Most phishing attacks involve hiding malicious hyperlinks hidden behind enticing ad images or false-front URLs. Whatever the strategy is, phishing almost always relies on users clicking a link before checking where it really leads. But even the most cautious users may get caught up in the most recent scam. Take a look at our advice for how to avoid the newest trend in phishing.

What are homographs?

There are a lot of ways to disguise a hyperlink, but one strategy has survived for decades — and it’s enjoying a spike in popularity. Referred to as “homographs” by cybersecurity professionals, this phishing strategy revolves around how browsers interpret URLs written in other languages.

Take Russian for example, even though several Cyrillic letters look identical to English characters, computers see them as totally different. Browsers use basic translation tools to account for this so users can type in non-English URLs and arrive at legitimate websites. In practice, that means anyone can enter a 10-letter Cyrillic web address into their browser and the translation tools will convert that address into a series of English letters and numbers.

How does this lead to phishing attacks?

Malicious homographs utilize letters that look identical to their English counterparts to trick users into clicking on them. It’s an old trick, and most browsers have built-in fail-safes to prevent the issue. However, a security professional recently proved that the fail-safes in Chrome, Firefox, Opera and a few other less popular browsers can be easily tricked.

Without protection from your browser, there’s basically no way to know that you’re clicking on a Cyrillic URL. It looks like English, and no matter how skeptical you are, there’s no way to “ask” your browser what language it is. So you may think you’re clicking on apple.com, but you’re actually clicking on the Russian spelling of apple.com — which gets redirected to xn—80ak6aa92e.com. If that translated URL contains malware, you’re in trouble the second you click the link.

The solution

Avoiding any kind of cybersecurity attack begins with awareness, and when it comes to phishing, that means treating every link you want to click with skepticism. If you receive an email from someone you don’t know, or a suspicious message from someone you do, always check where it leads. Sometimes that’s as simple as hovering your mouse over hyperlink text to see what the address is, but when it comes to homographs that’s not enough.

In the case of homographs, the solution is unbelievably simple: Manually type in the web address. If you get an email from someone you haven’t heard from in 20 years that says “Have you checked out youtube.com??”, until your browser announces a fix, typing that URL into your browser’s address bar is the only way to be totally sure you’re safe.

For most, this trend feels like yet another development that justifies giving up on cybersecurity altogether. But for small- and medium-sized businesses that have outsourced their technology support and management to a competent and trustworthy IT provider, it’s just another reason to be thankful they decided against going it alone. If you’re ready to make the same decision, call us today.

Well… What is Ransomware?

Ransomware is a type of malicious software that encrypts files on your computer so that cyber criminals can hold those files on your computer for ransom. Essentially, demanding payment from you within a certain timeframe to get them decrypted. In some cases, the encrypted files can essentially be considered damaged beyond repair.

There are plenty of ways ransomware can get onto a person’s computer, but as always, those tactics all generally come down to certain social engineering techniques or using software vulnerabilities to silently install itself on a victim’s computer.

Unfortunately, the threat of ransomware is very real, and is becoming an increasingly popular way in 2017 for malware authors to extort money from businesses and consumers alike. We’ll give you some great advice to have you properly prepare your computer, servers, and networks. Here are a few tips that will help you keep your data protected and prevent ransomware from hijacking your files this year and years to come:

1. First & Foremost, Back Up Your Files Regularly…

…and keep a recent backup off-site. If you don’t already have backups of your data, this is the most critical action step that will help you defeat ransomware. Be certain that you have a regularly updated backup and have tested that you are able to restore those files. Ideally, you’ll have the backup located on multiple drives.

2. Do NOT Download Email Attachments or Enable Macros

You may already received these types of emails … claiming to be an invoice or some purchase order of some sort. Be extremely careful about opening email attachments from anyone outside of your organization. Simply deleted any malicious emails without opening them. Also, consider installing Microsoft Office viewers that allow read-only access and don’t enable macros.

