Cloud Security, How your Employees are Putting your Company at Risk
Cloud Security is one of the most important aspects of a company’s overall security, and as it turns out, the most insecure part of a business computer system is not the software you install, or the passwords you use, but the employees themselves.
Employees are one of the biggest risks to a company’s cloud security. Specifically when it comes to a type of cyber attack known as spear phishing. Spear phishing is as simple as a seemingly harmless email that appears to have come from a friend, or a coworker, or even your boss, asking you to click a link inside the email.
Once you’ve clicked on this link, the digital criminal behind this elaborate scam is downloading a malware payload on to your company computer that enables them to exploit the system at will.
The spear phishing attacks are particularly difficult to warn employees about because they seem to come from legitimate sources. These attacks are tailored to fit the employees and are targeted specifically to your company.
To prevent these attacks in the future, we’ve come up with a list of precautions for your IT department to take.
- Encourage employees not to use their work email address for personal email and to use their smart phone (if they have one) for personal email. This can prevent employees from sharing their work email with friends from out of work, or other community groups they may be a part of, such as their children’s schools, or church groups. This makes it harder for digital criminals to make it appear as if they know the employee, and narrows the number of people they could pretend to be.
- Train all employees about spear fishing. Make sure your employees understand that this could happen to them. Explain what spear phishing is and what to look out for. Normally an attack would ask the recipient to click on a link for a credible reason, make sure employees are on their guard.
- Report anything that seems phishy. Set up a system that allows employees to report suspicious behavior to their manager. Explain that if an employee is unsure about an email they received, they should ask their manager first before clicking on any links sent. This can allow you to block the email address the threat came from to prevent future attacks.
- Use group chats instead of email. Using group chats like Google Hangout, Skype or HipChat, can enable you to invite your employees to a specific group or personal chats. These are generally more protected than email because once in a group chat, the only people who can communicate there would have to be individually invited to the chat. This makes communication between employees faster and more efficient as well as safer.
- Have a backup plan. Things can go wrong. That happens. If your company does have a cloud breach make sure there is a plan for this. Like a fire drill, practice and make sure it goes smoothly. You should take these three steps after a security breach. 1. Identify what happened. 2. Identify what you are doing about it (fix the problem). 3. Identify those harmed by the breach. 4. Identify the steps needed to help those harmed by the breach.
Obviously in this case the best defense is a good offense. Train your employees, take precautions to avoid spear phishing, and make sure to have open communication, and remember, cloud security is important to all companies, no matter the size.