What are the Security Risks of Cloud Computing?

3 min read

Cloud-based services such as hosted desktops and VoIP have soared in popularity over the past few years as they offer scalability and agility to workforces. With the move to remote and flexible working, file storage and sharing using multiple devices is also growing in demand. This requires data to be readily accessible. However, with any new or evolving technology, new security risks are introduced with vulnerabilities that are waiting to be exploited by cybercriminals. Businesses increasing their cloud usage need to consider the cloud computing security risks involved and put measures in place to prevent cyber-attacks.

Two Common Cloud Infrastructure Security Threats

> Compromised Accounts

Storing data in the cloud rather than on-premise means that accounts can be accessed remotely, meaning cybercriminals can attempt to gain access no matter where they are and where your business in located. Therefore, taking action to secure cloud accounts should be a priority to prevent data loss or exploitation.

Having a password policy in place means staff will need to have unique, strong passwords for cloud services. Setting up two-factor or multi-factor authentication is a great way of adding extra layers of protection to accounts which will improve your cloud infrastructure's resilience against data breaches.

> Insider Threats

When thinking about cloud security threats, businesses often make the mistake of solely focusing on external attacks. Insider threats can result from human negligence or disgruntled employees who can expose or damage data. A way to manage this threat is by managing who has access to cloud applications and services within your business. Doing regular audits to see what employees have access to is a great way to securing data and removing user access when it is no longer needed.

> Misconfiguration

Cloud infrastructure is designed to be easily accessible and allow co-workers to store and share files with ease. This can mean that data sharing can be hard to control. Reliance on the security controls from multiple cloud service providers without understanding their strengths and weaknesses can mean businesses are at risk of a data breach without realising. Working with an outsourced trusted IT provider who will secure and pro-actively monitor your systems is a great way of ensuring your cloud accounts are properly configured for your business at all times.

> Compliance

Businesses have a duty of care to meet data protection requirements. Depending on the industry, businesses have to meet controls set by standards such as Cyber Essentials Plus and ISO 27001. Data breaches and cyber-attacks can have devastating impacts on your business's reputation and lead to loss of custom.

Cloud Security Benefits

> Incident Recovery

Using only local hardware devices for data storage does limit remote unauthorised access as a risk, but this security benefit is greatly outweighed by the risks it creates. Storage devices include on-premise servers, USBs, and laptops are all susceptible to damage or theft. Therefore it is not a suitable data loss recovery control on its own, but it is an option to compliment cloud storage. Storing data in the cloud means that is it is backed-up in multiple data centres, meaning if one data suffers from an incident such as a fire, your data is still available.

> Ransomware Recovery

One of the biggest threats to businesses at present is ransomware. This is a type of cyber-attack where the cybercriminals use malicious software to encrypt data on devices and networks, preventing user access. A demand is made to release the data but there is no guarantee it will be given back. Therefore, having data backup on the cloud is a way of recovering much quicker.

Cloud Technology Specialists for Businesses

As cloud technology specialists, the team at Linten Technologies are always available to help you utilise and secure cloud services including Microsoft Azure and Microsoft 365 Business. Book in a time to chat below and we will get to know your business and walk you through cloud and security services that are right for your business.


World Password Day - How Secure are your Business Accounts

The 6th May marks World Password Day and it is a good reminder for all businesses to consider how secure their accounts are. Account compromise is a common cyber-attack that allows cybercriminals to exploit data and launch further attacks. Over-used and weak passwords are still a common mistake when it comes to business security. So if this is happening in your business, it's time to build your cyber resilience through better password practices. Starting from today! 

Creating Strong Passwords

Passwords should contain a mixture of random upper & lower case letters, numbers, and symbols. Remember that for many accounts, the space bar is an optional character also and can be used to strengthen passwords. The longer the password the more secure it is. Try to keep passwords to 8 (at least) or more characters.  

Each account should have a unique strong password. This is where password managers become an essential tool for your business security. It would be impossible for your workforce to remember strong passwords for every business account you own. A password manager allows staff members to quickly generate strong passwords and save them safely. All the staff members need to do is create one unique strong password for their password manager account. 

Change Default Passwords

Whenever you have a new device such a a router or laptop, ensure that the default password is changed straight away. Default passwords are widely available on the internet and so leave your devices exposed to an attack. 

Turn on Two-Factor Authentication

Turning on two-factor or multi-factor authentication provides extra layers of protection on your accounts by creating an extra step in the login process. This can be a code sent via txt or using an application like Google Authenticator. This means if your account details are exposed then the cybercriminal will be stopped in their tracks when trying to login. Two-factor or multi-factor authentication should be turned on as many accounts as possible, including your password manager accounts.  