3. Don’t Have More Access Privileges Than You Need

Simply, the minimum effective dose here… if you don’t need administrator rights for your day-to-day tasks, then create a separate account with limited access. When you do login as an admin, don’t stay logged in any longer than necessary. Avoid browsing, opening documents or other regular work activities while logged in as administrator… that’s what your limited access account is now for.

4. Update, Patch, Uninstall

Malware that doesn’t try to install itself by a Microsoft Office file macro will often rely on outdated software and applications that have bugs in them. Be sure to apply the latest security patches available, which will limit the attacker’s options for infecting your computer with ransomware.

5. Train Your Employees in Your Business in Good Practices

Strong passwords. Not sharing user logins. Logging out at the end of the day. Train your employees who have access to computers and their systems to have good practices. They can be the weakest link in the company’s computer systems if you don’t have a training program in place that will teach them how to avoid spam email attachments, unsolicited documents, and malicious software.

6. Segment the Company Network

If you have clients or customers that need access to the internet while visiting the company, be sure to have a separate access point that only allows use of the internet and prevents access to the company network.

7. Show Hidden File-Extensions

By default, known file extensions like .EXE are hidden and that’s one way that ransomware frequently disguises itself is by having the extension “.PDF.EXE”, counting on Window’s default behavior of hiding known file-extensions so that it will seem like it’s just a PDF. We suggest that you re-enable the ability to see the show file-extensions so it will be more obvious to detect suspicious files.

8. (Did We Say 7? Here’s An Extra!) Disable RDP

One way the Cryptolocker/Filecoder malware often accesses victim’s machines is by using Remote Desktop Protocol (RDP). This is a Windows utility that allows others to access your desktop remotely. Such as those who fake that they’re an IT support person and will help you speed up your computer. If you do not require the use of RDP, you should disable it to protect your computer from malware that exploits this.

Ransomware can certainly be frightening, but there are many steps to take that can help you be prepared in any situation that would put your data at risk. That is why it has always, and will always be, the single most important best practice to protect your company against data loss with regular scheduled backups. That way, no matter what happens, you will be able to restore your data quickly. I can only hope that if anything positive can be taken away from the increased threat of ransomware, it is a clear indication of the importance of regularly scheduled, frequent backups to protect your valuable data.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from NovaStor SOURCE

Office 365 – Different subscription models, different backup possibilities.

One of the most frequently talked about topics in the IT field is the cloud. It seems to be almost everywhere, and as we have pointed out in previous blogs, there are definitely some advantages to this concept. By reducing capital costs – licensing, hardware, and software – companies are able to streamline and improve accessibility and flexibility across the organization.

What is Office 365

Microsoft introduced Office 365 in 2011 as a software plus services subscription – a combination of an online service, Office web-based applications, and Office software subscriptions. Currently there are at least 12 pricing tiers to choose from – for personal, business and enterprise use. The Enterprise E1 through E4 versions of Office 365 are the most likely versions that businesses will choose.

Exchange Online, Skype for Business, and SharePoint Online are services that are provided solely in the cloud. This means that users do not have to worry about the maintenance of the programs or the administration of a server. Updates are also installed automatically and are immediately available.

Microsoft Office can either be completely downloaded and installed or streamed (Click-to-Run). The latter means that the applications are downloaded from the Internet and not permanently installed. The streaming feature supports client computers that are running at least the Windows 7 operating system.

Dangers of data loss while using Office 365

Microsoft has guaranteed a 99.9% availability of all applications and services in Office 365 throughout the year, however, moving everything into the cloud can be a dangerous decision. Even though Microsoft guarantees an almost 100% availability of their services, it does not mean that the client’s data is 100% safe and secure.

When an Office 365 user solely relies on the normal backup provided by Microsoft, they could eventually find themselves in trouble because Microsoft is not offering a backup service for its online service. This may be not very important for the online versions of Office since you can – and you should– always save your important documents locally. But this feature is not possible with versions of Exchange and SharePoint Online, which can be potentially risky.

For example, an Exchange Online mailbox is configured to retain deleted items for 14 days by default. You can use the Shell to change this setting to a maximum of 30 days. After 30 days the items are permanently removed. If you need to retain deleted items for longer than 30 days, you have to place the mailbox on In-Place Hold or Litigation Hold, which can only be done if you’ve subscribed to the Exchange Online Plan 2.

