Company data arouse the covetousness of hackers and therefore require good protection. Securing corporate data needs to be better than ever, because unfortunately attacks are piling up. On the one hand there are more hackers, on the other hand it has become easier to access data from the outside. Cloud services are particularly relevant in this context.
Increased use of the cloud brings disadvantages
More and more companies are moving their data to the cloud. The reason for this is the benefits offered, such as z.B. comprehensive benefits, good accessibility, service and low cost. However, cloud storage and other cloud services also have drawbacks.
These include in particular security risks. Systems can be more easily attacked by unauthorized parties, which can lead to loss of control over one's own data in the event of an emergency. If data is secured exclusively in the IT within the company, attackers from the outside usually have a much harder time. In the cloud, it is enough to know the respective login page. Should an attacker then still have username and password, he has an easy game.
More attack by hackers on cloud services
As a result of the intensified use of cloud services, the number of attacks on cloud services has skyrocketed. As Microsoft wrote in its latest Security Intelligence Report (SIR), the number of registered attacks has roughly tripled in the comparison period of Q1 2016 and Q1 2017.
At the same time, attackers are getting smarter about gaining access to their victims' IT systems and, by extension, their data. In particular, the technical possibilities are more strongly exploited, z.B. by searching for vulnerabilities in the systems. But methods such as social hacking also bring attackers closer to their goals.
Risks of successful cloud attacks
The reasons for attacks on cloud accounts of companies are different. A major factor is white collar crime, d.h. the attackers want to steal knowhow or information about future plans in order to z.B. to competitors. Similarly, attacks may aim to gain control of the respective IT systems to subsequently create a botnet (z.B. for sending spam emails) to set up.
If data is captured, it may also contain personal data. These must not get into the wrong hands. Should a data theft occur, the affected company will face serious consequences. Will the incident z.B. public, there is a risk of damage to the company's image. In addition, there is a high probability of having to report the incident to the relevant supervisory authority. This can draw its consequences and z.B. impose a fine.
Use cloud services securely
Despite these risks, companies do not necessarily have to abandon the use of cloud services. The decisive factor is the correct and thus secure use, for which several requirements must be met at the same time. Here are the most important tips for more security.
Choosing a cloud provider: the choice of provider should not be made solely on the basis of cost. Important is the security provided. It should be researched how individual providers perform in comparison. If data relating to individuals is to be secured in the cloud, it is also necessary to check at which locations the servers are located and whether they are permissible and secure with regard to company data protection requirements.
Encryption: For greater security, data – especially personal data – should be encrypted on the server. Encryption makes a big contribution to data protection, because should unauthorized persons actually gain access to the storage and thus the data, they are not immediately recognizable and usable.
Strong passwords: The use of strong and therefore secure passwords is strongly recommended. Good passwords make it much more difficult to access data using regular login. Some companies are working with a password policy as a result. Such a policy tells the user which passwords are acceptable and as secure as possible.
Trained employees: the most secure IT is worthless unless employees exercise appropriate caution in handling systems and data. Social hacking in particular is becoming more and more widespread and threatens the security of data. Users are lied to on the phone, combined with the goal of getting them to give out usernames and passwords, allowing the attackers to authenticate with the cloud provider. Tailored privacy training can ensure that employees don't fall for such tricks.
Support from the external data protection officer
As an external data protection officer, we serve companies of all sizes. In our day-to-day business, we deal with a wide variety of data privacy issues – regularly including the secure use of cloud services. If you would like to learn more about this or have a specific request, we will be happy to assist you. For more information, call 0800 – 5600831 (toll free) or use our contact form.