Posts

Social Engineering: 2020s Top Cybersecurity Threat

Social Engineering attacks are the most potent cybersecurity threats plaguing enterprises. They owe their power to their innovative undetectability. Forbes puts social engineering as a top cybersecurity threat for 2020. 98% of cyber attacks rely on social engineering. How can an organization protect itself from an insider threat? We explore the what, why and how of this damaging cybersecurity menace.

This article contains:

What is Social Engineering?

Social engineering refers to crafty ways hackers trick unsuspecting victims into downloading malware, and/or leaking credentials via social platforms. The types of social engineering include:

  • Phishing/vishing/smishing: Fraudulent emails or voice messages or text messages are used to extract personal information or download malware.
  • Spear-phishing: Phishing that is custom-tailored to target key employees, particularly C-level ones, via social media or email.
  • Baiting: Using a lure such as a planting an infected device or the promise of the latest movie to get victims to bite the bait.
  • Pre-texting: Using false impersonation to gain the victim’s confidence – a call from your bank’s customer support team asking for your credentials to prevent an “unauthorized withdrawal”.

Why are Social Engineering attacks so damaging to cybersecurity?

social engineering attacks What makes social engineering so potent is its ability to escape detection as it craftily preys on employees themselves to execute the attacks. Insider threats escape typical methods of prevention and detection. Additionally, attacks are getting increasingly sophisticated and personalized; even using AI and machine learning (ML) to target their victims.

If you’re about to say, “They definitely can’t fool our employees!”, consider a video or voice message in exactly the same appearance or voice of your manager asking you to urgently send some critical business documents. You’ve been “Deepfaked” – an advanced form of social engineering that can dupe even the most discerning.

The FBI estimates that Business Email Compromise, a form of fine-tuned phishing has caused $26 billion in losses in just the past three years. Facebook, Sony, Target, RSA, Associated Press, political parties and top governmental organizations – no sector no matter how secure and well-guarded – have been spared from the ingenuity of social engineering attacks.

How can organizations protect themselves?

  • Inform and Train: Social engineering cannot work without the complicity, unwilling as it may be, of the employee. Conduct regular security training in good email and cybersecurity hygiene, keep employees informed about the latest flavors of malware vectors, and encourage employees to forward suspicious emails to the security team. Champion, gamify and incentivize good cybersecurity practices. It is well worth it!
  • Use in-built mechanisms: Platforms such as Office 365 come with anti-phishing policies that can secure your organization. Explore and harness them, particularly for sensitive data and high-profile groups.
  • Secure Authentication: A majority of security breaches are attributed to compromised credentials. Multi-factor Authentication/Two-factor Authentication (MFA/2FA) is proven to block 99.9% of account hacks. Ensure that your applications, particularly third-party ones, support it.
  • Basic safeguards: Don’t forget the basics such as up-to-date anti-virus software, spam filters, and network monitors. Consider methods such as sandboxing emails to validate links.

How CloudAlly can help

While organizations work hard to prevent and detect social engineering attacks, a strong offense in the form of rapid disaster recovery may be the best defense. Seamless data recovery is central to quickly recovering from data loss and minimizing its damage.

SaaS Data Needs Protection, Start Free Trial Now!

CloudAlly’s SaaS backup and restore solutions automatically back up business-critical cloud data with support to easily recover it from any-point-in-time. All major SaaS platforms such as Office 365, SharePoint/OneDrive, G Suite, Salesforce, Box and DropBox are supported. More critically, our solutions are stringently secure with Amazon S3 storage, OAuth/MFA/2FA capability, global data centers, and GDPR/HIPAA compliant. With provisions to restore to the database of your choice, flexible licensing, and 24×7 real-person, responsive support – we fit right into your setup.

Try our full-featured trial now and protect your SaaS data from the dangers of social engineering. 

Blunt social engineering attacks

Backup your SaaS today!

How Can You Safeguard Against Data Loss in Office 365?

