blog Archives | Imagis

How Simulated Phishing Campaigns Can Save Your Business from Losing Money

December 17, 2019/in blog /by Ilya Pletinskiy

As you are reading this article there is a high probability that your organization is being targeted by a phishing attack.

According to Verizon’s Data Breach report 90% of security incidents and data breaches involved phishing activity, making Phishing the most frequent type of attack used by cyber criminals. As recent as October 2019 FBI published a report ¹ stating that Business Email Compromise attacks accounted for $26 Billion in losses globally over a three-year period. In the report, the FBI suggests that “Employees should be educated about and alert to this scheme. Training should include preventative strategies and reactive measures in case they are victimized.”

Cyber criminals use Phishing because unlike other attacks that target technology Phishing attacks exploit human error.

What is phishing?

According to the United States Computer Emergency Readiness Team (US-CERT) phishing is defined as a form of social engineering that uses email or malicious websites (among other channels) to solicit personal information from an individual or company by posing as a trustworthy organization or entity. Phishing often directs users to enter details on a fake website that looks and feels almost identical to the legitimate site.

Why are Phishing awareness and simulated attacks so important?

Cyber security is no longer purely about leveraging “best-in-class” technology instead it’s about building a culture that takes cyber security seriously. Because of the nature of Phishing, it is impossible to stop phishing attempts by using purely technical solutions. Your employees are the last line of defense against cyber threats like Phishing attacks, that is why it is extremely important to train your team to be able to identify and report malicious emails and prevent a data breach or loss of money.

Lack of employee training on cyber security is the main reason for these attacks are so successful. However, the good news is that simulated phishing campaigns can reduce their success rates.

As Dwight D. Eisenhower once said, “In preparing for battle I have always found the plans are useless, but planning is indispensable”. To his point, because attacks are unexpected, and plans can be outdated or not applicable the best way to get ready for an emergency is by continuously preparing. For example, the military isn’t just responsible for planning but also continuously training troops so that in the case of an emergency the military will be best prepared to respond effectively.

Similarly, running simulated Phishing campaigns will allow you to measure your organization’s cyber security awareness and then respond appropriately by developing effective training campaigns. Strategic training is imperative to give your employees the knowledge and the ability to spot and report Phishing attacks in order to protect your company from a data breach and financial loss.

What can you expect from a simulated Phishing campaign?

There is a number of benefits that you gain from running Simulated Phishing campaigns, below is a shortlist of the most important benefits to your organization:

1.Give your employees the experience of a real-life phishing attack before they happen.

With simulated Phishing campaigns, your employees will get a firsthand exposure to sample Phishing emails. This will help them get familiar with the look and feel of such attacks. Campaigns can also be created to emulate familiar experiences. For example, if your company uses G-Suite you can choose a Phishing campaign that looks like an official email from Google asking users to login to their G-Suite. These types of campaigns are harder to spot but after the training your employees they will be better prepared to identify real-life Phishing attacks.

2.Gain insights into your company’s security awareness maturity.

Knowledge is power! With real-time reporting, you can measure your company’s security awareness by tracking how many emails were opened, how many users selected a link, and whether these emails were reported. This data is imperative to understand your current level of security awareness throughout your organization and help to plan for future campaigns and training.

3.Identify and remediate the highest risks.

Leveraging the insights from the reports you can identify individuals or department groups that require additional training. Once your most vulnerable risks are identified you can then provide specific tools and training that they require to keep your company safe from cyber-attacks.

4.Create and streamline security training based on campaign results.

Based on the results of your campaigns you can streamline training by automatically delivering targeted training to maximize efficiency. As your employees’ security awareness grows you can ramp up and run more sophisticated campaigns that are harder to identify. You can also choose campaigns that mimic some of the most familiar names such as Google, Apple, and yahoo.

5.Keep your employees up to date with the constant changes in the cyber threat landscape.

With weekly bite size 2-minute videos and monthly short newsletter your employees will be kept up to date with the latest threats and tricks to identify cyber threats.

6.Keep up with latest regulations.

Organizations that fall under specific regulations such as HIPAA, SOX, PCI and GDPR might be required to provide employees with cyber security awareness training.

People focused security awareness training is the solution to human risk. Make sure your team is cyber security aware. If you are looking for help with your security awareness program, reach out to Imagis, we would love to hear from you.

4 Reasons That Increasing Your Cybersecurity Can Help You

December 12, 2019/in blog /by Sam Shargo

Cybersecurity – it isn’t just a buzzword. It’s a necessity. If you’re running a business in today’s digital-reliant world, cybersecurity should be one of your top priorities.

