How to Correct User Behavior in times of Hacking attacks
Data leaks occur more and more frequently. One of the most serious leaks recently came from a hack, causing private information, including letters, chat histories, and even credit card information, to leak to the public. Users should therefore take a few tips to ensure that their and your company’s information will not become part of the next data scandal.
As it became known earlier this year, a 12-year-old youtuber had managed to intercept and publish personal data from hundreds of politicians. This was made possible by a security vulnerability in the email provider GMail, in the course of which the passwords of the affected users could be reset without prior checking. If this happened, the hacker could compromise accounts linked to the GMail account.
In addition to private users, companies are increasingly becoming the target of cyber attacks. Ransomware attacks are particularly common here, in which data is encrypted and only decrypted in the form of cryptocurrencies after payment of a ransom. However, this is not a guarantee of recovering critical information – often the data remains encrypted despite payment. So the question is how individual users and companies can protect themselves from such attacks.
Also Read: How deepfake endangering cyber security
Back up data correctly
In general it can be said that information is valuable, be it from private individuals or internal company data. Therefore, they form a lucrative target for cyber criminals who want to tap this information and sell it profitably.
First of all, access to private and business data should be protected as best as possible against unauthorized access.
One of the most common methods to gain unauthorized access to data is the so-called brute force attack. Comparable to a lockpick that manipulates the individual cylinders of a lock until they are in the correct position, in a brute force attack, letters, numbers and strings are entered into the password field until the correct code is found by chance .
The following applies here: the longer and more complex the password, the more time and cost-intensive and therefore less lucrative is such an attack. Users should therefore make sure that their passwords are long enough and have special characters and alternating upper and lower case letters. Companies can set guidelines for their employees that regulate how complex passwords are and whether, or at what intervals, they should be exchanged.
Two-factor authentication (2FA) also helps to further protect against data loss. In addition to the user name and password, another factor is also required for access when logging in. The most common 2FA mechanisms are hardware tokens, smart cards or confirmation codes sent by SMS.
If a potential cybercriminal does not have this second factor, he will not be able to access the data.
Keep your eyes open when choosing cloud storage
Choosing the right cloud storage can also help protect data effectively. In the company in particular, customer and employee data, but also other data, for example production-relevant data, must be available quickly and at the same time be protected in the best possible way.
Last but not least in the course of new regulations on data protection, data leaks can cause extensive damage here. For one thing, customers lose confidence in the company that has been the victim of a hack and has lost their data as a result. On the other hand, companies face severe penalties in the event of a successful attack.
Decision-makers should therefore consider a few things when choosing a cloud storage solution.
Also Read: Why Programming is important for Hackers
1. Best possible encryption of data
Many cloud providers only encrypt the data on the server side. This means that the information that a user wants to store in the cloud is unencrypted on his device and during transmission to the data center and is therefore not adequately protected against unauthorized access.
It is therefore important to ensure that data is also encrypted on the user’s device and during transport in the network. Some storage solutions for the cloud offer such end-to-end encryption as standard and provide the type of their cryptography open source. This allows technically savvy users to check the quality of the encryption themselves.
2. Detailed authorization management
Customer, financial, and manufacturing data are some of the most valuable information companies can have. Therefore, access to it should only be made possible to people or departments who have a legitimate interest in it.
Fine-grained management of reading and editing rights enables companies to effectively secure access to their data. For example, financial data is central to accounting, but less so for the IT department. With the right rights management, certain departments can be blocked from accessing data that they do not need.
3. Pay attention to ransomware protection
Cloud storage locations are also not immune to ransomware attacks. Versioning of deleted data can help here. This means that older versions of data, as soon as they are edited and saved, are not permanently deleted, but saved as unchangeable in the trash.
If a ransomware attack was successful, the current versions are encrypted, but older versions that are in the trash can be restored. Even if the latest versions remain encrypted, work can continue. This prevents costly downtime in the company.
4. High user friendliness
Only if the end users in the company accept the new cloud solution will they also use it. Therefore, companies should choose the solution that promises the greatest user friendliness.
This includes, among other things, a quick and easy implementation in the existing IT structures and then smooth operation of the solution. Other advantages can be:
- Integration of the cloud storage in the usual folder structures: Instead of having to access the storage via the browser, it is displayed as a normal folder in the file system
- Use for email attachments: Some cloud storage providers provide Outlook plugins, which users can use to attach attachments that would otherwise be too large for the attachment. Instead of the file being attached directly to the mail, it is uploaded to the cloud and an access link is displayed in the mail.
- Access via app: In order to be able to access stored files on the go, the solution for the most common mobile operating systems should be available as an app.
Own branding: A customizable interface ensures that users gain confidence in the solution more quickly and accept it better.
Attacks on data from private users and companies will not decrease in the future, but will become more frequent. Implementing secure cloud storage is an important step to protect yourself from cyber criminals. If decision-makers consider a few important points when choosing the solution, they can significantly increase their level of security and thus effectively protect their data.