Office 365 Data Loss

It is a myth that Microsoft will protect you from data loss in Office 365. Microsoft is incrementally ensuring a reliable service, but the data within your Office 365 tenant is your responsibility. However, it cannot protect you from Office 365 data loss at your end – due to malware, human error or malicious intent.

This article contains:

YOU have the onus of protecting Office 365 data

As per Compliance Laws

As per governance laws like the GDPR, HiPAA, SOX, and many others, protecting your customer’s data is a responsibility that is shared between the controller (your organization) and the processor (third-party service providers like SaaS platforms). Moreover, in the event of a data breach or data loss, “shared accountability” and “joint liability” is mandated.

Need another reason? Compliance laws also insist on the organization having “the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident”. What that means, is that they mandate that you have a solution or capability to accurately backup and restore data.

As per your Cloud Service Provider

Office 365 Data LossMicrosoft provides a highly reliable service with Office 365, but they themselves recommend backup in their service agreement, “We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services” 

Do not be mistaken – your data in Office 365 is your responsibility!

Ways data loss occurs in Office 365

Human Error: Office 365  has not yet reached the maturity where it can decipher intent when all the rules of the service are followed. We are talking about accidental deletions of data by parties with no ill-intent – plain human error. According to Aberdeen Group, research shows that 70% of all data loss is accidental.

Malware: Then there are malicious actors such as hackers, ransomware, and malware that can cause massive data loss. While there is so much you can do to fully prevent these attacks, these do happen and you need countermeasures.

And don’t forget about the disgruntled employee causing data loss by malicious intent!

New call-to-action

Office 365 outages do happen

Service in the cloud means 99.9% uptime. In the first few months of 2019 alone, Office 365 has suffered two major outages. The second outage dated 28th January 2019 was a massive two-day outage

Another Microsoft outage caused data loss where Microsoft deleted several Transparent Data Encryption (TDE) databases in Azure, holding live customer information. 

We are talking no email access, no customer emails, no spreadsheets, no presentations – Basically bringing your enterprise to a halt. Can you quantify the financial loss in having your data unavailable or lost for that long? 

What about native Office 365 archives

Office 365 offers short preset retention periods for deleted emails and deleted items in OneDrive. However, they hold data only for a limited period of time, do not backup regularly (your data will be outdated), and restoring data from may be cumbersome. Such options are more of an archival mechanism than a true backup and restore solution.

So how do you safeguard against Office 365 data loss?

So now that you know that your data in Office 365 needs dependable protection against data loss, what should you do? Select a 

Cloudally provides a safe (ISO 27001 certified, GDPR, and HIPAA compliant), secure (Amazon S3 Secure Storage and AES-256 Encryption) and flexible cloud backup solutions for Office365, Sharepoint and OneDrive, We were also ranked #1 under best business tool category by Newsweek by over 10,000 IT Pros. We offer a full-featured 15-day free trial which you can activate and start backing up your data in minutes and are very highly rated and recommended by our users.

Contact us to have an expert guide you as you navigate the waters of data protection to achieve a reliable and secure enterprise.

Why Do You Need SaaS Backup for Your Data in the Cloud?

SaaS Backup

An increasing number of organizations are moving to SaaS platforms like Office 365, G Suite and Salesforce. It is a misconception however to assume that your data on the cloud is secure. Understand the risks of data loss on the cloud and use SaaS backup solutions to protect it. 

This article contains:

SaaS data loss is a reality

SaaS BackupYou’ve moved your data to a SaaS platform, and are hugely benefiting from its flexibility, scalability, and fantastic collaboration mechanisms. However, did you know that while SaaS solutions like Office 365, G Suite, Box, and Salesforce, have best-in-class security precautions, they cannot protect your data from data breaches or data loss at your end or from platform outages? Which is why it is no surprise that SaaS industry news is replete with increasingly frequent occurrences of outages and security breaches

At the root of it is a mistaken (but gradually changing) perception within the IT workforce that using cloud / SaaS solutions means that there is no need for data in the cloud to be backed up.

Main reasons for SaaS data loss

SaaS Data Needs Protection, Start Free Trial Now!