Unfortunately, some business owners and managers don’t invest the funds needed to protect their data from increasingly sophisticated threats. Why? Because, to them at least, cybersecurity isn’t a profit driver. On a surface level, it doesn’t promote growth, save time, or increase efficiencies.

We’re out to put an end to that type of thinking. A staggering 58 percent of cyberattacks target small businesses. And, the number of attacks launched by malicious threat actors has increased by 15 percent each year since 2013.

It’s not a matter of if. It’s a matter of when.

The good news is, upgrading your cybersecurity efforts can help you in more ways than you might think. In addition to preventing breaches, enhanced network security will benefit your operations across the board. Let’s discuss four specifics.

1. Improved cybersecurity can save you money

Budget is always a leading concern. Guess how much the average cyberattack costs to rectify? $500,000? Higher. $1 million? Even higher. The average cost of a cyberattack is now over $1.6 million. That’s a pretty penny, alright.

Could your small business afford that kind of sum? If you’re anything like the rest of us, the answer is probably no.

Implementing the correct cyber defenses can prevent costly attacks, saving you money – and potentially preventing your company from closing its doors for good.

2. Proper cybersecurity efforts safeguard your reputation

This benefit operates two-fold.

First, if your business experiences a successful breach, you will have the processes in place to act fast and eliminate the attack before it causes too much damage. From your customer’s perspective, your business has demonstrated its commitment to protecting business and client data. That’s a good look – one that’s sure to garner long-term loyalty.

Even if an attack doesn’t occur, your security measures will help you earn the trust of customers and prospects. They’ll feel more comfortable handing over their private information to your company, which means more sales, more profit, more growth.

3. Cybersecurity best practices give you access to superior features

Most businesses rely on software of some kind – whether that’s cloud-based or otherwise. Keeping this software up-to-date is one of the most critical security best practices you can follow. Updates contain vital security patches that quite literally ‘patch up’ new or undetected vulnerabilities.

Even better, when you continually keep your software updated, you and your team will benefit from the new features, functionalities, and performance improvements included. It’s a win-win.

A great example of this is the end of support date for Windows 7. Updating your devices to Windows 10 won’t just give you access to the latest features, but it will also ensure your information is protected.

4. Cybersecurity gives your business a competitive edge

Finally, investing in cybersecurity gives your business a competitive edge. You’ll be able to offer greater customer protection and enhanced functionalities.

What’s more, any profits you make can be confidently allocated to expanding your reach and growing your operations. Your hard-earned dollars won’t end up in the hands of a cybercriminal.

What is OneDrive and SharePoint Sync?

December 4, 2019/in blog /by Sam Shargo

OneDrive is responsible for the synchronization of personal files on your desktop. This includes your documents and pictures folders. If you are logged into Office.com, you can access your personal data outside of your laptop. This platform acts as a backup of your data in case something happens to your laptop.

Sharepoint is liable for company files that you can access directly on your computer through the file explorer.

Utilizing and using both SharePoint and OneDrive together can be beneficial for your business.

Watch this video for a demonstration on the basics of the synchronization process between OneDrive and Sharepoint in the cloud and on your computer.

One Simple Yet Effective Strategy to Protect Your Digital Identities

November 20, 2019/in blog /by Sam Shargo

Get Perspective

Digital identities are vital to an organizations integrity, operations and security. Identities could range from accounts used to access email, file sharing, video or line of business applications like CRMs and ERPs. We won’t get into all the different threats out there but I do wish to share one simple yet very effective strategy to protect your online digital identities. Before we get into it, let’s look at some interesting statistics to gain some perspective.

300,000,000 daily fraudulent sign-in attempts
81% of breaches are caused by credential theft
73% of passwords are duplicates
By 2020, there will be 200 Billion Internet Connected Devices
92% of companies have cloud credentials for sale on the Dark Web
Average of 12.2 incidents each month related to compromised accounts

Explaining MFA.

Multifactor authentication is a method that verifies a user’s identity by checking something you know and something that you have. For a long time, the standard password has been the primary method of authentication when logging into systems. As we can see from the stats above, passwords are effectively useless but with MFA, having the password to an account is not enough to access it as it helps provide proof that you are whom you say you are when accessing a digital account.

Some examples of MFA include:

biometrics such as fingerprints and facial recognition
time-based one-time passcode generated via an app or sent via SMS
push notifications via an authenticator app

What about changing passwords?

