessed.

 

Phishing

Phishing is the term for hackers that attempt to obtain information from anyone that can be tricked into believing them. Some scams even contain website landing pages that are well designed and allow you to “reset your password” and can even send you a confirmation email after the fact. 

Learning how to identify phishing attacks and even training your staff to do so can protect your cloud accounts from a data breach.

Ask yourself-

  • Is there something weird about the email address?
  • If I hover over a link in the email, does the URL look strange? (DON’T CLICK)
  • Are there spelling mistakes or vague pronouns like “Dear Customer“?

Other things to remember are to not to open attachments, and don’t be fooled by an email just because it appears to be marked “urgent”.

 

Finding what’s right for you

Cloud services aren’t a one-stop shop. Some are built to be more versatile and accessible while others are intended for extreme security.

All Cloud Services weren’t created equal

When it comes to cloud storage, different services function differently. SpiderOak, for example, encrypts your data before it is sent to them and leaves the encryption key local to your device. This means it’s only accessible by you; not even SpiderOak employees.

If you want to learn more about different services and how they function, you can read more here on TechAdvisor.

While there are many different functions of cloud services, security needs to be thought about this way:

 

If the answer to those questions are all yes, then your cloud services are secure.

Other Articles You Might Be Interested In:

Why Do I Keep Getting Pop Ups?

Why Do I Keep Getting Pop Ups?

Pop-ups are part of almost every site nowadays, but if you notice that you have started to get more pop up than you are used to, or worse yet you get them while not on the internet, you may have a serious problem.

read more

Have a Question?

How would you generally categorize your question?

Is My Website Really Secure?

Is My Website Really Secure?

It’s pretty normal for someone to go weeks without looking at their own website. After all, if you know what you put up there, why would you unless you wanted something changed?

Imagine, to your dismay, receiving a phone call or email from a long standing client, troubled by your website. You go on only to see the content on your site altered maliciously and your reputation tarnished, both personally and professionally.

That’s not the time to wish that you had a more secure site.

To know if your site is really secure, ask yourself these questions and if it’s not, we have 4 tools for you.

Is it up to date?

When a hacker tries to seize control of a site, what they look for is vulnerabilities in your sites code. They can do this in various ways but generally, it doesn’t take them frantically pounding away at a keyboard like they do in the movies.

Just as hackers work against your site, the developers behind your site constantly work to make their code more secure. When developers find an area of weakness, they will send out updates, patches, etc. that fix the issue. If you don’t keep both your site and its plugins up to date, hackers are going to be more likely to exploit those areas.

 

Does your site use HTTP or HTTPS?

Sites use HTTP by default. It stands for Hypertext Transfer Protocol. HTTPS stands for Hypertext Transfer Protocol Secure. You probably see where I’m going with that.

HTTPS is for sites that utilize SSL or Secure Sockets Layer. This means that information that is transferred between the visitor’s browser and the website’s server is encrypted. For someone to decipher the information, they would need the encryption key that is only available on the web server.

SSL certificates are cheap, if not free with most hosting services. If you are utilizing any type of online shopping, HTTPS is a must but overall, it will make your site more secure. 

Does your site use parameterized queries?

This one is a little more involved but the main idea is this; instead of entering a username and password into a field, hackers can enter bits of code aimed at corrupting systems or retrieving information inside of your website. This process sets “parameters” for what can be entered into a “query”. For more information, check out this article from Microsoft.

 

How strong are your passwords?

I can’t believe I’m saying this but in 2018 the most commonly used password is still “123456” followed by answers like “QWERTYUIOP” (which is just the first row of letters on the keyboard.)

Having a company-wide password policy that dictates the strength of passwords will keep your site secure from a would-be-hacker getting access.

 

So is your website really secure?

Ask yourself these questions and you will get your answer. There’s no one-sided answer to your security and as threats continue to evolve, your security will need to evolve with it. If you are questioning your security, check out these tools.

Wordfence – Firewall and Malware Security

At over 2 million downloads, Wordfence is one of the highest rated security plugins for WordPress and has over 2 million active installations. Wordfence’s free plugin blocks malicious traffic going to your site and their premium version offers more robust features.

