By Theo Zafirakos, CISO Terranova Security
It’s fair to say cloud technology has become ubiquitous in recent years, with the global cloud storage market projected to grow from USD 50.1 billion in 2020 to USD 137.3 billion by 2025. As a result, many laptops have minimal onboard storage because of the ease and accessibility of cloud storage. With more and more data being stored on third-party services, ensuring it’s secure can become a daunting task.
The risk posed by these services is less in technology but with the behaviors associated with it. Companies in the field of cloud storage understand security is paramount. However, as the number of services that integrate with these cloud drives increases, so does the potential for security breaches.
Cloud storage is loved for its convenience but can be compromised. For example, users may mistakenly allow unauthorized access to strategic information if they don’t understand the platform well. With cloud storage being intimately tied to cybersecurity, it’s important to take these risks seriously and have guidelines in place surrounding the use of cloud services in an organizational setting.
The Cyber Security Risks of Cloud Storage
Reputable cloud storage service companies have been able to grow their business on the back of their security measures. All popular cloud storage services have robust measures in place when it comes to their servers. They also offer strong encryption options to their users.
However, while these services are secure, they don’t provide fail safe protection from phishing attempts. Cloud credentials have become a prime target for phishing, with 59% of respondents in a recent survey from Oracle saying that their organization was a target for such an attack.
From phishing attempts via email to downloading malicious software because of file version security flaw, there are many potential risks when it comes to cloud storage. With employees working from home, the line between personal and professional cloud storage might be blurred.
As with many modern cyber security risks, the real danger lies in the interconnectivity of the technology world. Not only does cloud storage often contain personal information and even pictures of ID documents, but these services are also often connected to email, web apps, and more. A single breach can rapidly overtake a user’s entire organization.
Guidelines for Safe Cloud Storage Use
Personal and corporate cloud storage usage will only increase in the coming years, so you must put in place a plan to ensure users are abiding by appropriate security measures. Here’s what you can do to ensure the security of your organization when it comes to cloud storage:
- Pick a reputable cloud storage service
- The easiest way to keep things manageable and secure is to ensure that all your users are only using one personal cloud storage service that you have control over. No matter the service you end up selecting, stand your ground with your users and make sure everyone uses the one you chose.
- Create phishing awareness
- Phishing attempts are constantly evolving and changing. Personal cloud drives are becoming an increasingly popular target. Remind your users regularly with security awareness training that they shouldn’t click on links from unknown senders, even if it’s a Google Drive or Dropbox link.
- Enable two-factor authentication
- Enabling two-factor authentication is an excellent way to prevent unauthorized connections. It’s a good way to protect yourself against your users who still don’t have great passwords in place, but it’s also a safeguard against credentials revealed through phishing attacks.
- Limit third-party apps
- Thousands of third-party apps connect to personal cloud data storage services. While the services themselves may have suitable cyber security measures, the apps are often smaller companies that might not have the same standards.
- Classify information to prevent data loss
- Establish information classification, labelling policies and guidelines, and inform users of their responsibilities to properly handle data. For more advanced protection mechanisms, implement data loss prevention technology for strategic and other sensitive data.
The Cybersecurity and Infrastructure Agency in the US recently published a memo concerning cloud data storage and it was telling; the memo wasn’t targeting the tech companies offering these services, but instead warned workplaces about poor cyber hygiene practices.
It’s clear that cloud data storage is a safe option. The real risk comes from user behavior. Thankfully, these can be improved by putting in place a robust set of guidelines for cloud security and cyber security awareness training. When securing the cloud, a human fix is needed to combat a human risk.
Theo Zafirakos is CISO of Terranova Security. He is responsible for all areas of information security for the creation and management of strategy, programs, governance, information risk assessments, and compliance for Terranova Security. Terranova Security is the global leader in Cybersecurity Awareness, with 10M+ Trained Cyber Heroes in 200+ Countries and 40+ Languages. He leads Terranova’s Professional Services team that helps our clients implement and execute information security awareness programs with measurable results. Programs that assist users in recognizing the events that require a specific action know what the appropriate action is and are motivated to take that action.