Are you thinking about moving to the cloud? Or maybe you are already using cloud services but are not aware of exactly what can go wrong? There are certainly risks to be aware of, mostly stemming from the fact that cloud services are “public facing,” but cloud can be perfectly safe if configured properly.

Here are a just few prevalent threats in cloud services, such as Microsoft 365 and Google Workspace…

Account Compromise

Accounts are compromised by attackers when a person clicks on a phishing email and provides their username and password, or if a reused password is leaked on the dark web. Due to the nature of Microsoft 365 being accessible from anywhere, this is one of the most dangerous risks associated with cloud computing!

How can I protect my business? There are a few ways to protect your account from being compromised:

  • Use multi-factor authentication (MFA)
  • Require the use of unique and complex passwords
  • Restrict logins to your accounts from certain IP addresses, if possible
  • Monitor the dark web for compromised accounts and change the passwords to those accounts (and any other accounts that reuse that password)

Data Leakage

Data leakage (or data loss) happens when data is intentionally or unintentionally shared with someone that it wasn’t supposed to be shared with. With Microsoft 365 allowing easy sharing of data, businesses must be certain of how their tenant is configured. For example, a link to a document stored with OneDrive could to be sent to a legitimate recipient, but then be forwarded to another recipient that was not intended to have accesses to the document.

How can I protect my business?

  • Provide employee training about being mindful of where and what they are sharing from the cloud
  • Configure sharing according to your business’s needs

APIs and Third-Party Access

Microsoft 365 can be accessed through APIs, PowerShell, or third-party applications. Applications are not always friendly, have secure practices, or need access to all of the data they claim they do. APIs, PowerShell modules, and third-party applications are an extra avenue that can be used to access data or systems maliciously.

How can I protect my business?

  • Disable any unnecessary APIs, third-party access, and services

If you aren’t sure where to start, we can help! Reach out to us for a consultation.

Contact Us