SharePoint Online shares a similar story. It creates a backup of the data every 12 hours and those backups are retained for 14 days. In order to restore the full site collection, you must put a service call into Microsoft technical support. And the only supported restore option is a full site restore, meaning you will lose all the current data being hosted. Additionally, if you want to recover a single item that was moved to the recycle bin, it can be restored within 30 days. All items are automatically and permanently deleted 93 days after they were originally recycled.

The real issue is that the backups they are offering are only for data recovery in a case where Microsoft’s data center goes down. If a customer deletes any item by mistake, and it’s not restored within the retention window, it’s gone forever. This is why it is absolutely necessary for enterprises to have a specific backup plan up and running. Since Microsoft is not able to provide a real backup for its cloud services companies have only one option – to find a 3rd party backup software solution.

How can I back up Exchange or SharePoint Online data?

One option for backing up your emails from Exchange online is to back up your Office 365 email database to your local computer. Since this would require Outlook software on each computer for this task, this method can be used only by individuals. Enterprises need a more advanced and automated solution. Several vendors offer solutions to make backups of data stored in the cloud, however there is currently no sole product available on the market that provides comprehensive protection for all Office 365 data.

So, does it pay to subscribe to a higher-priced tier of Office 365 in regards to backups? No, not really. There is no real benefit to except that the data is kept a little bit longer on the Microsoft servers before they are permanently deleted. Companies must still have an efficient backup solution in place if documents are to be restored for business, regulatory or compliance purposes.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from Kroll Ontrack SOURCE

As long as businesses host valuable data, cyber criminals will continue to bypass the security protocols meant to protect this data. The causes of security breaches range from device theft or loss, weak and stolen credentials, malware, and outdated systems that use ineffective security measures. And with these five tips, you can take the first step toward making sure a security breach never strikes at your precious business data.

Limitation of lateral data transfers

Employees not being educated on data sharing and security is one of the biggest reasons for internal data breaches. It’s a good idea to limit access to important data and information by restricting access privileges to only a small number of individuals. Also, you can decide to use network segmentation to cut unnecessary communication from your own network to others.

Keeping your machines and devices updated

Internal breaches might also occur when employees work with unguarded or unprotected machines. They might unknowingly download malware, which normally wouldn’t be a problem if machines were properly managed. Updating your operating systems, antivirus software, business software, and firewalls as often as possible will go a long way toward solidifying your defense systems.

Use monitoring and machine learning to sniff out abnormalities

It’s not all on your employees, however. Network administrators should employ monitoring software to prevent breaches by analyzing what is “normal” behavior and comparing that to what appears to be suspicious behavior. Cyber criminals often hide in networks to exploit them over a long period of time. Even if you miss them the first time, you should monitor suspicious activity so you can recognize impropriety and amend security policies before it goes any further.

Creating strong security passwords and credentials

No matter how often we say it, there’s always room for improvement when it comes to your passwords and login procedures. In addition to text-based credentials, you should require other methods whenever possible. Great for fortifying your network, fingerprints and smart cards, for example, are much harder for cyber criminals to fake. Regardless of which factors are used, they must be frequently updated to prevent breaches, accidental or otherwise.

Security Insurance

In the end, no system is perfect. Zero-day attacks exploit unknown gaps in security, and human error, accidental or otherwise, can never be totally prevented. And for this reason, small businesses need to start embracing cyber insurance policies. These policies help cover the damages that might occur even under a top-of-the-line security infrastructure. Considerations for selecting a policy include legal fees, first and third-party coverage, and coverage for reputation rehabilitation.

The field of cyber security is overwhelming — even for seasoned IT professionals. But not for us. We spend our days researching and experimenting to craft the best security solutions on the market. If you’re interested in one of our cutting-edge cyber-security plans, call us today.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

November 30th — is National Computer Security Day, an annual event observed since 1988 to help raise awareness worldwide of computer-related security issues. It should also serve as a reminder to small business owners to protect their computer networks from hackers, fraudsters and identity thieves.

