Have you ever forgotten your password or even your login ID for a cloud account? Of course you have; we all have at one time or another. Cloud vendors know that we all have trouble keeping up with the hundreds of passwords used to access these accounts. In response, they allow you to click on the “Password Reset” link to send a link to your email “Recovery Account” to establish a new password. The system works well and seems pretty foolproof – right? Wrong! Criminals are now performing social engineering searches to link your personal email with your cloud business accounts. It is not hard. It starts with a quick LinkedIn search and within a couple minutes they know your business email login and your personal email account(s) – usually it is a private account at Gmail, Yahoo, AOL, etc. At that point, all they have to is trick you into giving them your login credentials to your personal account. And guess what, that last part is very easy. Once they have access to your personal account, they then target the most cloud business systems such as Box, Dropbox, Salesforce.com, LinkedIn, etc. They also are going to target your online bank accounts, 401k accounts, etc. And when they get a ‘hit’, they will reset the password and obtain access to your account, critical business information, and possibly even have access to your financial resources. So, while you may think you locked down and your cloud accounts are safe, this may NOT be the case.
Fortunately, the solution is not difficult. You simply need to ensure you have 2-Factor Authentication (2FA) set up on all your personal email accounts. It is not hard, but Gmail and all the leading vendors do not make it mandatory. Consequently, most people still do not have this critical protective measure in place. The next time you log into your personal email account, search for the Security Settings or similar menu item and with the option for 2FA, Multifactor, or similar words. It only takes a minute and will force a SMS text message or similar type of authentication to go to your phone the next time you log in. And if anyone tries to break in (or is ALREADY broken into your account) you’ll get an unexpected SMS text message and they will be locked out.
How BW Cyber Services Can Help
BW Cyber Services provides a detailed Cloud Hygiene Assessment service to evaluate and mitigate cloud settings that may put your organization at risk. Moreover, our experienced cybersecurity cloud technicians will ensure this process also addresses the key issues identified by the OCIE per cloud configuration settings. We can perform a full security hygiene health check of your Microsoft 365, Google, or AWS settings, with no little or active participation required from the firm. Relatedly, we provide a detailed report that we can either provide to your IT staff (in-house or outsource) or we can implement on your behalf.
If you have any questions, please contact BW Cyber Services at email@example.com.