Why you are the biggest security risk

Internet users are always keen on finding out more on the latest online security risks and how to combat them. Unfortunately, they are in for some bad news. Spyware is not the biggest threat. Viruses and trojans aren’t the biggest threats either. Phishing and other email scams, while potentially harmful, are far from being the worst offenders. Surprisingly enough, when it comes to online risks to users’ privacy and sensitive data, it is the users themselves who pose the greatest threats.

Collaboration tools enhance productivity and make life easier, but they also open individuals and organizations up to a wide variety of online threats. In the past, a lost piece of paper, manila folder or even single notebook was a loss that, although disappointing, wasn’t completely tragic. Nowadays, hacking into a single Google account can be catastrophic. While “Software as a Service” cloud solutions like Gmail and Google Docs allow users to work anywhere, anytime with just a simple web browser, such conveniences mean that hackers, too, can gain access to one’s data “anywhere and anytime.” If there is anywhere that one should not let their guard down, it is with cloud computing.

In a certain sense, security strategies one must use when using SaaS applications is no different than when authenticating with any other online system; one still must take standard precautions such as using unbreakable passwords, choosing obscure user-names and making sure the desired website’s real URL actually shows up in the web browser’s address bar in order to avoid phishing and hijacking attempts. These items are no different. One of the major differences, however, is getting users into the mental state of mind necessary to realize that cloud computing, and SaaS solutions in specific, leave users vulnerable in ways that previous computing never did. This may seem obvious, but many users don’t realize that maintaining all of their sensitive data “in the cloud” means leaving their data in the hands of a potentially unknown third party. After all, how many people personally know staff that work at Google’s cloud data centers? How can users get direct, personal  support in the event of a system failure, data leak or physical security breach?

While leaving data in the hands of an authorized third-party, namely the cloud provider, is an important issue to address, it does not even consider what would happen if the data should fall into the hands of an unlawful one. One breached account could result in a lifetime’s worth of emails, documents, spreadsheets and more falling into the wrong hands. This may be inconvenient for the casual individual user with nothing much in their account, but organizations must be exceptionally careful, as one compromised account can be disastrous. Imagine how many messages both private and corporate users have archived or kept in online folders that could reveal ways to breach security in “real life” situations. A memo to the boss here, a “temporary” password emailed to a colleague or even the location where you hid the spare house-key for your teenagers to use after school present real dangers people take for granted on a daily basis.

Adapting an improved mind-set for online security includes beefing up traditional security methods as well as adopting new ones. While good passwords and proper URL awareness are a start, they are hardly enough. Online security is similar to security in the real world, you need it to work when you least expect it. While cheap door locks, fake dog alarms and whistles may bring peace of mind, they don’t do much to stop real world attackers.

Byline:

Kyle Ratcliffe is a network security consultant in San Diego , California. He is currently consulting part time for iVPN.net.