Cloud data more convenient
It comes as no surprise that companies are abandoning physical data storage and management infrastructures and transitioning to the cloud instead. Online platforms are simply more convenient: being able to quickly share and edit documents, save them easily and make use of innovative functions allows businesses to become more competitive.
“Today, companies also choose to transfer their main applications to the cloud, such as accounting, sales or production software tools, storage of various files and facilitated sharing within the company. The pandemic also contributed to the transfer of business infrastructure online – remote working led to increased use of remote communication solutions for video conferencing and correspondence, as well as collective project management,” says Kristina Miliauskienė, process and project manager at GoIT.
According to Miliauskienė, cloud services are also appealing to small companies because they do not need huge initial investment for equipment and licensing, at the same time reducing the costs of equipment maintenance.
“It is also advantageous to hold company data in the cloud because it allows access to the latest version of the software. Few companies would choose to regularly purchase more effective software and install it into their existing devices. The most up to date software allows smooth operation without thinking about software compatibility problems and the latest application functionality offers business advantages over those who invest less,” says K. Miliauskienė.
Online platform use is also more cost-effective by allowing flexibility, i.e. businesses only pay for the period they are using the data storage services. This is relevant not only for growing or changing businesses but also when working with temporary yet resource-intensive projects or carrying out activities on a seasonal basis.
Is the cloud truly safe?
Major companies offering cloud services, such as Google, usually have sufficient resources to invest in the best security measures. K. Miliauskienė says that online data storage platforms are usually more secure than the physical infrastructure kept in the company. Usually, companies offering cloud services take steps to promptly neutralise new emerging threats.
“The greatest security challenge is the human error itself. It is clear that companies that choose cloud solutions want easier data access and sharing within the company. This, of course, can lead to additional risks. Normally it is the users themselves who allow harmful programmes into their systems by opening fictitious emails, using unsafe passwords or storing their equipment unsafely,” explains K. Miliauskienė.
However, ESET Lietuva IT engineer Lukas Apynis observes that there are certain types of malware that can also infiltrate the cloud platform holding the organisation’s data.
“With organisations transitioning to Microsoft 365 so rapidly, we see a new attack vector – Azure Applications. Attackers can create, mask and install malignant Azure programmes which can be exploited in fraud campaigns. Azure programmes do not require an execution code for the user’s computer. This means that the antivirus programmes aimed at detecting malware are circumvented,” says the IT expert.
L. Apynis says that Azure programmes are installed on the cloud platform by users themselves who are tricked into it by cyber-criminals. So in this case the success of an attack depends on human error too. Azure programmes allow attackers to get access to the data of their victims, they can read and send emails on behalf of the company.
Based on telemetric data from global cybersecurity company ESET, the most frequent online threats during the pandemic were related to remote desktop attacks. There has also been a rise in email attacks. It is becoming clear that with the pandemic prompting companies to transfer their activities to the cloud, cybercriminals have also become more active in this space.
Successful cyber-attacks do not only paralyse the company’s operations but also cause less visible damage. As an example, L. Apynis describes how an email account is hacked and valuable company data is stolen. Company staff and leaders might not even notice such an attack initially, but the financial damage can prove considerable further down the line.
Attention to detail ensures security
One of the most effective means of ensuring the security of cloud data is installing more advanced antivirus systems which can be integrated with cloud solutions.
“Remote working and the ever-increasing external and internal IT threats mean that companies have no choice but invest in higher security standards. Businesses are increasingly more likely to experience financial, technical and reputational losses. So to prevent this, companies often choose additional anti-spam and firewall solutions, as well as the centralised management of complex security engines and extra backup solutions,” says K. Miliauskienė.
Companies can also choose extra security measures. Data held on the cloud can be encoded, with a special code needed to read them so only the individuals with access permits can obtain these codes and access the data. Another option is to grant access permission for specific devices only. This, however, is less convenient because staff members who might not have their cloud-enabled device with them might be unable to access the data.
An important factor in ensuring security is staff training. Companies are recommended to establish procedures on how their employees should use logins and equipment, how confidential data and passwords should be stored, how to comply with security requirements because cybercriminals often exploit human error.
“I would advise staff members to be more cautious in reading emails because emails remain one of the more popular attack vectors, leading to the installation of malignant cloud applications. I recommend business leaders to take note of their employees’ IT skills, organise training where the staff can get acquainted with the safe use of cloud services. If employees lack knowledge, cybersecurity training should be organised,” advises L. Apynis.
Another important piece of advice is to consider safe user authentication – using secure, sufficiently complex passwords and additional confirmation of identity.
