IT experts from HostingSystems.co.uk have issued a warning to UK businesses after it was revealed 88 per cent of cyber breaches were caused by preventable employee mistakes.
Since the pandemic, Cloud services and applications have aided the transition to remote working and drastically improved how businesses operate.
However, the experts from HostingSystems.co.uk say organisations who have made the transition without proper cybersecurity management in place could be leaving the backdoor open for criminals to exploit.
Weak passwords are one example of poor security which can leave corporate cloud services defenceless against automated software used by hackers to test weak passwords against accounts.
The storage and sharing of data must follow GDPR legislation which means data owners must undertake risk assessments and vetting to ensure that the location in which their data is stored will be secure and that there is no chance of a breach.
Unless there is clear evidence of negligence from the cloud service provider, investigators usually find data owners to be at fault because of internal misconfigurations.
Juliet Moran, Founder of HostingSystems.co.uk said, “cyber-attacks are costing firms billions every year so many business leaders may be shocked to learn the majority can be blamed on preventable human error.
“Businesses are responsible for their infrastructure, so the data owner is almost always liable for security breaches unless there is evidence the cloud service is responsible.
“A breach can result in the compromising of data from within the organisation, so businesses utilising cloud services must ensure that internal processes, policies, and processes are watertight.
“It is also important that decision-makers within a company vet cloud services and explore their options before choosing to store data with them, to ensure they are secure and have suitable privacy measures.
“With the incorrect security measures in place, such as insufficient credential management and poor network security, businesses are putting themselves at risk.
“The cloud is now a fundamental part of modern businesses because of how it has helped to transform processes, cut costs, streamline data, and create easily accessible work environments.
“Data stored in the cloud is encrypted and most providers have built-in threat detection software, so as long as companies introduce proper security measures, solutions, and procedures to ensure risks are minimised, there is no reason to still be relying on physical data and servers.”
HostingSystems.co.uk tips to avoid making common cloud security mistakes:
Weak passwords that have under 14 characters, with no capitalisation or special characters, become vulnerable to cyber attackers who can use automated software to test weak passwords. For this reason, it is important to stay clear of basic and common passwords, as well as avoid password reuse across multiple accounts.
Employees dealing with the cloud should understand the system and how to detect if there is suspicious activity. Business leaders should share best practices so that people can spot an adversary and report it before damage is done. It is also important to be able to check that the network security is strong enough to be resilient against attacks.
After making sure that a provider is reliable, businesses must work on creating a system to ensure that they keep their cloud system secure. Businesses have a responsibility to take the necessary precautions and steps to address any infrastructure issues to protect the security of the cloud.
Organisations should implement strategies to protect themselves. Whether that be a data-recovery strategy that enables them to manage storage and requirements simply and easily, by re-evaluating how many employees have access to the cloud, or by adding multi-factor authentication.
Cybercriminals can scan for outdated software and gain unauthorised access to launch attacks and steal or compromise sensitive data. It is vital to maintain and patch systems, and organisations should make sure they are always on top of updates that are important to their security.
