By the end of the year, it’s expected that 82% of the office workload will be cloud-based. Most companies have realized that for business continuity and the ability to support remote teams, they need to move their apps and data to cloud services.
With fewer assets being kept in on-premises servers and more in cloud accounts, like Microsoft 365, Google Workspace, Salesforce, and others, that means that hackers are working overtime to break into cloud accounts.
An estimated 30% of organizations store sensitive data in the cloud without the appropriate security safeguards in place.
The move to the cloud has led to the rise of Cloud Jacking. This is when a hacker breaks into a company’s cloud account and takes it over for various nefarious purposes.
Some of the attacks that a criminal can unleash once they’ve hacked a company cloud account through a brute force attack or stealing a user password are:
- Planting ransomware and demanding a ransom to remove the encryption
- Sending out phishing emails and spam from your company domain
- Stealing files
- Changing user access privileges
- Deleting users and data
- Planting spyware
- Infecting your cloud storage as well as any syncing computers
- Changing your security settings to allow for persistent attacks
In 2020, attacks on cloud accounts increased 630%, making it a high priority for companies to take steps now to prevent cloud jacking and secure all their online accounts.
Tips for Keeping Your Cloud Accounts Secured from Hackers
Use Multi-Factor Authentication
Multi-factor authentication (MFA) adds a critical step to the sign-in process and one that can keep about 99.9% of hackers from using a hacked or stolen password to access your account.
With MFA enabled, users are sent a time-sensitive code to a device that must be entered along with the username and password for access. Requiring MFA for all users is a vital safeguard for protecting all your cloud accounts.
You can read about different forms of MFA here.
If users are pushing back because they find MFA inconvenient, you can look into using a single sign-on (SSO) technology that allows them to go through the login and MFA process just once for all their apps.
Get Help Configuring Cloud Settings
Misconfiguring cloud settings is something that plagues just about every company. Often users don’t realize they’re leaking data due to lax security settings in their cloud accounts.
In a survey of 300 senior IT professionals, 67% said that misconfiguration was a top concern for business cybersecurity.
There are multiple security settings in platforms like Microsoft 365, but users often must configure them, they don’t just default to the best settings.
This is why it’s important to have a professional, like Rocky Knoll, help configure your cloud accounts and ensure you’re using security best practices to prevent cloud jacking.
Use One Global Admin Account
When you have multiple admin accounts, you increase your risk of one of them being breached and giving a criminal high-level access to your cloud service.
One of the best practices for cloud security is using a shared global admin account that your admins can use when they need to do administrative tasks.
Instead of granting high-level privileges to multiple users, you limit risk by assigning privileges only to that shared global admin account. Because that account is only used for admin work and not email and other daily tasks, it’s also more secure from having the password exposed.
Keep Cloud Applications Updated
Many cloud tools will update automatically, but not all. This is especially true if you’re using a hybrid solution that includes a cloud connection to software that is installed on a computer or mobile device.
It’s important to keep cloud applications on desktops and mobile devices updated at all times to reduce the risk of a vulnerability that can allow a hacker to breach your account.
Use Strong Phishing Protections
Phishing is one of the main ways that user credentials get compromised. The 2020 Data Breach Investigations Report by Verizon found that stealing login credentials has become the #1 goal of phishing attacks.
What typically happens is that a phishing email will mimic an email from Microsoft or another cloud vendor. The user clicks a link and is taken to a fake login screen that looks like the real thing. They log in, and the attacker grabs their login credentials.
Here are some of the safeguards you should be using to combat phishing:
- DNS filtering
- Email spam/phishing filtering
- User security awareness training
Schedule a Cloud Security Check from Rocky Knoll Today
Rocky Knoll Technologies can help your Charlotte area business ensure your cloud accounts are secured from cloud jacking to prevent a breach.
Contact us today to schedule a free consultation. Call 704.594.7292 or reach us online.