Cloud security: everything you need to know

Cloud security: everything you need to know Cloud technology is becoming more pervasive every day. Some reports claim that almost 90% of businesses will utilize some form of the technology in 2017. But somehow myths about its lack of security remain. From cloud-based software to data storage, we believe cloud security is swiftly becoming better than that of local area networks.

Hands-on management

Unless you have an overinflated budget, relying on local copies of data and software means IT staff are forced to spread themselves across a bevy of different technologies. For example, one or two in-house tech support employees can’t become experts in one service or solution without sacrificing others. If they focus on just cybersecurity, the quality of hardware maintenance and helpdesk service are going to take a nosedive.

However, Cloud Service Providers (CSPs) benefit from economies of scale. CSPs maintain tens, sometimes thousands, of servers and can hire technicians who specialize in every subset of cloud technology.

Fewer vulnerabilities

Cloud security isn’t superior just because more technicians are watching over servers. When all the facets of your business’s IT are in one place, the vulnerabilities associated with each technology get mixed together to drastically increase your risk exposure.

For example, a server sitting on the same network as workstations could be compromised by an employee downloading malware. And this exposure extends to physical security as well. The more employees you have who aren’t trained in cyber security, the more likely it is that one of them will leave a server room unlocked or unsecured.

CSPs exist solely to provide their clients with cloud services. There are no untrained employees and there are significantly fewer access points to the network.

Business continuity

The same technology that allows you to access data from anywhere in the world also allows you to erect a wall between your local network and your data backups. Most modern iterations of malware are programmed to aggressively replicate themselves, and the best way to combat this is by quarantining your backups in the cloud. This is commonly referred to as data redundancy in the cybersecurity world, and nowhere is it as easy to achieve as in the cloud.

The cloud doesn’t only keep your data safe from the spread of malware, it also keeps data safe from natural and manmade disasters. When data is stored in the cloud, employees will still have access to it in the event that your local workstations or servers go down.

The cloud has come a long way over the years. It’s not just the security that has gotten better; customized software, platforms and half a dozen other services can be delivered via the cloud. Whatever it is you need, we can secure and manage it for you. Call us today.

This fake Google app is really a phishing scam

This fake Google app is really a phishing scam If employee training and education isn’t an integral part of your cybersecurity strategy, a recent scam might force you to reconsider. Instead of relying on complicated programming code to steal and destroy data, hackers are increasingly relying on human errors to get the job done. Even well-trained users are falling for the most recent ploy, take a look.

Broadly defined, “phishing” is any form of fraud in which an attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.

These messages prey on users who click links, images and buttons without thoroughly investigating where they lead to. Sometimes the scam is as simple as an image with a government emblem on it that links to a website containing malware. Just hovering your mouse over the image would be enough to see through it. But some phishing schemes are far more difficult to recognize.

The Google Defender scam

Recently, an email spread to millions of Gmail accounts that almost perfectly imitated a message from Google. The text read:

“Our security system detected several unexpected sign-in attempts on your account. To improve your account safety use our new official application “Google Defender”.

Below that was a button to “Install Google Defender”. What made this scheme so hard to detect is that the button actually links to a totally legitimate site...within Google’s own framework. When third-party app developers create Gmail integrations, Google directs users to an in-house security page that essentially says, “By clicking this you are giving Google Defender access to your entire inbox. Are you sure you want to do this?”

Even to wary users, the original message looks like it came from Google. And the link took them to a legitimate Google security page -- anyone could have fallen for it. The Gmail team immediately began assuring users that they were aware of the scam and working on eradicating it and any potential copycats.

There’s no happy ending to this story. Although vendors and cybersecurity experts were able to respond to the crisis on the same day it was released, millions of accounts were still affected. The best way to prepare your business is with thorough employee training and disaster recovery plans that are prepared to respond to a breach. To find out how we can protect your business, call today.

Beware: new Mac malware on the loose

Beware: new Mac malware on the loose One of the defining characteristics of Apple computers is their seemingly impenetrable security system. Business and individual consumers alike who value security most in an operating system choose Apple products. Will this still be the case now that malware attacks on MacOS are increasing -- 744% in 2016, according to reports? Read on to find out.

How the new malware attacks Macs

The new strain of malware targeted at Macs is called OSX/Dok, which was first discovered in April 2017. OSX/Dok infiltrates Macs through phishing attacks, whereby users receive a suspicious email with a zip file attachment. Like all phishing attacks, it contains a message that tricks the recipient into opening the attachment purportedly about tax returns.

Mayhem ensues once the malware is in the system, gains administrator privileges, takes over encrypted communications, changes network settings, and performs other system tweaks that put the users at its mercy.

What the malware does

The malware targets mostly European networks, but it’s expected to spread into other regions. Even more alarming is its ability to bypass Gatekeeper, a security feature in the MacOS designed to fend off malware. This is because its developers were able to obtain a valid Apple developer certificate, which makes the attachment appear totally legitimate. Although Apple has addressed the issue by revoking the developer’s certificate of the earliest versions of the malware, the attackers remain persistent and now use a new developer ID.

How to avoid the mayhem

The Mac-targeted OSX/Dok malware is easy to avoid if you keep your wits about you when receiving zip files from unknown senders -- these files should be treated as high-risk and be reported to your IT team, quarantined, or junked. Whether you’re using a Mac or a Windows computer, clicking on suspicious ads can download and install apps from third-party sources that put your system at risk.

Mac users are not completely safe, and complacency with security could only result in compromised and irreparable systems, ruined reputation, and lost profits for businesses. For this particular malware, a simple act of vigilance may be all it takes to avoid having your Apple computer bitten by bugs. If you want to double the layer of protection for your business’s Mac computers, call us for robust security solutions.

CONTACT INFO

1233 The Plaza, Box# 189048
Charlotte, NC 28205

☎ 866.807.6624

LATEST POST

Featured
Safeguarding mobile devices: A guide for modern businesses
Safeguarding mobile devices: A guide for modern businesses