Don’t change them! That’s right, according to NIST changing passwords every two or three months actually causes more harm than good. Think about it, when people need to change their passwords so often how do they keep track of it. More often than not, it ends up being on a sticky note attached to their computer screen leaving it completely exposed.

With MFA enabled on your digital identity, the password is not as relevant anymore. In fact, the next trend in digital identities is moving towards what is known as Passwordless Authentication but we will leave that for another time.

Not the end all be all

While MFA helped to reduce over 70% of cyber attacks in 2018, hackers have found their way around it and still administer attacks that bypass the multiple authentications. A typical example is a sim swapping scheme administered on a particular US banking institution back in 2018. On this attack, the attackers called the sim issuing company of a subscriber and provided the information needed to perform a sim swap. Once they got hold of the sim card, they could bypass the MFA by receiving the SMS codes on the attackers’ device. Additionally, more phishing attacks are now becoming aware of MFA by using a proxy to authenticate the user and capture the one-time code.

Tips for MFA

Avoid SMS codes – although this is convenient, cellular networks are known to be extremely vulnerable and SMS is the weakest method of MFA that you can use.
Use Push Notifications instead of codes – codes can be captured using advanced phishing methods. Push notifications provide the added benefit of notifying you if and when someone is trying to access your account.
Be Mindful – if you receive a notification from your authenticator app that someone is trying to access your account, this could mean your password is already compromised.

As with most things in security, nothing will protect you 100% but a multi-faceted approach is most effective. Combined with MFA for your online accounts, security awareness training is critical. Security experts know that the human element is by far the weakest link in any cyber strategy but with the right amount of education and awareness, your team can become vigilant and perhaps even your greatest defense.

Keep in mind that every organization is different and may need a more involved approach to their strategy but MFA is now becoming universally accepted as the most effective way to prevent data breaches related to compromised credentials. Talk to a cyber security strategist with a cloud focus like Imagis to design the right security and adoption strategy for your team. Be proactive, be aware and be vigilant my friends.

5 Easy Ways to Spot a Phishing Email

November 18, 2019/in blog /by Ilya Pletinskiy

Digital information is part of our lives. We use it every day at home and at work. The need to safeguard this information has not only changed, but it has also made having digital information a liability. A recent study by IBM found that 95% of data breaches were caused by human error. That includes lost phones, laptops, and people falling victim to phishing scams.

What is a phishing attack? According to the United States Computer Emergency Readiness Team (US-CERT) phishing is defined as a form of social engineering that uses email or malicious websites (among other channels) to solicit personal information from an individual or company by posing as a trustworthy organization or entity. Phishing often directs users to enter details on a fake website that looks and feels almost identical to the legitimate site.

Here are 5 ways to spot a phishing attack:

1. Examine the sender’s email address and check if it matches the domain of the company who is sending the email. If you receive an email about your bank account but the sender’s email address does not contain the name of the bank then its most likely a phishing email.

2. Look for generic greeting such as “cardholder” or “Dear Customer”. Most cyber criminals send millions of emails with generic greetings because they are not targeting a specific person. However, some sophisticated criminals do target individuals and will use correct information to lure their victims.

3. Look for messages with threatening language or ones that require immediate action (i.e. “your account has been compromised” or “your account will be terminated if you do not act now”).

4. Approach embedded links with caution. When in doubt, move your mouse and hover over a link to see where the address leads. If it’s not the domain of the company that sent the email, DON’T click on it!

5. Be cautious with email file attachments. Attachments are the easiest vehicle for a cyberthreat to hide in. If you don’t know the sender, NEVER click on an attachment.

Phishing emails are one of the most commonly used attacks targeting employees in order to steal data and/or money. If you own or manage a business then it’s imperative that cybersecurity awareness becomes part of your company’s culture. Reach out to me to learn more about how Imagis can help your organization become more secure and protect itself from cyber criminals.

What the End of Windows 7 Support Means for Your Business

November 7, 2019/in blog /by Sam Shargo

In March 2019, Microsoft determined that it would be ending support for its incredibly popular operating system, Windows 7. Users were given just under a year to upgrade to the company’s most recent OS update, Windows 10. But while the company expressed the urgency of the upgrading, it didn’t offer it’s a lot of direction about what to do next. With 35% of Windows users still utilizing Windows 7 in March, knowing the next steps for your business will be crucial.

What if I don’t upgrade?

