2019 was the worst year on record for data breaches, with 7.9 billion records exposed in just nine months according to a Risk-Based Security report. The media frequently mentioned breaches of the cloud environment, as stories emerged of high-profile companies with unsecured databases stored in the cloud. Storage providers were linked with reports of substandard cloud security practices occurring across a broad range of sectors from healthcare to the Government.
However, the cloud environment isn’t the real issue here. Cloud storage has many benefits for legal firms who wish to take advantage of the platform for their professional teams. Not only does it provide a fast and flexible way for your lawyers to access data, but it is also cost-effective. However, your cloud provider should have a robust cloud security strategy in place to protect the data you keep in the cloud.
Prioritising Security of Your Cloud Environment
Compliance with GDPR is essential if you want to protect your law firm from receiving hefty penalties. Current fines for data infringements are up to EUR 10 million or 2% of your company’s global annual turnover if charged at the lower level. It increases to EUR 20 million or 4% of your company’s global annual turnover at the higher level. Aside from the substantial financial implications, a data breach could also impact the reputation of your law firm. These negative consequences can be avoided entirely with the correct cloud security measures in place.
Likely Threats To Your Cloud Environment
Cyber threats are continually evolving. It’s best to outsource your cloud management services to experts and ensure you’re protected against cybercrimes. Your cloud provider should have the following security measures in place to protect against attacks in the cloud environment.
Protection Against Ransomware
Attackers will encrypt files and folders such as Word or Excel docs, so you’re unable to access them. Often, hackers will threaten to release this sensitive data to the public unless you pay a fine. However, web-based files such as G Suite documents that aren’t associated with a physical storage location will be safe from this type of cybercrime.
Cybercriminals realise that trying to take control of your cloud user accounts by logging in repeatedly will be flagged as a security event. Therefore, hackers use more sophisticated techniques to break through security barriers. Password spraying involves making a few login attempts using common passwords against multiple user accounts. They take place over a long period, often go under the radar and don’t trigger a security alert. It’s estimated that around 60% of Office 365 users have been the victim of password spraying at some point. Investing in advanced authentication for the cloud environment can mitigate against the risks of spraying.
Disabling IMAP Connectivity
Another technique used by hackers is credential stuffing. Cybercriminals get details of a successful username and password combination from a hacked third-party platform. They then use these datasets to try to gain access to other services. Disabling IMAP connectivity to the cloud environment can mitigate both password spraying and credential stuffing.
Mitigating Against User Risk
It’s imperative that you train your staff in best practices regarding document storage and using emails. You can also set up data loss prevention policies which can detect when sensitive content is being exchanged. Show your employees how to recognise a suspicious email and what they should do if they receive such a message. You can also address security privileges to ensure that users only have the level of access they require to systems and data.
Your cloud provider can protect your cloud environment by employing encryption and authentication services. Internally, you can also define your virtual network boundary so you can implement robust security policies in the right place.
Working with a reputable provider for your cloud environment is essential. To find out how you can protect your cloud environment, contact CBSIT today for a FREE IT consultation.