VIP Scanner

VIP Scanner scans the code of your site, including all themes and files you may use to identify any potential security loopholes that may leave you vulnerable. 

iThemes

iThemes bans users that have previously attacked other sites by blocking their IP address.

BBQ – Block Bad Queries

This plugin protects websites from injection-related attacks. At over 90,000 downloads and a perfect 5/5 in reviews, this is a simple but comprehensive solution with a BBQ Pro version available.

Other Articles You Might Be Interested In:

Why Do I Keep Getting Pop Ups?

Why Do I Keep Getting Pop Ups?

Pop-ups are part of almost every site nowadays, but if you notice that you have started to get more pop up than you are used to, or worse yet you get them while not on the internet, you may have a serious problem.

read more

Have a Question?

How would you generally categorize your question?

Understanding how to keep your WiFi more secure

Understanding how to keep your WiFi more secure

When you log into WiFi at a public place, such as a library, a school, a business, a restaurant, or the like, it’s likely your anti-virus software will warn you of logging into an unsecure network.

But, did you ever think that when logging onto the WiFi at your home or business you may still be facing some security issues? Are you aware of the risks involved with not securing your WiFi? It’s important to keep in mind that WiFi is a target for hackers. Securing your WiFi may be way easier than you think.

Here are a few tips on how to do that.

 

Change the name

One of the first steps is to create a strong name for the WiFi network to replace the default network name, such as xfinitywifi, AT&T or Netgear (My neighbor uses FBI as his network name). Fossbytes says most hackers have access to tools such as “rainbow table” that can break into most any network simply by knowing the default SSID name.

 

Protected Access

Another security measure to use is enabling your WiFi protected access. When setting up the router, the setting can be seen as WPA2 or WPA-PSK. Fossbytes said older routers will have something called WEP, or Wired Equivalent Privacy, but that’s not much of an effective deterrent to modern hackers.

 

Firewalls

One tool to use, if it’s built-in, is a firewall for your router, which can obscure a hacker’s view of the network, Fossbytes said. Another thing to consider is turning off the Universal Plug and Play protocol on the router. Although this is meant to make connecting devices easier, Fossbytes said the use of it makes a potential entry point for hackers.

 

VPN

Another way to protect your WiFi network is to create a Virtual Private Network, which encrypts data traveling between a computer and a server. Through a VPN, even if a computer is logged onto a public WiFi, any hacker paying attention to traffic will only see encrypted data shared, Techify said in a recent article on ways to protect a WiFi network. VPN works by “giving your location anonymity on its server and even creates its own firewall to protect your network traffic,” Fossbytes said.

 

Change your password

Lastly, one simple, but crucial point of protection, and one that we here at ITonDemand stress over and over again, change your password. Using a strong password, or perhaps an even stronger pass phrase, can cut down on a hacker’s ability to penetrate a network or computer.

If you’re still concerned about setting up a secure network, don’t hesitate to reach out to ITonDemand for help. It’s better to be safe than sorry.

 

Other Articles You Might Be Interested In:

Why Do I Keep Getting Pop Ups?

Why Do I Keep Getting Pop Ups?

Pop-ups are part of almost every site nowadays, but if you notice that you have started to get more pop up than you are used to, or worse yet you get them while not on the internet, you may have a serious problem.

read more

Have a Question?

How would you generally categorize your question?

(800) 297-8293  ·  info@ITonDemand.com

 instagram logo

Public Charging Stations: Are they secure?

Public Charging Stations: Are they secure?

If you have spent any time traveling through an airport, you have seen a public charging kiosk. you might think, how convenient. Especially if your alternative is moving onto the floor closer to an outlet in the terminal.

But before you plug your phone into one of these kiosks, there are some security issues to discuss.

One such security threat is, “juice-jacking”. TechAdvisory.org defines juice-jacking as the process by which, “user access is gained on your phone by leveraging the USB data/power cable to illegitimately access your phone’s data and/or inject malicious code onto the device.”

Juice-jacking can affect any phone, both Android or iPhone. They both have the same weak spot: the charging cable. Data runs through this cable same as the power supply.  Once the hacker has been able to access your data, it doesn’t matter that you have unplugged from the kiosk.