This is a complicated question. Support ends on January 14, 2020, but that doesn’t mean that your computer will just stop working at midnight. Instead, Microsoft will stop offering support and patches for your computer. For a few days or weeks, that’s unlikely to be a problem. But with constantly evolving security threats, your operating system will become gradually more vulnerable to cyberthreats, and that can put your whole business at risk.

What are my upgrade options?

There are three basic options you can take when Windows 7 support ends in 2020.

First, you can choose to upgrade your physical devices – computers, tablets, etc – to devices running Windows 10. This may be the simplest method of moving forward, since you’ll simply open your device and be ready to go. A recent development called Windows 10 Auto Pilot means that you can have a “zero touch interaction.” IT administrators assign devices to users in advance, and they have almost no role to play after that. If you have a large number of older devices that needed upgrades anyway, this may be the best route for you.

Second, you can choose to upgrade the operating system on your current Windows machines to Windows 10. Upgrading licenses has traditionally been expensive; for some companies, that cost may have been why they stayed with Windows 7 for so long. But if you have a subscription to Office 365, that will give you a license to upgrade from Windows 7 Pro or Enterprise to Windows 10. If you have up to date machines and just need the OS upgrade, or if you already use Office 365, this is a great option.

Third, if you really need to keep Windows 7 due to legacy systems or other business needs, you can choose to purchase Extended Service Updates. But don’t expect ESU to continue to roll out new services or keep your OS functional with the newest programs; Microsoft describes ESU as a strictly last resort option. Patches to avoid the worst of the security bugs out there will be rolled out periodically, but that’s all you’ll get – and you’ll pay a hefty fee for this.

Get ready for the cloud

For some companies, this may be the push they need to start migrating programs to the cloud. If you have legacy applications that need Windows 7 to run and do not have versions available for Windows 10, then using Microsoft’s Azure Virtual Desktop may give you the best of both worlds. This cloud-based system runs Windows 7 and 10 programs in a safe, virtual environment. You also get free ESU for your Windows 7 system, giving you more time to navigate a total transition to an up to date operating system.

Another option is Microsoft’s App Assure, which helps migrate applications from Windows 7 into Windows 10 and Office 365 ProPlus. If app compatibility has been a sticking point for your organization, this is another viable alternative. And of course, if you’re not sure how to move forward, Imagis is here to help. We’ve been helping clients navigate the Windows 7 to 10 transition all year, and we have solutions ready for any client situation.

Building a Roadmap To IT Modernization

October 10, 2019/in blog /by Sam Shargo

Technology advancement is accelerating. To lead the way, a business must bring value by using the most current technology available. By modernizing legacy applications, businesses improve their agility and their clients’ user experience.

IT modernization brings an organization’s existing software and hardware up to current standards. The goal is to align IT with the organization’s ever-shifting business strategies, but this is a big task. It helps to have a solid roadmap firmly in place.

Upgrading legacy systems takes planning and organization. Be sure to look at applications, systems, services, and infrastructure while planning. Keep in mind the overall picture as you modernize.

Another factor that must be fully understood is the budget. Today, companies spend up to 80% of their budget on legacy systems. Compare the costs of a legacy system vs. the costs of IT modernization to make a case for the change to your organization’s executives and investors.

Strategize and assess before creating a roadmap

Strategically, creating a roadmap puts your company in a good position for future upgrades, as it will address any concerns ahead of time, and will outline the activities that need to take place. Without addressing the concerns and activities ahead of time, there is no chance for a successful upgrade.

The following things should be reviewed while creating your roadmap:

• Company goals

• Customer experience

• Technology assessment

• User experience

• IT needs and wants

• Budget and timeline

• Communication of the changes

• New architecture

• Execution of the upgrade plan

Understand the scope of your project

As in, truly understand it. Many companies underestimate what they are getting into when they look at IT modernization.

Create budgets; create timelines; interview stakeholders, and talk to IT resources with your company. Get a second opinion from an IT firm outside your company. Outside firms have a unique way of looking into a company, finding the details that are often overlooked by people who use the technology every day.

Review alternatives

Conduct a risk analysis of what happens if you don’t modernize. Also, conduct a risk analysis of alternative methods of modernization. Find projects that have the lowest risk, and also make the most sense for your company. Be prepared to highlight these preferred alternatives with the management team, so they truly understand what is involved.

Outline your roadmap

Finalize your timelines and costs. Lay out your overall goals.

Once you have that information, you can start to plot your mini-goals. Plan the iterations and migrations. Outline the personnel that you will need to reach these goals.

Using IT architectural diagrams will help you define each goal and the steps you’ll need to achieve it. These diagrams should define migration options, buy-versus-build options, and business capabilities.

