Cloud security compromised by surge in data breaches : Internet Scambusters #1,099
A big rise in data breaches, forecast for 2024, likely means a similar increase in identity theft as hackers and scammers seek to undermine cloud security - the protections cloud providers have in place to beat the crooks.
Millions of Americans will likely be affected when the fraudsters get their hands on victims' personal details. But you can take action to stop them.
In this week's issue we explain what the cloud is, what the main risks are, and what you can do to strengthen your defenses against this crime.
Let's get started…
Use These Tips To Head Off Data Cloud Security Threats
How do you feel about lending your loaded computer or mobile device to a total stranger for a few hours?
Crazy, right? Yet every day most of us do something just like this when we access the Internet or upload our data to a remote storage system in the "cloud."
This may be information we created - our files, photos and folders - or data all the organizations we deal with store about us.
We generally have no idea who can see what we're doing, read what we're saying, and use the information we give them. We just trust that it's safe and okay.
But that's not always the case. Cloud security is under threat. Hundreds of data breaches are reported in the US alone, every year. And millions, maybe even billions, of personal records are compromised.
What is the Cloud?
It's not in the sky (though your data may travel via that route). Mostly, in tech terms, the cloud refers to a bunch of computer servers and storage devices usually housed in dedicated facilities dotted around the country and beyond.
The people who operate them are called Cloud Service Providers (CSPs). We rely on them, but they don't always protect our data in the way we hope and believe they do. It's down to us as individuals to do our best to look after our own stuff, even when it's out of our hands.
Advantages of Cloud Storage
As consumers, we mostly use the cloud because it makes our data accessible from anywhere, it can easily sync our data between devices, it's remote - away from our homes should they become inaccessible or burgled, and it offers unlimited storage space (usually for a fee).
Security experts also argue that it's safer to store your data in the cloud than on your home devices because of all the protection measures they use. But it may not feel like that to you. When your stuff is on your own storage system, you have, or should have, total control over it. When it's in the cloud, who knows - do you?
Cloud Safety Risks
Theft of your data is the chief risk from using the cloud. This may happen when hackers penetrate CSP servers or organizations that store information about you - like healthcare providers, financial organizations, and online stores - in fact, anywhere you have an account. Sometimes inside employees with direct access to your data may take it.
There's also the risk of information being intercepted when you send it to the cloud.
What Happens When Your Data is Stolen?
Unless you're a big shot with something to hide, the most likely result of your data being stolen is that it'll be used for identity theft - people pretending to be you for various criminal purposes - and other scams.
It may also be used to access your PC to plant malware or ransomware or add your device to a network of spamming devices (a "botnet"). And, if it's sensitive enough, stolen data can also be used for blackmail.
Strengthen Your Cloud Security
Data breaches and other forms of theft are a fact of life today. We discussed this seven years ago in issue #714: How Safe is Cloud Storage for Your Files? but things have changed drastically since then.
Most security is in the hands of CSPs and others we've mentioned. But there are several actions you can take to make things safer for yourself. For instance:
- Use encryption. We mention this first because, as one security firm labelled it, it's the "king of data protection." In simple terms, encryption means scrambling your data so it can't be read even if it's stolen. Most CSPs automatically do this, but it's not that straightforward. Security depends on how and when the data is encrypted. A topic for another time but, in your research, check if and how encryption is used. So…
- Thoroughly investigate the cloud security levels, reputation, and breach history of any organization that will store your data. Avoid unknowns or those with poor performance records if you can.
- Monitor data breach reports and know what to do if you're affected. Most breached organizations are required by law to notify victims but that can take a while. The US Federal Trade Commission has a useful guide: Data Breaches - What to Know, What to Do. For some of the best monitoring sites, see Top 6 Websites for Data Breach News and Other Cybersecurity Updates.
- Use strong passwords and change them regularly. Password managers can help (though, ironically, a couple of these have themselves been compromised). Use two-factor authentication (2FA) or multi-factor authentication (MFA) to make your data harder to breach. For more on this see our issue #637: How to Easily Enhance Your Password Security.
- Back up your data regularly so you can recover it if the worst happens. Consider using an external hard drive that you can store away from your home - a bank safe deposit box or a trusted relative, for example.
- Consider alternatives for truly confidential information, such as the off-site storage we just mentioned but this time without also uploading to the cloud. Some CSPs also use extra-secure "vaults" for sensitive information such as copies of passports, driver licenses, and so on.
Think you won't get data-breached? Here's what the Identity Theft Resource Center just said in its 2024 forecast: "An unprecedented number of data breaches in 2023 by financially motivated and Nation/State threat actors will drive new levels of identity crimes in 2024, especially impersonation and synthetic identity fraud."
This Week's Alerts
Taxing victims: As the 2023 tax year season gets under way, there's bad news for victims of scams. A little-noticed law change in 2017 eliminated the ability for scam victims to deduct fraud losses through 2025, according to Newsweek magazine.
Storm scams: Storms and torrential rain across many parts of the US in the past few weeks have prompted law enforcement and consumer organizations to warn of the scams that usually follow in their wake. Learn about the most common disaster-related scams in our issue #531: Disaster Scams Special Part 1: 20 Tricks to Watch For.
Dud stamps: The surge in demand for postage stamps for holiday greetings cards has led to a big rise in online scams offering stamps at massively reduced prices. "If they're sold at a discounted price between 20 to 50% off, that should be a big indicator to you that it's a scam," the Postal Service told one New York TV station. We wrote about this scam in issue #1,065: Bank Failure Scams, Fake Stamps And Love Lies!
That's it for today - we hope you enjoy your week!