According to Ponemon Institute’s Cost of a Data Breach 2019 report, the global average cost of a data breach is $3.92 million. Your data on the cloud is vulnerable to loss and breaches due to these reasons:

Human error: An account mistakenly deleted, a critical email erased or an org-wide shared document overwritten? Nightmarish scenarios that cannot be fixed without a backup and recovery solution.

Malicious intent: Your SaaS data is also prone to intentional overwrites, and deletes by bad actors like disgruntled or malicious employees.

Synchronization errors: Syncing or updating multiple SaaS applications, which is a common software scenario in organizations, is not always seamless and can cause loss of SaaS data.

Hackers, Malware, Ransomware, Cryptomining, Phishing: There is an ever-growing list of malware types and scams. The damages due to such data breaches are devastating not only in terms of financial loss, but also damage the business’ reputation and cause loss of customers

Your SaaS platforms cannot protect you from all these causes. Additionally, many regulatory laws such as GDPR, HiPAA, SOX, etc. mandate that protecting SaaS data is a “shared responsibility”, and an organization needs to have accurate recovery capabilities in the event of data loss.

How do you secure your SaaS data?

Ironically, the cloud itself is the answer to protect your SaaS data. Cloud-to-cloud backup harnesses the many advantages of the cloud to provide reliable backup and quick recovery. 

CloudAlly provides SaaS backup solutions for the entire range of SaaS platforms – Office365, G Suite, Salesforce, Sharepoint and OneDrive, Dropbox, Box and more. We were also ranked #1 under best business tool category by Newsweek by over 10,000 IT Pros. We offer a full-featured 15-day free trial which you can activate and start backing up your data in minutes and are very highly rated and recommended by our users.

Contact us to have an expert guide you as you navigate the waters of data protection to achieve a reliable and secure enterprise.

How cloud to cloud backup solutions, help avoid business continuity disruption?

…with increasingly common cloud outages?

Why cloud to cloud backup is needed for business continuity in the face of  recent series of outages?

On January 24, 2019, European Microsoft Office 365 Exchange Online users discovered that they couldn’t access their emails. It turned out that some of Microsoft’s data center infrastructure had failed, leaving these cloud users out of luck.

While one Microsoft cloud outage might not have been a problem, less than a week later, users faced problems with their cloud Office 365 and Azure and Dynamics services. The outage was blamed on a CenturyLink software defect.

These outages from major players in the cloud industry has IT pros nervous, and for a good reason indeed. Is the cloud really the full-scale solution we’ve been promised? Certainly, in order to adopt cloud services without worrying about down-time, it’s important to use a third-party service that helps you recover lost data and continue operations during outages.

What this article is about:

  • Outages from Big-Name Cloud Providers
  • Is the Cloud Actually Trustworthy?
  • Using a Third-Party Backup for Recovery

Outages from Big-Name Cloud Providers 

 Why Cloud Backup Is Needed for Recovery DataThis year, many of the best-known cloud providers have had one or more outages. Some of these well-known cloud providers have included widely-used business services, like Google Cloud, Apple Play, and iCloud.

On March 12, 2019, for example, Gmail and Google Drive were down for over three hours. Microsoft Azure, which includes features like Microsoft 365, Active Directory and database services, and storage, was down for almost three hours on May 2.

While many of the cloud outages this year have been relatively short, this time offline adds up in productivity and money. Further, different cloud providers have differing outage length, so your business could be more or less affected based on the service you use. From January 2018 through May 2019, Amazon Web Services (AWS) only had 338 hours of downtime, with Google Cloud Platform (GCP) reporting 361 hours. Microsoft Azure, in turn, reported 1,934 hours of downtime.

Complicating this outage reporting time, too, is the fact that there is no standardized measure for reporting cloud outages. Each company must self-report its outage times and frequencies. This means, then, that Azure and GCP often don’t report the regional impact of cloud outages. For example, some services would report only one hour of downtime, even if that downtime affected three distinct service regions.

