Enter valid email.
For our August coffee and connect we moved onto our new series The Good, The Bad and The Ugly side of Business.
We decided to choose this topic because at every networking event, you’re inundated with people telling you how fabulous their business is, and how wonderful everything is going. Meanwhile, you’re sleep deprived from worry because you’ve only got $200 in your bank account and you need to pay the BAS.
When asked how business is going you politely smile and say “fantastic – things are going well”. Sound familiar?
This month we focused on online security and hacking. Business is hard enough without your data being held for ransom by a hacker in China, or people impersonating you to gain access to your systems.
With the rising use of the internet and businesses turning to the Cloud to host their data, I often hear people raising security concerns around using Cloud Applications.
What is a Cloud App?
For those of you who aren’t tech-savvy, a Cloud Application or ‘Cloud App’ is a database, email system or piece of software that is accessed via the internet and hosted in a data centre by a Cloud Service Provider (CSP). A data centre is a huge warehouse with thousands upon thousands of servers which are accessed by the public via the internet. An example of a well-known CSP might be Amazon Web Services (AWS) who rent out “rack space” (or large amounts of servers) to SaaS (Software as a Service) providers such as Xero or MailChimp.
This is slightly different to the traditional way of accessing software which was typically installed onto a single computer or physical server located in the home or office. An example of a traditional software install might be MYOB purchased on a CD-ROM which was self-installed onto the user’s computer. By contrast, Cloud Apps require no software installation, and access is gained by entering a web address from your web browser (e.g. www.xero.com) and logging in.
Like traditional software access, Cloud App’s are accessed with a login name and password. The major difference (apart from needing an internet connection to access it) is that updates and maintenance of the servers are provided by the CSP without the user ever knowing, and the software that is installed on these servers is maintained and updated by the SaaS Provider (e.g. Xero).
As a general rule Cloud App’s have a monthly subscription fee which is direct debited from the user’s bank account each month. Monthly subscriptions have really opened up excellent SaaS products to small businesses. SME’s can now afford to use superior software products without having to worry about hardware and maintenance costs. Before the Cloud, costs of purchasing servers and hiring IT people to install and upgrade systems made many software solutions unobtainable for many SME’s. A further added bonus of using SaaS products is that if the user doesn’t like the system, they can simply cancel their subscription and move onto the next.
Do all Businesses use Cloud Apps?
In a recent study by Right Scale (the leaders in providing users with SaaS products to SME’s), shows that 96% of SME’s in the USA and Europe use some form of Cloud Services whether that be public or private services, or a combination of both.
On average, SME’s use 4.8 apps in their business (that might be Gmail, Xero, Dropbox or an online CRM), and only 21% of business workloads remain outside the cloud.
Australia isn’t so advanced, but cloud app use is increasing. The Australian Bureau of Statistics (ABS) reports that only 55% of businesses in Australia use cloud systems, but only 17% of these businesses use public cloud products like Xero, Gmail, Office 365 or Dropbox. This is REALLY low compared with the rest of the world. 18% of business owners reported that they hadn’t adopted cloud computing because of:
Change management and training can solve most of the issues on the above list, but security has been a recurring concern and continues to be so for many of the businesses I come into contact with.
What are the real threats when using Cloud Apps?
Is hacking really that much of a threat for SME’s in Australia? Well yes and no. Like driving a car, there are things you need to do to ensure you get from A to B safely. The majority of us accept that driving has risks, and wear a seatbelt, buy cars with good safety ratings, don’t drive over the speed limit, and don’t take huge life-threatening risks while driving.
Using Cloud Apps is much the same. While there are risks, there are things you can do to protect yourself and reduce the likelihood of something bad happening to your data. The good really does outweigh the bad when using Cloud Apps and adopting Cloud Apps into your business will save you heaps of time and money and cut out manual processes.
What are the typical hacks you need to be aware of and protect yourself from?
I’ve listed a few below, but don’t worry, I’m also going to tell you what you can do to protect yourself from these hacks.