Show the system’s future architecture in your model diagram to explain the reasoning behind your decisions. All the deliverables within the roadmap must serve a purpose. Customize them to meet the needs of your business, to manage the program you are about to put into place and to share the outcomes with stakeholders and management teams.

This roadmap is your justification for moving the business forward and creating an IT modernization project within your company. The roadmap must be laid out and fully understood by the team managing the budget, or your project won’t get off the ground.

How to Create a Strategic Plan for IT: SWOT Analysis

September 12, 2019/in blog /by Sam Shargo

Every business needs an IT strategy, but not all IT plans are created equal. In a recent study, out of nearly 1,800 executives surveyed, only 14% believe their digital strategy had been successful. This leaves us wondering — what can businesses do to avoid becoming part of this statistic?

Luckily, there’s an answer, and it’s the SWOT analysis.

The SWOT analysis

The general principle behind the SWOT analysis is that it helps you understand the current state of your business, and how you can make it more profitable. In an IT context, this means understanding your IT situation and how you want it to improve.

The SWOT analysis is based on four factors:

Strengths (S)
Weaknesses (W)
Opportunities (O)
Threats (T)

To fully comprehend where your IT infrastructure is right now, and the direction you want to take it in, you should consider each of these factors in turn. So, how do you go about applying SWOT to your business?

Strengths

There’s something you can offer customers that your competitors aren’t supplying. This is your unique selling point or USP. Your IT strategy should directly support your strengths. Ask:

What’s great about your IT infrastructure?
How does it help you build your client base?
What you can do to ensure that your client base grows?
How you can improve your existing IT to best support the direction you’re taking your business in?

Weaknesses

Every business and every IT infrastructure has weaknesses. Your job is to identify and mitigate them. Consider:

How vulnerable you are to cyber attack?
Are you doing enough to protect sensitive and personal data?
How are you losing sales, and if there’s anything you can do to reverse this trend? For example, perhaps a seamless cloud-based platform will let you keep track of successful sales tactics so you can apply them easily to future transactions?

Opportunities

Think about the gaps in the market and how you can fill them. Focus on how your IT strategy fits into this growth. Ask, for example:

What is your customer looking for?
Can you offer something that your competitors aren’t?
What to do to ensure your IT infrastructure supports your expansion plans?
Is it time to seek outside help, such as from a managed IT services provider?

Threats

You’ll want to understand the threats affecting your business. You should be asking:

Are you doing enough to keep up with your competitors?
Are there any new products or applications on the market which make your services obsolete, or less relevant?
Are you keeping up with the latest cybersecurity threats affecting your business, and is there anything more you could be doing?

Once you’ve compiled your SWOT analysis, you can devise an action plan for moving your business forward. Think about how to minimize your risk exposure while maximizing your opportunities.

Finally, be sure to revise your SWOT analysis at regular intervals so that you have as complete an understanding of your company as possible.

Summary

The bottom line is that at least 35% of IT strategies fail because the strategies are insufficient for a company’s digital needs. With the SWOT analysis, you can be sure that you’re covering all the right IT bases and planning for your company’s long-term success. To find out more about SWOT and IT strategies, contact us today.

3 tools for business communication and their pros and cons

August 15, 2019/in blog /by Sam Shargo

When communications within your business are easy, your workplace will thrive. Long gone is the era when walking to someone’s desk or calling them is necessary. Today, there’s a range of tools and preferred methods available. If you want to improve the way you communicate in your office, it’s time to learn about some key tools, as well as their pros and cons.

Slack for instant messaging

As a popular instant messaging app that’s good for collaboration and team messaging, Slack is used around the world. In addition to sending and receiving messages, you can engage in safe file sharing, video calls, and audio calls.

You can try Slack’s Freemium package and benefit from a 10K message history and 5GB storage allowance. If you choose a Slack Plus Plan, you’ll pay $15 per user and enjoy a generous 20GB storage allowance.

Slack’s biggest pro is that you can create separate conversation rooms for each group of users. This makes it easier for you to ensure that everyone receives information on a need to know basis. There’s also a search feature, which proves useful when tackling uploaded documents.

Arguably, the biggest con to Slack is the 10K messaging limit. When you’re using it for a large organization that depends on remote messaging to function, that could prove tricky to work with.

Microsoft Teams for easy collaboration

You can start using Microsoft Teams as part of your Office 365 package if you have one. Instant chat plus audio and video via Skype are available. If you use Microsoft Office 365, you can integrate the software with many of its tools.