Computer security is sometimes referred to as cybersecurity or IT (information technology) security. It applies to the protection of computer-based equipment, the information stored on and services related to it from unauthorized and unintended access, change or destruction, including unplanned events and natural disasters.

Recently, the public opinion research company Ipsos Reid released the findings of a survey of U.S. small businesses revealing that many of them do not fully comprehend the impact a data breach can have on them. As a result, they take a passive approach to safeguarding sensitive information that leaves them vulnerable not only to a breach but potentially devastating financial and reputational damage as well.

The survey also found that:

  • Sixty-nine percent of small business owners are not aware or don’t believe that lost or stolen data would result in financial impact and harm to their businesses credibility.
  • Forty percent have no protocols in place for securing data.
    More than one-third of the respondents report that they never train staff on information security procedures.
  • Forty-eight percent have no one directly responsible for management of data security.
  • Just 18 percent would encourage new data privacy legislation requiring stricter compliance and penalties to information security threats.

Computer Security Day is an excellent time to ensure that your company is following best practices to protect yourself from data breach and identity theft. They include:

  • Analyzing possible security gaps in your organization and within your supply chain.
  • Implementing ongoing risk analysis processes and creating a security policy specifically designed to limit exposure to fraud and data breaches.
  • Regularly training employees in proper document management and encouraging their adoption of security best practices.
  • Implementing a “shred-all” policy for unneeded documents and keeping sensitive materials under lock and key until they are destroyed.
  • Paying particular attention to hard drives on computers or photocopiers. The only way to destroy data stored on hard drives is physical destruction.
  • Installing and using effective computer network protection such as anti-virus software and a firewall.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TransFirst SOURCE

The internet is undoubtedly one of the most powerful tools for improving business productivity. But it’s also a magnet for procrastination. With unfettered access to the internet, it’s easy to stray away from your important work responsibilities. If done in moderation, five-to-ten minute breaks on Facebook, Twitter, and YouTube are harmless, but if employees spend several hours a day there, the internet is impeding office productivity. Fortunately, web monitoring can ensure your employees don’t overuse these sites.

Time-saving measures

At times, the internet can be very addictive. Internet monitoring software saves employees from the temptation of online videos and games by restricting access to time-wasting sites that you deem unnecessary for business. But internet monitoring software doesn’t even have to be as extreme as denying permission to harmless social media websites. Just letting your employees know that you’ll be randomly monitoring their internet activity discourages them from taking prolonged visits to their Instagram page.

Avoiding harmful websites

The internet hosts plenty of unsavory links and websites. Employees who haphazardly click phishing links or access malware-ridden pornography sites can put your business at risk. Working with infected machines can slow down the entire system and, in some cases, completely halt operations. But by using internet monitoring tools you can restrict access to dangerous websites, and identify reckless employees to remove their internet privileges, if necessary.

Controlling bandwidth usage

Even while using the internet for the right purposes, bandwidth can be used up quickly. Internet monitoring gives you up-to-the-minute reports on your bandwidth usage. Once you have a clear understanding of your company’s overall bandwidth usage, you can then control its expenditure. This feature allows you to prioritize bandwidth for critical business applications and reduce bandwidth for less necessary websites.

Increasing productivity on the internet

Internet monitoring software may be a powerful tool, but it should be used responsibly. As a business owner, you need to walk a fine line between over-surveillance and under-surveillance. What you should do is establish a clear internet policy. Then, explicitly define the disciplinary measures to be dispensed on anybody who goes against the requirements of the internet policy. And deal with time-wasting employees on a case-by-case basis. It’s unreasonable to remove everyone’s Facebook privileges because one or two abused theirs.

Employee productivity can be difficult to achieve, especially with the proliferation of what we would like to call, “procrastination software.” But with web monitoring software, you can truly get your business — and your employees — back on track. Looking for more ways to increase business productivity with technology? Give us a call. We’ll be happy to make suggestions.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with permission from TechAdvisory.org SOURCE

New research suggests that SMBs have a long way to go before getting up to speed with today’s cyberthreats.
A third of small to medium-sized businesses (SMBs) have no idea what ransomware is or how devastating the malware can be, highlighting a series lack of understanding which could seriously harm today’s companies.