Juice-jacking is a security concern worth noting. But juice-jacking is not as large a problem as getting your phone/tablet stolen or downloading corrupt software by mistake. Still, we all should take precautions. Consider some of the safety measures:

  • Keep your device charged. Have your phone charged and ready to go before making a trip or going to an event. This prevents the need to charge in public.

  • Carry a personal charger. These nifty devices are inexpensive and take up very little space in your bag. You can charge on the go without tethering yourself down to a public kiosk.

  • Keep a spare battery for all of your devices.

  • Lock your phone. If you lock your phone (type in a passcode to open), it will not pair with the kiosk.
    Tip: Make sure you lock your phone before plugging it in. Pairing only takes seconds!

 

If you feel you have a corrupted phone after charging at a public kiosk, we would be glad to assist in solving the issue.

 

Other Articles You Might Be Interested In:

Why Do I Keep Getting Pop Ups?

Why Do I Keep Getting Pop Ups?

Pop-ups are part of almost every site nowadays, but if you notice that you have started to get more pop up than you are used to, or worse yet you get them while not on the internet, you may have a serious problem.

read more

Have a Question?

How would you generally categorize your question?

Bad Rabbit Cyber Attack Targeting Windows Machines

Bad Rabbit Cyber Attack Targeting Windows Machines

On October 24th, a new cyber threat was released. It is called Bad Rabbit. Bad Rabbit targets Windows machines, impersonating as an Adobe Flash update. After initial infection, it attempts to spread itself through your network. Once it has spread, it begins to encrypt commonly used Microsoft Office files, pictures, video, and emails on the infected workstations. These files can only be unlocked after the user pays a fee in Bitcoin to the rasomware’s authors.

The imitation Adobe Flash Update screen (almost an exact copy of the real Flash update) can be seen below:

The following is an example of Bad Rabbit’s lock screen and ransom note:

 

We at ITOnDemand are monitoring the situation. We have taken the necessary steps to make sure that our partners are protected. Please contact us immediately if you feel that your computers or network have been compromised.

For more information about Bad Rabbit, please see the following link.

Other Articles You Might Be Interested In:

Why Do I Keep Getting Pop Ups?

Why Do I Keep Getting Pop Ups?

Pop-ups are part of almost every site nowadays, but if you notice that you have started to get more pop up than you are used to, or worse yet you get them while not on the internet, you may have a serious problem.

read more

Have a Question?

How would you generally categorize your question?

Your Wifi Security Is Our Top Priority

Your Wifi Security Is Our Top Priority

As you arrive home tonight and turn on the news, you may be greeted with the unpleasant news that ‘Wireless Internet Isn’t Safe, It’s Been Hacked!’

Please be assured that we are monitoring the situation, and patching all related systems that we manage to insure that you are protected.

This security breech is different from the normal methods that culprits and criminals have historically used to access your data (brute force, social engineering, phishing, etc…) in that the vulnerability is on the client machine, not the Wireless Access Point.

This means that each device you have connecting to your Wi-Fi is a potential security risk, and should be updated as soon as possible.

– For ITonDemand customers using Windows workstations, updates pushed to your computers on October 10th included the applicable security updates. Please be sure that you have rebooted to apply any patches that we have deployed to you.

– For customers using Mac or any other platform, as the updates become available for your particular hardware they will be automatically pushed out by those vendors as they become available.

All available patches for ITonDemand managed Wi-Fi devices have been applied and will be pushed out to your managed devices this evening to insure that they are protected from this attack as well.

In the event that you have a non-managed access point (wireless router) or would like to consult with us on your best options to be sure that your business and data are protected, please feel free to reach out to us and we will be happy to assist.

As always, thank you for being an ITonDemand customer!

Other Articles You Might Be Interested In:

Why Do I Keep Getting Pop Ups?

Why Do I Keep Getting Pop Ups?

Pop-ups are part of almost every site nowadays, but if you notice that you have started to get more pop up than you are used to, or worse yet you get them while not on the internet, you may have a serious problem.

read more

Have a Question?

How would you generally categorize your question?