With good reason, these regular outages have worried IT professionals about how reliable cloud services are for their businesses. After all, how would operations come to a halt if Office 365 Exchange came to a halt in the middle of the workday?

Is the Cloud Actually Trustworthy? 

Cloud platforms are growing at an exponential rate. In 2019, Gartner predicts that cloud services will increase by a remarkable 17.5 percent in just one year. Though cloud providers know about the issues that will inevitably face their data centers and services, an increasing demand for cloud services means that problems will certainly continue to arise.

For example, as cloud services increase quickly to meet demand, older on-premises infrastructure that probably should have been aged out will be forced to work another day.

Still, while most of the outages thus far have often been short, a loss estimate has been predicted for a longer outage that lasts for three to six days. Because so many businesses rely on a limited number of providers, the estimators suggest, an outage that lasts for multiple days could lose companies a total of $15bn. Small businesses would be particularly at risk for loss because many of them don’t have cyber-insurance.

Using a Third-Party Backup for Recovery 

There are undeniably benefits to using cloud services, and as we see a significant industry change, companies that don’t switch over will likely be left behind. At the same time, though, cloud outages will likely continue to be a problem as the industry expands.

The only solution, then, is to be prepared for cloud outages, or even data loss, before it happens. Using a third-party cloud to cloud backup like CloudAlly for Office 365, G Suite, SharePoint, OneDrive, and DropBox ensures that you’ll be able to recover necessary files during a cloud outage.

Say for example that you’d experienced the Office 365 email outage described above. With CloudAlly, your users would have had their email contacts and mailboxes saved the day before with CloudAlly’s automatic daily backup. With CloudAlly restore, they could have retrieved the information they needed to continue daily functions until the outage was restored. Once that happened, then users could access both their older and newer files, accessible through CloudAlly’s non-destructive data restore.

Interested to know more about why it’s necessary to protect your online data? Read our eBook Why Backup Online Data? to learn more.

Dropbox Business – Backup & Restore Solution

Dropbox Business BackupGet a Quote

Dropbox Business BackupDropbox Business  is a powerful and useful product in the content collaboration platforms arena.  In fact, Gartner names Dropbox Business as a Leader in the July 2018 Magic Quadrant for Content Collaboration Platforms.

In their own words Dropbox Business “…simplifies your work, with a central place to access and share files,” hence this is one of the main features & benefits, which has positioned Dropbox as a leading cloud business solution for storing and collaborating on content.

We at CloudAlly recognize the significance of this Dropbox business backup solution, and have now introduced industry’s first enterprise-grade, cloud-to-cloud backup & restore solution for Dropbox Business (For Teams) plans.

Our new service ensures the ability to quickly recover critical data stored within Dropbox in the event of data loss, as a result of malware, accidental deletion, and other occurrences where imperative business content has to be recovered.  

Company CIOs and IT managers who rely primarily on the Dropbox Recycle folder simply risk data loss occurrences, since this folder is automatically purged after 120 days. Once purged, the data is gone forever, without the ability to restore.

Avi Katz, CloudAlly CEO recently explained; “Dropbox is yet another leading secure file sharing and storage solution for Businesses, and CloudAlly is committed to providing its customers & partners with a Dropbox for Business enterprise grade cloud to cloud backup solution.”   

CloudAlly’s automated daily backup of Dropbox folders & files enables businesses to quickly recover data from any point in time, ensuring complete protection of your important Dropbox data.

The CloudAlly backup solution includes backup for other leading business solutions like Box.com, Office 365, Sharepoint/OneDrive, G Suite, etc.

*Footnote: Dropbox recycle bin stores your data (after a file is deleted) for 120 days only if you have a Professional or Business account. If you have permanently delete it, without Cloudally 3rd party cloud-to-cloud backup solution, recovery will not be possible. Link to Dropbox Instructions.

Dropbox Business Backup

Get started on your 14 day free trial, with CloudAlly Dropbox Business Backup Solution.

More information is available about our Dropbox backup solution.

Need Enterprise or None Profit Pricing? Click Here

Get a Quote