According to new research  released by antivirus firm AVG on Tuesday, too many businesses are unaware of how dangerous ransomware can be — and how easily it is to become the latest victim of the malware strain.

Ransomware is a type of malicious code that once executed on your system — usually through a malicious link or phishing email — locks your PC, encrypts either your files or hard drive, and demands a ransom payment in return for a decryption key which claims to give you your system back.

One of the latest strains to be detected, MarsJoke, threatens to wipe data if a ransom is not paid within 96 hours.Time-sensitive threats are a common tactic used by ransomware campaign operators to put pressure on victims to pay up, and ransom payments can range from small amounts to hundreds — or thousands — of dollars.

As ransomware can be a very lucrative prospect for cybercriminals looking to cash in, unsurprisingly, infections are on the rise. Locky, Cerber and Virlock are only some of the ransomware variants which are being used in active campaigns against entities including hospitals, governments and gamers.

One UK university has reported  21 attacks in the past 12 months alone.

Last year, the FBI received 2,453 complaints about ransomware hold-ups, and out of these cases that were actually reported, the damage cost victims more than $24 million.

“The true scale of the problem is somewhat hard to define though because, understandably, many businesses and organisations are reluctant to reveal they’ve been held to ransom because of fears about being targeted again, or losing existing or new customers,” AVG notes.

In June, the security firm asked almost 400 SMB customers in the US and the UK whether they knew about ransomware. In total, 68 percent of respondents had heard of the term ‘ransomware,’ but it is the 32 percent — just over a third — that had no knowledge which is the concerning factor.

Considering the first recorded attack took place in 2005, which came in the now-common form factor of a fake antivirus message which required payment, 11 years on is a long time to not know about such a dangerous threat to business operations.

To make matters worse, out of the 68 percent of respondents which said they knew what ransomware was, 36 percent gave the wrong answer — and actually didn’t really know what the malware was, or its implications.

If you find yourself a victim of such malware, the first thing to do is research the infection to see if security companies have come up with free decryption tools, including AVG andKaspersky.

While some tools are available, it takes time to crack updated versions and so you may be out of luck. If none are available, you may have to resort to backups of your data. You might be tempted to pay up; however — if you do so, you are funding the criminal enterprise, and there is no guarantee you will be given a working key to retrieve your files after paying the ransom.

Curious to learn about other common malware that can cause trouble for business owners? Want to upgrade your existing network security system? Give us a call today, we’re sure we can help.

Published with consideration from ZDNet. SOURCE

Earlier this year, thousands of Delta passengers worldwide were grounded due to a power outage that halted critical IT operations. This was a huge problem not only for the many delayed travelers, but also for the airline company itself. Within three days, the airline company cancelled around 2300 flights and paid over millions of dollars in downtime costs. But if you weren’t personally affected, why should you care? Well, without a business continuity in place, companies like yours can face the same repercussions. In order to prevent that, take heed of some poignant lessons companies can learn from Delta’s IT failings.

Strive for 100% redundancy

According to Delta’s chief information officer, a power failure caused the company’s data center to crash, grounding thousands of would-be passengers. Although power was restored six hours after the incident, critical systems and network equipment failed to switch to a secondary site, corrupting valuable data in the process. And while some systems failed over, other vital applications didn’t; this created bottlenecks, decreased revenue, and diminished customers’ confidence.

Delta’s case is a massive wakeup call not just for the airline industry but for every business — large and small. Companies must implement disaster recovery plans for their data centers, on-site technology, and Cloud applications to continue servicing customers while fixing the main issue with their primary systems. Companies also need to get rid of the false notion that redundancy plans to assure service continuity is restricted to larger corporations. DR and business continuity solutions are extremely affordable today, and a partnership with a provider can help you in more ways than one (more on this later).