Account Access

Do you have the right policies and processes in place to ensure your staff only have access to the accounts they need? Many businesses make the mistake of overly sharing credentials with team members that do not need access to the accounts. This leaves data vulnerable to human error or malicious acts from disgruntled employees. Ensure that accounts access is regularly audited. Password managers are a great way of understanding what accounts each member of staff has access to also. 

Dark Web Monitoring 

Dark web monitoring is a service that checks if your business credentials have been exposed on the dark web. If any have been identified, businesses will be alerted so you can protect those accounts. Stolen credentials are sold on the dark web to other cybercriminals looking to compromise important data.  
 
We understand that cyber security can feel very complex and confusing for small to medium businesses and it is not always clear where best to invest your time and resources to build your resilience. Book a time to chat or contact us here. Our IT Specialists can walk you through options that are suitable for your business. We don't believe cyber security should be a one-size-fits-all approach, we will take the time to get to know your business so we can give you the best advice and guidance. 


The Biggest Cyber Security Risks for the Financial Services Industry

3 min read. 

Financial services hold a lot of sensitive data which is worth a lot of money on the dark web. That is why financial services are prime targets for data breaches by cyber criminals motivated by monetary gain. This cyber risk trend won't ease anytime soon and so the sector must maintain resilience against ever-evolving online threats. 

Most Common Cyber Security Threats Against Financial Services. 

Cloud Compromise and Web Application Vulnerabilities 

With the need for staff to move to remote working in 2020, there was a huge adoption of cloud services for storing and sharing data, thus containing a wealth of valuable business data. Phishing emails replicating Microsoft and other cloud providers have been a successful way of tricking people into releasing passwords to cloud-based accounts.  Once these passwords have been obtained, the account can be exploited in a number of different ways including invoice hijacking and exploiting files. Many cloud-based web applications have also had their vulnerabilities exploited if not kept updated to the latest version.

Malware

Malware (malicious software) comes in many forms, from rootkits to ransomware. Malware is designed to cause damage, disruption, and/or provides a route for threat actors to exploit data. Ransomware attacks are particularly notorious as they have had a high success rate in recent months in a variety of industries including financial institutions. Ransomware-as-a-service is a high-value product sold on the dark web and so new families of the malware are continually coming onto the market. This means that it is a cat and mouse game when it comes to endpoint security software.  

Social Engineering

This cyber security risk focuses on 'hacking the human' using methods such as phishing to gain sensitive information to compromise accounts, deploy malware, or launch even more sophisticated attacks. Staff working within the financial services sector are prime targets for hackers using social engineering techniques. Therefore creating cyber security cultures to empower staff to defend against phishing emails and other attacks should be at the core of any online security plan. 

Bots

Bots are essentially automated programs designed to complete certain tasks online. They are sometimes referred to as zombies for this reason. A bot designed for a malicious intention can cause damage to data, accounts, and websites. For example, they can be used to launch brute force attacks to crack passwords or to spam email accounts. 

From pro-active monitoring to Cyber Essentials, we have a range of services and solutions that are right for your business. Our IT Specialists can walk you through the options whilst getting to know your business needs. Book in a time to chat below! 


Common Types of Cyber Security Risks for Business

When it comes to cyber security risks for businesses, it can be hard to know where to begin to stay safe online. The cyber threat landscape changes as new technologies emerge and when world events impact businesses. The way a business grows and adopts new technology will also affect what threats pose a risk to them. 

Types of Business Cyber Security Risks 

Phishing / Smishing / Vishing

Phishing (email), smishing (messager/txt), and vishing (voice/calls) are methods cybercriminals use to trick targets into releasing sensitive company data such as passwords. This can be done by encouraging people to click a link to a fake website to capture login details. Or by a threat actor can call and pose as someone that needs credentials such as a Manager or IT Professional. Once they have a piece of information they are looking for, they can use it to breach accounts or launch even more sophisticated cyber-attacks. 

Some phishing and smishing attempts aim to trick the user into downloading a malicious file or application which will then cause damage to their device or network. 

Phishing Solutions

Cyber Security for Business Training - To defend against the latest online crimes and scams, staff must understand what the threats are and what to look out for. A business can invest in cyber security solutions, but without training their staff, they can leave themselves vulnerable. Engaging and effective training is key to building a holistic cyber culture within an organisation. 

Cyber Gap Analysis and Usecure Training - By running a cyber gap analysis on members of the team, you can identify areas where they need support when it comes to cyber threats like phishing. Usecure will then continue to monitor their knowledge through online questionnaires so staff are supported in their cyber security development. 

Malware

This is software that contains malicious code that has the potential to cause damage to a device or network. There are many types of malware, one of the most common and disruptive is ransomware.

