Vigilance and scepticism are key to safeguarding the security of cloud-based systems

Anyone looking to secure their cloud-based computing needs to start by looking in the mirror.

“Cloud is really just a utility to allow people engage in society, to work, to enjoy themselves, and even to receive healthcare. It’s totally ubiquitous now, like water or electricity,” says Dave Feenan, network manager of the Technology Ireland ICT Skillnet.

Like those utilities we rely on them to arrive safely to our door. And cloud computing does this, relying on the very grounded presence of data centres, those typically nondescript and windowless buildings dotted along the M50 often only identifiable by the elaborate air conditioning units on their roof.

Cloud computing has built-in security protocols, there to replace the security guard that used to stand duty inside shop doors. But, says Feenan, the first and last line of defence is you.

“The individual, either as employee or consumer, is the weak point. We’re the ones leaving our password under the keyboard. Humans are the weakest link,” he says.

The best way to safeguard the security of cloud-based systems is, therefore, for everyone using them – both employees and consumers alike – to “be vigilant, sceptical and safe”, he says.

Being vigilant means being alert to the websites we visit. For example, if someone changed the letter ‘I’ on a web URL to the number 1, or the letter ‘o’ to the number 0 are we primed to notice? Phishing attacks like these, which redirect us to clones of the website we think we are visiting, can seem very credible if you don’t know what to guard against.

Transactions

Equally, he asks, are we alert to the need to avoid undertaking transactions on a website site that has a HTTP in the URL instead of the secure HTTPS?

“Or if the offer you get online looks ludicrous, why go there?”

Keeping cloud solutions safe means increasingly keeping your mobile phone safe. It’s a rich source of information for cyber criminals bent on identify theft.

“The number of people who leave phones around is incredible even though they now contain credit cards, photos, work emails and even insurance policies as attachments. We carry our lives around with us on our phone and it’s like gold dust to a cyber criminal.”

It’s also why for businesses the employee has become an amplified risk.

“It’s not just about making mistakes and sending an email with the wrong details to the wrong person,” he says It’s about the fact that cyber criminals will have hacked into and gotten details from your digital systems or social media. That makes it easier to undertake “CEO fraud”, where authentic seeming emails come from in to an organisation looking for payment, “because they already have an understanding of your supply chain”.

Apart from the direct financial loss, digital scams can undermine your brand, particularly if they involve customer data. Research indicates that consumers will stop shopping at an online store that has been the victim of a cyberattack for a number of months.

Remote working has increased the risk. “You could have people from three or four organisations working in a four-bedroom house, with notebooks lying around and screens left open with emails showing,” says Feenan.

Some staff are already “remoting” from various countries around the world. “How can you know what the security is in the environment they are using?” he asks.

Training programmes

This is where Technology Ireland ICT Skillnet comes in. It offers full access to training programmes such as those offered by the Cisco Networking Academy. These are free programmes which are undertaken online, at your own pace, and self-certified. It includes programmes such as Introduction to Cybersecurity and Cybersecurity Essentials.

ICT Skillnet has also launched Future in Tech, a series of seven programmes to help non-tech jobseekers to gain tech skills. Such skills are currently, “like hens’ teeth” in the jobs market, he says, but until we all gain more cyber skills businesses will remain at risk.

“There is an assumption that your mobile phone provider or your cloud-based apps are all secured by the service provider, but we all have to upskill ourselves,” he says.