Always test your backups

So although Delta had a plan to bring its business back to normalcy, the DR plan left a lot to be desired in practice. This begs the question as to whether the airline company is actually testing, reviewing, and reinforcing its vulnerabilities to different disasters.

The point is that even though your company may have a failover protocol in place, that protocol adds no value to your business unless it has been rigorously tried and tested. In order to avoid the same fate as Delta, make sure to find out whether your disaster recovery plan is capable of running mission-critical applications like email and customer service applications before — not after — downtime occurs.

Account for different types of vulnerability

In an interview with the Associated Press, Delta CEO Ed Bastian said, “We did not believe, by any means, that we had this type of vulnerability.” Indeed, it’s often hard to foresee what threats and vulnerabilities a natural disaster, power outage, or hacker can produce. But it’s not impossible.

By conducting a comprehensive audit of your data center security and disaster protocols, your business will be more aware and adept at minimizing the risk of potential disasters. This also means evaluating and preparing for disasters that are likely to happen to your business depending on its geographic location. Southern US, for instance, is prone to hurricanes and flooding.

Call for help

These lessons and strategies are all crucially important, but pulling off a DR and business continuity solution on your own may be difficult. For this reason, it’s critical to have a planned partnership with a managed services provider that can assess, plan, test and install the continuity solutions your business needs in order to minimize the impact and avoid encountering a Delta IT outage of your own.

To find out more about business continuity and guaranteeing complete IT redundancy, contact us today.

Published with permission from TechAdvisory.org SOURCE

The next time you visit Dropbox.com, you may be asked to create a new password. Why? Back in 2012 the cloud storage firm was hacked, and while it thought only email addresses had been stolen, new evidence has come to light that user passwords were compromised, too. So if you’ve been using Dropbox since that time but haven’t updated your password, the company advises you to do so ASAP.

Despite the unfortunate incident, Dropbox has implemented a thorough threat-monitoring analysis and investigation, and has found no indication that user accounts were improperly accessed. However, this doesn’t mean you’re 100 percent in the clear.

What you need to do

As a precaution, Dropbox has emailed all users believed to have been affected by the security breach, and completed a password-reset for them. This ensures that even if these passwords had been cracked, they couldn’t be used to access Dropbox accounts. However, if you signed up for the platform prior to mid-2012 and haven’t updated your password since, you’ll be prompted to do so the next time you sign in. All you have to do is choose a new password that meets Dropbox’s minimum security requirements, a task assisted by their “strength meter.” The company also recommends using its two-step authentication feature when you reset your password.

Apart from that, if you used your Dropbox password on other sites before mid-2012 — whether for Facebook, YouTube or any other online platform — you should change your password on those services as well. Since most of us reuse passwords, the first thing any hacker does after acquiring stolen passwords is try them on the most popular account-based sites.

Dropbox’s ongoing security practices

Dropbox’s security team is working to improve its monitoring process for compromises, abuses, and suspicious activities. It has also implemented a broad set of controls, including independent security audits and certifications, threat intelligence, and bug bounties for white hat hackers. Bug bounties is a program whereby Dropbox provides monetary rewards, from $216 up to $10,000, to people who report vulnerabilities before malicious hackers can exploit them. Not only that, but the company has also built open-source tools such as zxcvbn, a password strength estimator, and bcrypt, a password hashing function to ensure that a similar breach doesn’t happen again.

To learn more about keeping your online accounts secure, or about how you can protect your business from today’s increasing cyber threats, give us a call and we’ll be happy to help.

Published with permission from TechAdvisory.org SOURCE

It’s pretty simple to understand where a file goes when you save it on your PC. It lives on your hard drive, possibly housed in a set of folders you’ve created and organized yourself. That file is only stored on your computer, unless you decide to email it to yourself or save it on an external hard drive or USB.

Now what about the cloud?

At its most basic level, “the cloud” is just fancy-talk for a network of connected servers (a server is simply a computer that provides data or services to other computers). When you save files to the cloud, they can be accessed from a computer connected to that cloud’s network. Now take that idea and multiply it to understand how the cloud works for you. The cloud is not just a few servers, but a network of many servers typically stored in a spaceship-sized warehouse—or several hundred spaceship-sized warehouses. These warehouses are guarded and managed by companies such as Google (Google Docs), Apple (iCloud), or Dropbox.

