The rise in reliance on cloud services has caused a significant increase in breached cloud accounts. Compromised login credentials are now the #1 cause of data breaches globally, according to IBM Security’s latest Cost of a Data Breach Report.
Having either a personal or business cloud account compromised could lead to a halt of operations, putting business continuity and productivity at risk.
Users are still adopting bad password habits that leave accounts prone to security risks. For example:
- 34% of people admit to sharing passwords with colleagues
- 44% of people reuse passwords across work and personal accounts
- 49% of people store passwords in unprotected plain-text documents
Hopefully, there are several things you can do to reduce the chance of having your online accounts compromised.
Use Multi-Factor Authentication (MFA)
Multi-factor authentication (MFA) is the best method there is to protect online accounts. While not a failsafe, it is proven to prevent approximately 99.9% of fraudulent sign-in attempts, according to a study cited by Microsoft.
When you add the second requirement to log in (this is known as two-factor authentication), which is generally to input a code that is sent to your phone, you significantly increase account protection. In most cases, a hacker is not going to have access to your mobile device that receives the multi-factor authentication code, thus they won’t be able to get past this step.
The brief inconvenience of using that additional step when you log into your online accounts is more than worth it for the extra layer of security you get.
Use A Password Manager For Secure Storage
One way that criminals get their hands on user passwords easily is when users store them in unsecured ways. Such as in an unprotected Word or Excel document or the contact app on their computer or phone.
When you use a password manager, it provides you with a convenient place to store all your passwords that are also encrypted and secured. Plus, you only need to remember one strong master password to access all the others.
A password manager can also autofill all your passwords in many different types of browsers, making it a convenient way to access your passwords securely across devices.
When it comes to difficult passwords, you shouldn’t try to come up with them on your own since you’ll end up with variants on the same subject. To construct really difficult passwords, you’ll need a password manager that contains a random password generator.
Some password managers enable you to customize the password’s complexity. You may create passwords with 20 random characters or even unpronounceable, random sentences using these tools. If you utilize these techniques, your passwords will be extremely complex and hence strong.
Review/Adjust Privacy And Security Settings
Have you taken the time to look at the security settings in your cloud subscriptions? One of the common causes of cloud account breaches is misconfiguration. This is when security settings are not properly set to protect your online accounts.
You don’t want to just leave SaaS protection settings at defaults, as these may not be protective enough. Review and adjust cloud app security settings to ensure your account is properly safeguarded.
Don't stress over IT, leave IT to us!
Use Leaked Password Alerts
A data breach can happen when a retailer or cloud service you use has its master database of usernames and passwords exposed and the information stolen.
Due to this problem, some password managers in the market have the ability to alert you if one or several of your passwords have been leaked and are available on public web forums. This enables you to change them and reduce the risk of account takeover.
Thus, any passwords that you save in the browser will be monitored, and if found to be leaked, you’ll see an alert when you use it.
Don’t Enter Passwords When Using A Public Wi-Fi Network
Whenever you’re on public Wi-Fi, you should assume that your traffic is being monitored. Hackers like to hang out in public hot spots in airports, restaurants, coffee shops, and other places so they can gather sensitive and personal data, such as login passwords.
You should never enter a password, online banking information, credit card numbers, or other sensitive data when you are connected to public Wi-Fi. You should either switch off Wi-Fi and use your phone’s wireless carrier connection or use a virtual private network (VPN) app to protect your connection with data encryption.
Are There Other Risks Associated With Using Public WI-FI Networks?
There are other risks associated with the use of public Wi-Fi networks, such as malware distribution and connecting to a fake Wi-Fi hotspot.
Malware Distribution
Malware injection is another prevalent method of attack on public WiFi networks. Snooping software could be used by attackers to examine data streaming in and out of your device, but that’s not it. They’ll not only be able to view your traffic, but they’ll also be able to alter it.
In simpler terms, this means intercepting a web server’s answer before it reaches you, injecting harmful and hidden code that will run once the page loads on your device, and then sending it on its way. If the attacker accomplished his job correctly, you will most likely be unaware of what happened until it is too late.
In most cases, data encryption is sufficient to avoid this form of attack.
Dangerous WiFi Hotspots
This is commonly accomplished by setting up an unprotected hotspot using the name of a local establishment, such as a restaurant, café, or hotel, to which people connect, completely unaware of the risk.
Because the attacker has complete control of the hotspot in this case, they may use it to serve you harmful adverts containing spyware, replace the website you wish to visit with a completely false one, and collect any credentials you provide for various services.
You can protect yourself from this situation on occasion by constantly asking the business’s personnel if the WiFi hotspot is authentic.
Keep An Eye On Your Social Media Accounts
You should use the security tools available on various social networks. Here are some pointers on how to keep your accounts safe:
Close any accounts that you aren’t using anymore. It’s possible that forgotten social media accounts have been hacked without anybody noticing. Hackers can use this to get access to other accounts linked to it, such as your email account.
Examine the apps that are linked to your social media accounts. Do you use Facebook or Google to log in to other websites or apps? Examine if this level of access is required.
Make sure your mobile applications are up to date. Make sure you’re using the most recent version of the platform. Patches for security protect you from the most recent known dangers.
Use a different email address for each of your social media accounts. Create separate email accounts for your social media profiles if feasible, so that if you’re hacked, the hackers won’t have access to any sensitive data.
Check Permissions Granted To Third-Party Applications
Third-party apps, such as a post scheduler, will need access to your social media accounts. Make sure you’re only granting permissions to legitimate apps. Also, make sure you read the terms of what you’re giving the program permission to access.
Some programs will just require the bare minimum of permissions, such as the ability to view and upload content, so we recommend checking the permissions before providing access. It’s a good idea to get into all of your social media accounts and examine what apps you’re allowing to connect to your devices.
Consider Using A VPN
When you surf the web, your device type, location, IP address, and browsing history are just a few of the digital footprints you leave behind. When your identity is revealed, anybody may see the fingerprint you leave behind, therefore anonymity is essential for protecting your online security.
A VPN works by rerouting your connection to a new server and masking your IP address. Your internet activity will be virtually untraceable and anonymous in this way. Furthermore, the most private VPNs all have stringent no-log rules, ensuring that none of your personal data is ever stored, even by your provider.
Use Good Device Security
If an attacker manages to breach your device using malicious software, they can often breach your online accounts without a password. Just think about how many apps on your devices you can open and already be logged in to.
To prevent an online account breach that happens through one of your devices, make sure you have strong device security. Best practices include:
- Antivirus/anti-malware
- Up-to-date software and OS
- Phishing protection (like email filtering and DNS filtering)
Looking For Password And Cloud Account Security Solutions?
Don’t leave your online accounts at risk. By leveraging appropriate remote work solutions, we can help you review your current cloud account security and provide helpful recommendations. Schedule a meeting today
Article used with permission from The Technology Press.
