The recent high-profile theft of celebrities’ personal photos has put the topic of cloud security in the news lately. But this negative attention was fairly unwarranted considering that the hacks had little to do with cloud security per se and more to do with a security threat that’s harder to address using technology.
The convenience of the cloud makes it easy for users to overlook (or outright ignore) any potential security risks to their personal information. Instant access to contacts, photos, documents, email and virtually all other digital content is hard to give up once you’ve lived with it for awhile. So it’s understandable that people are frequently willing to make that security trade-off, even knowing it’s a gamble.
Yet in the workplace, the stakes are considerably higher. More often than not, people with a lax attitude to security are also employees somewhere and bring their carefree approach to the office. Many of these employees wrongly figure the risk is a numbers game and that they have “security through obscurity.” Or that because they’re not “super important” or something, no one is trying to hack them. But they’re just fooling themselves.
You are the weakest link…Yes, you there.
“Who’d want to attack my account?” employees often reason. The obvious answer is, of course, every single one of your company’s competitors anywhere in the world. Corporate espionage is big business these days and, to an industrial cracker, every employee is a celebrity. All it takes is access to a single user’s email account to do serious damage to the company.
With access to any employee — even a low level assistant or intern — a security cracker could ask a coworker for log-in credentials to other, more critical systems. And because the request is coming from “a colleague,” other employees don’t always question it. Crackers use people’s helpful instincts against them.
How to plug your biggest security hole: People.
The weakest link in any security system is usually the human components, not the technology. That being the case, how do you shore up the human parts of your network? Through vigilance, education, and frequent reminders. Employees are lax about security because they’re usually more focused on the job they’re paid to do, than the technology they use to do it.
tibbr has a few features that can help. For starters, it syncs with your Microsoft Active Directory to securely authenticate users and ensure that inactive accounts are disabled.
Additionally, the tibbr “Loudspeaker” feature can broadcast highly visible messages to all employees reminding them to update their passwords to something security crackers can’t easily guess. Loudspeaker messages are effective because they appear at the top of tibbr pages and don’t go away until they’re dismissed. That way, you can be sure people saw your message, unlike mass email blasts that get lost in the sea of inbox messages.
Another feature, tibbr Pages, lets you drag-and-drop content from almost anywhere on the web to create attractive, educational webpages that people will actually read. Drag in existing documentation on how to update passwords, pull in a paragraph from an online article about what makes for a strong password, type in something about how social engineering works, drop in security tips from social media site, and then update the page as often as you like.
Of course, with lots of customers in highly regulated industries such as government, finance and healthcare, tibbr also offers granular controls for enterprise-level security that can be configured to meet any privacy, governance, or compliance requirements.
To learn more ways that tibbr can help protect the confidentiality of both company and user data, download the tibbr Security White-paper now. Or see for yourself first-hand with a free trial of the tibbr platform.