So it’s not just some nebulous concept. It’s physical, tangible, real.

When you save files to the cloud, you can access them on any computer, provided it’s connected to the Internet and you’re signed into your cloud services platform. Take Google Drive. If you use Gmail, you can access Drive anywhere you can access your email. Sign in for one service and find your entire library of documents and photos on another.

Why are people concerned with cloud security?

It’s physically out of your hands. You aren’t saving to a hard drive at your house. You are sending your data to another company, which could be saving your data thousands of miles away, so keeping that information safe is now dependent on them. “Whether data is being sent automatically (think apps that sync to the cloud) or driven by users uploading photos to social media, the end result is that it’s all there somewhere being logged and stored,” says Jérôme Segura, Senior Security Researcher at Malwarebytes.

And that somewhere is a place that’s not in your direct control.

Risks of cloud storage

Cloud security is tight, but it’s not infallible. Cybercriminals can get into those files, whether by guessing security questions or bypassing passwords. That’s what happened in The Great iCloud Hack of 2014, where nude pictures of celebrities were accessed and published online.

But the bigger risk with cloud storage is privacy. Even if data isn’t stolen or published, it can still be viewed. Governments can legally request information stored in the cloud, and it’s up to the cloud services provider to deny access. Tens of thousands of requests for user data are sent to Google, Microsoft, and other businesses each year by government agencies. A large percentage of the time, these companies hand over at least some kind of data, even if it’s not the content in full.

“Some people argue that they have nothing to hide, that they’re not doing anything wrong, and couldn’t care less if their private information is accessed, especially if it helps in the effort to track down terrorists,” says Segura. “While there is no doubt that ready access to data is an invaluable asset for intelligence agencies, it is really important to remember that each individual has a fundamental right to privacy.”

Benefits of cloud storage

On the flip side, the data you save to the cloud is far more secure than it is on your own hard drive. Cloud servers are housed in warehouses offsite and away from most employees, and they are heavily guarded. In addition, the data in those servers is encrypted, which makes hacking it a laborious, if not formidable, task for criminals. Whereas a malware infection on your home computer could expose all of your personal data to cybercrooks, and even leave your files vulnerable to ransomware threats. In fact, we recommend backing up your files to a cloud service as a hedge against ransomware.

Another benefit to storing data on the cloud is cost effectiveness and ease-of-access. You can store tons of data, often for free, using the cloud. Measure that against the number of external hard drives and USBs you’d have to purchase, and the difficulty accessing data once you’ve stored to multiple other devices, and you can see why cloud storage has become a popular option for businesses and consumers alike.

Final verdict

Yes, your data is relatively safe in the cloud—likely much more so than on your own hard drive. In addition, files are easy to access and maintain. However, cloud services ultimately put your data in the hands of other people. If you’re not particularly concerned about privacy, then no big whoop. But if you have sensitive data you’d like keep from prying eyes…probably best to store in a hard drive that remains disconnected from your home computer.

If you’re ready to store data on the cloud, we suggest you use a cloud service with multi-factor authentication and encryption. In addition, follow these best practices to help keep your data on the cloud secure:

  • Use hardcore passwords: Long and randomized passwords should be used for data stored on the cloud. Don’t use the same password twice.
  • Back up files in different cloud accounts: Don’t put all your important data in one place.
  • Practice smart browsing: If you’re accessing the cloud on a public computer, remember to log out and never save password info.

Time to Get Your Business into Cloud Computing Services? GCInfotech is your Cloud Computing Company Servicing NYC, CT and NJ. With our IT Support, it’s a simple, cost-effective and totally scalable IT infrastructure that also provides 24/7 support as part of a monthly program. Using the power of the Web, our cloud computing management services provide the IT hardware, software, and data backup you need to keep your your company running safely and efficiently. Contact GCInfotech cloud professionals today.

Published with consideration from Malwarebytes Lab. SOURCE