The rise in cloud services has caused a big increase in hacked cloud accounts. Compromised login credentials are now the #1 cause of data breaches around the world according to IBM Security’s latest Cost of a Data Breach Report.
Having a personal or business cloud account compromised can be very costly. It can lead to a ransomware infection, compliance breach, identity theft and much more.
Users are still using bad password habits that make it all too easy for criminals to access accounts. Some examples of bad password habits include:
- people sharing passwords with colleagues.
- the reuse of passwords across work and personal accounts.
- people storing passwords in unprotected plain text documents or written on labels or post it notes stuck to their computers.
There are several things you can do to reduce the chance of having your accounts compromised:
1. Using Two Factor Authentication (2FA)
Also known as multi-factor authentication (MFA), 2FA is the best method there is to protect cloud accounts. While it is not a failsafe, according to a study done by Microsoft, it is proven to prevent approximately 99.9% of fraudulent sign-in attempts.
When you add the second requirement to a login, which is generally to input a code that is sent to your phone, you very significantly increase your accounts security.
The inconvenience of using an additional step when logging into your accounts is more than worth it for the huge increase in security.
2) Using A Password Manager
Some people make finding passwords easy by storing them in an unprotected Word or Excel document or in a text file on their PC or phone.
Using a password manager provides you with a centralised, encrypted and secured spot to store all your passwords. Plus, you only need to remember one strong master password to access all the others.
As well as proving storage for your passwords, password managers can also autofill all your passwords in many different types of browsers. This makes using them a safe and convenient way to access your passwords across all your devices.
3) Review Your Accounts Security Settings
Have you or your IT provider taken time to check out the security settings in your cloud tools? One of the common causes of cloud account breaches are when security settings are not properly set in online accounts.
Regularly review and if needed change your security settings to ensure your account is properly safeguarded. In late June, Microsoft will start to increase the security baseline of all M365 accounts worldwide. Check out details here – Raising the Baseline Security for all Organisations in the World. Remember this is only the baseline and the majority of companies should also implement further security measures
4) Ensure Good Device Security
If an attacker gets onto you computer or mobile device, they can often breach your accounts without a password as users often have accounts open and logged in.
The best way to prevent access to your devices to have strong device security, including:
- Antivirus/anti-malware
- Keep both your operating system and software up to date.
- Email filtering DNS filtering.
5) Don’t Type In Passwords When Using Public Wi-Fi.
Always assume that your traffic is being monitored when using a public wireless network (cafe’s, airports, restaurants, motels etc).
As you don’t know who setup the network or even if a hacker has created a duplicate network you should not enter any passwords, credit card numbers or other sensitive information when connected to a public wi-fi network.
You should either use a 4G / 5G connection or a VPN (which encrypts the connection).