More and more businesses are looking to save costs and move their systems to the cloud. This includes everything from email to lines of business. This is where the world is going and it makes sense from a mobility and cost saving point of view, but with everything new there come new risks that must be considered and prepared for.
Depending on your industry you may have to be compliant with things like the Personal Information Protection and Electronic Documents Act (PIPEDA) or Personal Health Information and Protection Act (PHIPA) for healthcare providers. Depending on your compliance requirements, moving to the cloud may have some unique challenges.
Cloud providers like Microsoft and Office 365 have put in place security assessments to monitor and protect their servers, and your data, from malicious attacks and potential data breaches.
Ensure that the cloud provider you are using has received clearance from the Privacy Commissioner before moving forward with implementing their solution. This provides comfort to your clients knowing their information is secure and protects your business from competitive information being released.
Domain Name Attacks
Having the server or host of your domain name hacked can be one of the most devastating things that can affect your business as it can affect a number of users and organizations related to your business.
When a Domain Name System (DNS) attack occurs it can allow the hackers to reroute your IP or website to a malicious or unsecure version of your site or server. So instead of going to www.mycompany.com the request to be sent instead to www.myfakecompany.com without it being known to the public.
If not corrected immediately it could allow for the attack to stretch to all of the servers on the internet and putting more of your business and data at risk.
To fight back you can have some process steps in place to secure yourself from changes being made without your authority.
First have a domain locking service applied to your site. This forces any changes to your DNS to be approved by someone before taking affect, allowing for a review of the changes and the opportunity to catch any issues before they occur.
Make sure any connection to your server is over an SSL secure connection. If this is not applied to the site, the connection will be flagged for the user before they continue stating that there is a risk which will also notify the site owner to correct the issue.
And finally make sure any device you are connecting to the internet has a strong antivirus applied. This will help fight back against “drive-by attacks” and attempts to install malware or viruses on an end user device.
Distributed Denial of Service Attacks (DDoS)
Another common attack used to try and affect internet and online services is Distributed Denial of Service attacks.
What is a DDoS attack? Essentially this is when your site is being overwhelmed by packets or hits by a single source that has been programed to hammer at your network until it locks up or crashes.
This will cause your cloud network to be inaccessible to your users externally and internally causing potential for loss of business and your productivity will reduce drastically until the issue is resolved.
Sometimes this is done out of malice in a direct attempt to hurt your business or organization, and sometimes you are selected and there is no reason other than someone trying to cause problems to random organizations. It is often just to show off and nothing more.
If your IT provider is monitoring your systems properly they should be able to identify and remediate the issue. Monitoring traffic should show a significant jump and should also show where it is coming from to see if it is an attack or an abnormal amount of site traffic.
Many governments monitor the internet for potential attacks on themselves and other organizations and work to stop it before it occurs.
But being prepared and having the correct monitoring in place is the best solution.