Keylogger – this is a piece of software that logs the keystrokes of the victim’s keyboard to allow the hacker to gain access to passwords and bank accounts. Like most hacks, software like this is often installed without the user’s knowledge through phishing (explained below).
Phishing – this is when the hacker sends emails that look legitimate to gain access to the user’s computer. A classic example might be an email that looks like it’s from a Bank / PayPal which claims to inform the recipient of suspicious activity. It then asks the recipient to “click here” to log into their account to verify they are the account owner. The page they are taken to looks like their bank login page (this is also now a Man-In-The-Middle attack) and they type in their login and password. A message stating “thanks for verifying your details” is returned, and the recipient gets on with their day. Phishing emails now impersonate everything from Xero invoices, to PayPal and Dropbox login screens and often look like the real deal.
Denial of Service (Dos/DDos) – this is when the hacker takes down a website or server by flooding the site with more traffic than the server can handle. The server can’t process the incoming traffic and crashes. An example of a Dos attack is the Australian Census Website in 2016 when we all got the dreaded error message of denial.
Fake Wireless Access Point (WAP) – here the hacker sets up a fake WAP with the same name as yours or names it something that seems legitimate (e.g. Airport Free Guest WiFi). Once the victim is connected, they gain access to your computer and monitor your keystrokes. With this access, they can then conduct a Man-In-The-Middle (MITM) attack and intercept and alter emails or communications to third parties.
Bait and Switch – here the scammer runs adverts on social media for goods. When you purchase the product and it arrives, it wasn’t that Gucci handbag you thought it was, instead the bag is fake and doesn’t look anything like what you bought. Some people never receive the goods at all. When the victim decides to complain, the seller’s website has often disappeared. Other bait and switch techniques are designed purely to gain access to your personal information or credit card details (no goods are ever intended to be sent out) which are then used to purchase other products without your knowledge.
Viruses / Trojan Programs – these are malicious software programs that run when you click on a phishing email or download something that is illegitimate. These programs then take over your entire computer and vary in damage. Some delete programs, others lock you out, and others hold your data ransom for money.
Cookie Theft – the hacker creates a fake advert and website which asks the user to accept the sites Cookies. A cookie tracker then runs in the background allowing the hacker to gain access to personal information and surf the web as the user gaining access to passwords.
Old Fashioned Impersonation – this is when someone you know impersonates you to gain access to your systems. This can be obtained from getting your data out of the recycle bin or by getting your personal information through trusted relationships.
How do I protect my Data?
There are things that you can do to protect yourself and I’ve listed them below:
It is highly unusual for Cloud Apps to not have this feature so make sure you turn this on. To find out where to turn it on, go to the settings area of your app or email email@example.com for assistance.
Tip: Turn this on MFA Company-wide to ensure your employees are protecting your data.
If you’re worried about companies giving your Face ID to government agencies just remember that Apple have repeatedly and publicly refused to provide government agencies (including the FBI) it’s users data, so your information is at this point at its safest with Apple over others, but there are always risks. My philosophy (in jest) is that if you’re a Facebook user then government agencies have all the data they need on you and more, so Face ID is the least of your problems.
Most cloud systems can be installed around $3000 including training, and better still you can opt in for ongoing support. This costs a small amount each month and ensures you can ask any questions at any time and get help when you need it. When new features are released, they’ll provide additional training, and train new staff as and when required at no extra cost (or conduct refresher training). The Process Collective offers all of these services, so don’t be afraid to ask.
As well as through The Process Collective, you’ll be able to access consulting through ShireWomen on all the subjects discussed in this article at a 50% discount to non-members.
If you want to find our more, email firstname.lastname@example.org and most importantly CHANGE YOUR PASSWORD ;-)
We'll be publishing a separate blog about Kathryn's talk shortly.
Not all of us want or choose to...
While some people are living their best lives...
If you are looking for ways to boost...
Please note, comments must be approved before they are published.
Keep up-to-date with the latest in small business, networking and community.
Your cart is currently empty.
Shipping & taxes calculated at checkout
Your wishlist is empty