Access tokens are highly sought-after commodities on the Dark Web. Everything from a bank account to a social media profile costs money. Hacked social media accounts, for example, sell for between $30 and $80.
Increases in cloud account hacks are directly correlated to the growing popularity of cloud services. According to IBM Security’s most recent Cost of a Data Breach Report, compromised login credentials are now the leading cause of data breaches worldwide.
The loss suffered by an individual or company due to a compromised cloud account might be substantial. Threats such as ransomware infections, violations of regulations, and identity theft are all possible outcomes.
To make matters worse, consumers persist in utilizing insecure password practices that give attackers an undue advantage. For example:
- Three-fourths of people say they’ve shared a password with a coworker.
- Nearly half of all users (44%) admit to reusing passwords between their personal and professional accounts.
- Roughly half of all users use insecure password storage in plain text documents.
More than ever, cloud accounts are vulnerable to hacking. Still, you can take steps to lessen the likelihood of this happening to you.
IMPLEMENT MULTI-FACTOR AUTHENTICATION (MFA)
The best way to safeguard cloud accounts is via multi-factor authentication (MFA). Although it is not entirely foolproof, Microsoft claims that research shows that it blocks 99.9 percent of all fraudulent login attempts.
Account security is greatly improved when a second step, such as entering a code delivered to your phone, is added to a login process. Hackers typically won’t have access to your phone or another device that receives the MFA code. Thus this barrier to entry is usually an excellent solution to the problem.
Using that extra step to get into your accounts is a minor annoyance for the added peace of mind it provides.
FOR SECURE STORAGE, USE A PASSWORD MANAGER
Thieves can quickly obtain passwords when stored in insecure locations or methods, in an unencrypted Word or Excel document, for instance, or in their computer’s or phone’s address book.
Use a password manager to keep track of all your different login credentials in one protected and safe location. Moreover, you can use a single, formidable master password as a gateway to all other passwords.
A password manager is a convenient and secure way to access your credentials across devices because it can autofill your passwords in many different browsers.
REVIEW AND ADJUST PRIVACY AND SECURITY SETTINGS
Do you know if your cloud products have enough security measures in place? Misconfiguration is a common root cause of compromised cloud accounts. In this case, an account’s security settings are inadequate.
Leaving SaaS security settings at their factory settings could be a bad idea. To ensure your cloud app account is safe, check its security settings and make any necessary changes.
USE YOUR BROWSER’S LEAKED PASSWORD ALERTS
Even if you take every precaution to prevent a breach of your credentials, it is still possible for them to be hacked. This can occur if the store or cloud service provider you use violates their master database of user credentials.
When this occurs, compromised credentials may end up selling on the Dark Web before anybody notices.
Given the widespread nature of the issue, browsers like Chrome and Edge have implemented leaked password alert features. If the browser detects that your saved passwords have been compromised, you will be prompted to change them.
In some browsers, you may need to enable this feature by entering a password. If your password has been compromised, you will be alerted as quickly as possible.
DO NOT ENTER PASSWORDS WHEN USING PUBLIC WI-FI.
It’s always prudent to assume that your public Wi-Fi traffic is being watched. Hackers frequently use public hot spots in airports, restaurants, and coffee shops to steal sensitive information like login passwords.
Entering your password, credit card number, or other personal information when using a public Wi-Fi network is highly discouraged. Avoid using public Wi-Fi and connect instead of using your mobile carrier’s network or a virtual private network (VPN) app.
IMPLEMENT GOOD DEVICE SECURITY
An attacker who has compromised your device through malware may be able to access your accounts without a password. Think of all the apps you can launch on your devices without having to check in again.
Ensure your devices are well protected to avoid hacking your internet accounts. Examples of reasonable procedures are:
- Install antivirus/anti-malware
- Updated your software and OS
- Install phishing protection (like email filtering and DNS filtering)
INTERESTED IN PASSWORD AND CLOUD ACCOUNT SECURITY SOLUTIONS?
Your internet accounts should not be left unattended. We’ll assess the safety of your cloud storage and offer suggestions for improvement.