If you’re one of Microsoft Office’s 155 million users, adding Microsoft Teams to your repertoire could prove convenient and useful. The software will feel familiar, and it’ll segue well with your existing tools. Another big pro of taking this route is that you’ll enjoy 1TB of storage space per user, which is much higher than Slack.

As for the cons, you may find the interface is tricky to use at first. You can overcome that with practice, but it’s less than ideal when you’re trying to convert your organization to a new software tool.

Zoom for video conferencing

Whether your business exists across several sites or you have employees who telecommute, finding a reliable form of video conferencing software is advisable. Video conferencing is essential for making sure employees can participate in an alternative to in-person meetings. When you find the right software, you may cut some of the costs associated with traveling for meetings. As 3.7-million employees work from home at least half the time, having reliable video conferencing software is advisable.

One software tool for you to consider is Zoom. Zoom allows you to include up to 100 active video conference participants. You can also include up to 10,000 view-only attendees. Screen-sharing is available, too, which is pretty much essential when you’re working on projects across several locations. As 94% of businesses that use video conferencing say it boosts productivity, it makes sense to incorporate dependable technologies into your offices.

The biggest benefit of using Zoom is the high number of active participants allowed. Zoom makes it easy for the participants to join in as all they need to do is click onto the webinar link that’s shared with them.

The only big con to using Zoom is that the customer service can be a little slow. When you’re managing a small business and integrating new software for the first time, this can soon make your life frustrating.

When you try to sharpen your business’s communication tools, other areas of your day to day operations improve too. All you need to do is find the right technologies for your organization. If you have any further questions concerning how technology can empower your business, feel free to reach out to us at Imagis. We’d be happy to help.

Who is responsible for data in a cloud model?

July 25, 2019/in blog /by Sam Shargo

The cloud services market is growing rapidly. It’s expected to be worth $623.3 billion by 2023, with North America having the largest share of the profits.

The rise of cloud technology has brought with it concerns about the security of data. And with good reason. Weak cybersecurity is not just an IT problem — it’s a risk to the entire business.

When you use cloud technology, the lines become a little blurred.

Who’s responsible for the data — the platform or the customer?

Here’s our take:

Cloud platforms must take data security seriously

There’s no doubt about it — when you choose a cloud platform for your business, a robust data security policy must your top priority.

The provider has a responsibility to ensure the maximum level of security for their customers.

And the overwhelming majority do.

In fact, cloud-based solutions could be more secure than in-house solutions. According to Salesforce, 94% of businesses improved their online security after moving to the cloud.

Before you choose a cloud platform for your business, we recommend you conduct a thorough risk assessment. This will help you ensure the provider fulfills its obligations when it comes to the protection of your data.

But the platform can only do so much. Cloud platforms control the infrastructure — including databases, data centers, storage, and networks.

This is where their responsibilities lie.

But the users have a responsibility too

Gartner predicts that, through 2022, at least 95% of cloud security failures will be the fault of the users.

There are certain data vulnerabilities the cloud service provider has no control over. Even if they wanted to, they couldn’t take responsibility for them.

This includes access management and the movement of data to and from the cloud.

One of the biggest reasons businesses opt for cloud technology is the ability to access data from anywhere, on multiple devices.

This has clear benefits for the business — it enables remote working and improves the availability of data — improving the efficiency of the business.

But it also brings about one of the biggest risks.

If your employees can access data from anywhere, so can cyber-criminals.

And they do.

According to a recent report, 76% of organizations experienced a phishing attack in one year. These emails are notoriously difficult to spot so robust data policies are essential.

Businesses have a responsibility to protect their cloud data from online security threats. They are responsible for:

Staff training
Keeping software and firewalls up to date
Managing access to data
The encryption of data as it moves to and from the cloud
Developing policies to protect customer data

Conclusion: data security in the cloud is a shared responsibility.

When it comes to data security in the cloud, it’s clear neither party can take full responsibility.

It requires collaboration.

You need to know where your CSP’s responsibility ends and yours begins.

We understand this isn’t always easy but it’s important you take it seriously — data breaches can be disastrous for your business.

The two key players in cloud technology for businesses — AWS and Microsoft — have spoken out about this, defining the shared responsibility model for cloud security. This is now considered the industry standard.

In short, CSPs are responsible for the security of the cloud, while the users (that’s you) are responsible for security in the cloud.

At Imagis, we can give you peace of mind by helping you with this process. If you want to ensure your cloud security is up to standard, get in touch to find out how we can help