Ransomware attacks encrypt data, preventing user access. Once it infects a network, it can bring a business to an immediate halt. The cybercriminals will ask for a ransom to be paid to release the data, but there is no guarantee they will. They also have the potential to expose the data, regardless if demands are met or not. It is a common myth that only corporations are targeted by ransomware attacks, but the reality is that small businesses are prime targets also.   

Malware Solutions

Microsoft Defender - Preventing emails containing malware from reaching inboxes in the first place is a great way to stop these cyber attacks from happening. Microsoft Defender scans emails for suspicious links or files and stops them in their tracks. 

Bitdefender Endpoint Security - As a military-grade threat defence solution, Bitdefender will stop any malware causing damage if it is exposed to a network by acting quickly to block it before harm is done.  

Lookout Mobile Threat Defence - You protect your business computers, so why not mobile phones? Mobiles are often where personal data meets business data meet. That is why cybercriminals are turning their attentions to them, especially when they remain unprotected. Lookout Threat Defence is suitable for Android and iPhone users, offering protection from malware, malicious applications and dangerous websites. 

Man in the Middle / Wi-Fi Spoofing 

When working on the go, staff are likely to connect to public Wi-Fi using multiple devices. Therefore, they become the perfect attack grounds for bad threat actors. Wi-Fi from airports, coffee shops, hotels etc can easily be spoofed so it looks like a legitimate connection. Once connected, cybercriminals can steal credentials and intercept private conversations (man in the middle). 

Wi-Fi Spoofing Solutions

Mi-Fi Mobile Broadband - This is a fantastic investment for staff working flexibly and on the go. It offers a secure connection that they can log onto and share with other team members when travelling together. This prevents the need of finding other wi-fi connections and can be used abroad. 

Account Compromise / Email Hijacking 

Phishing is a common way of getting credentials to compromise important business accounts. However, overusing passwords is another common method to gain access. When credentials are exposed on the dark web after a third-party breach, hackers can then test other accounts with the same login details. Once the account is compromised, hackers can steal data, change passwords, and launch other attacks on the business or their customers/suppliers. 

Account Compromise Solutions

Cyber Security for Business Training - This will help staff to understand the importance of not reusing passwords and to build a healthy cyber culture that puts processes such as two-factor authentication into place.  

Having a good password manager is great for generating strong passwords and then storing them safely. Passportal is one of the leading password managers on the market. A useful feature for businesses is the ability to run audits to see what accounts staff have access. 

Security Assurance 

Customers and suppliers want to know their data is handled with due diligence. Cyber Essentials and Cyber Essentials Plus are Government endorsed certifications that help businesses to put the right measures and controls in place to build their online resilience. By focusing on five key controls, businesses can gain a deeper understanding of their cyber security and identify any vulnerabilities. 

At Linten Technologies, we are dedicated to helping businesses defend against cybercrime and scams. When it comes to online security, businesses should never adopt a one-size fits all approach. We will work with businesses to understand their cyber security needs and then offer the very best guidance based on growth strategies, workforce demands, and online activities. 


Bitdefender is Awarded Level 1 Certification by MRG Effitas

Threat Landscape

Ransomware is one of the biggest risks facing businesses in current times. This form of malicious software (malware) causes data to be encrypted on networks, blocking users from accessing it until a ransom is paid....and even then it may not be released. Malware continues to evolve and diversify, allowing hackers to breach data and cause damage for their own gain. The aim is to go unidentified by anti-virus software by hiding code within what looks like a legitimate file or changing it enough so it is not recognised as malicious.  

Put to the Test

Businesses need to invest in end to end threat defence as part of their cyber security controls. Bitdefender Endpoint Security is one of the market's leading security solutions. It was recently put to the test and awarded a level 1 certification by MRG Effitas for quarter 4 of 2020. To receive a level 1 certification in the 360 assessment, a security application must completely protect the system from an initial malware infection before it has the opportunity to cause any damage. Malware sample types used to test an application include spyware, ransomware, and backdoors. 

Security applications must also pass a Live Botnet test. Botnets, also know as zombies, are used by hackers for various activities including sending spam, phishing attempts, and distributed denial-of-service attacks (DDoS). 

Driven by Intelligence

Bitdefender is driven by the latest cyber threat intelligence meaning that it is always being updated to defend against the latest threats. Many other anti-virus software are not as sophisticated, and so will not provide the same level of protection. 

When It Comes To Security Solutions, We Are Your Trusted Partners  

At Linten Technologies, IT security is at the heart of what we do and we are committed to offering our customers the very best services and solutions to keep their businesses safe online. We don't use the 'one size fits all' approach, we will take the time to understand your business online activities and workforce demands.  Book a time to chat below and we will walk you through the many benefits of cyber security for your business.