Author: Rebecca Issacs

A common concern about the cloud is that it represents an additional security vulnerability. In reality, there are security risks that are actually mitigated by the cloud. Satisfaction of compliance requirements and sophisticated security from economies of scale can be achieved by your Cloud provider. Here are 5 common misconceptions about cloud security—debunked.

1. On-premise configurations are more secure than the cloud

AWS cloud is by far more secure and cost-effective than on-premise. AWS provides enterprise encryption and security at a fraction of the price it would cost on-premise. With on-premise configuration, firewalls and encryption software need to be installed, run, and maintained. AWS cloud has encryption and security protocols built into the AWS infrastructure by default. AWS is responsible for the safety and security of clients’ data, so there is continuous monitoring of the infrastructure with built-in alerts to notify customers of suspicious activity. Secure direct connections via TLS encryption for all AWS services. And AWS is built for compliance e.g., PCI, HIPAA, SCO Federal Government.

2. The Cloud suffers from more breaches

When the correct security policies for preventing attacks and detecting them are implemented, attacks are no more threatening to the cloud than any other piece of infrastructure. A recent cloud security survey showed that 31% of organizations experienced a security incident in the cloud, with misconfiguration being the leading cause. Hackers are going after servers that haven’t been set up correctly, whether they are in the cloud or off-premise. 

3. Data is more secure when it is physically controlled

Various high profile security breaches have served to highlight that the physical location of the data matters less than the access and associated controls. AWS data centers have controls that make security possible: 

• Secure design
• Business continuity and disaster recovery
• Physical access
• Monitoring and logging
• Surveillance and detection
• Device management
• Operational support systems
• Infrastructure maintenance 
• Governance and risk

4. Cloud security tools and capabilities are not ready for my business needs

AWS provides more than 20 services and tools that are more cost-effective than 3rd party tools for on-premise for: 

• Data protection
• Identity and access management
• Infrastructure protection
• Threat detection and continuous monitoring
• Compliance and data privacy

5. Maintaining cloud security is far too difficult

That is where Alacriti Consulting partners with you to maintain policies, procedures, tools, and services so you can focus on your core competency.

Alacriti Consulting, an Advanced Consulting Partner of AWS; provides consulting, migration, management services, and security assessments for AWS environments. Whether you need assistance with data migration or to prepare for compliance audits, Alacriti is here to help. For more information please call (908) 791-2916 or email awsconsulting@alacriti.com.

Original Post

For many of us, the beginning of a new year means taking up new habits and goals, often around working toward a healthier lifestyle. We vow to get enough sleep, eat healthier and exercise, among other goals.

In today’s digital world, it’s also essential to take stock of your digital health and security. In addition to digital health-driven habits like reducing social media use or time spent on streaming services, have you also taken stock of your cybersecurity? It is important to take action to help reduce the likelihood of becoming an online victim.

Here are some cybersecurity resolutions to share with your employees and members:

• Resolution 1: No more “Remind me tomorrow.” Those pesky software upgrades may seem insignificant, but completing them is essential to securing your digital devices. Software upgrades deliver bug fixes, plug weaknesses in security and neutralize many of the tools cyber criminals may use. Resolve to load updates and patches as soon as they come out instead of clicking the “Remind Me Later” button. Remind employees to install updates as soon as your IT department pushes them out.
• Resolution 2: No more passwords on sticky notes. While it can be a pain managing a multitude of passwords on just as many sites, the only practice worse than using the same password on every site is writing them down. For Apple users, the integrated password manager and iCloud Keychain work well. For Windows users, there are many free and paid apps that provide password management. Make sure your password manager has a password generator, the ability to detect weak or reused passwords, a tool to check the dark web for stolen login information, and biometric authentication.
• Resolution 3: Watch out for phishing emails. Security lapses are often brought on by phishing, which uses a fake email to trick recipients into disclosing login credentials, credit card numbers or other sensitive information. These attacks routinely affect both individuals and corporations. You can’t count on spam filters to stop all phishing emails, so you should always remain vigilant. Here are things to watch for:
• Any email that requests that you enter personal details, click a link or sign a paper
• Messages from strangers urging you to do a favor or something unconventional
• Direct email from a big business that you don’t know about 
• Email posing as a reliable source (credit bureau, IRS) and requesting private information 
• Emails that are full of grammatical and spelling errors 

Remember — don’t click a link or respond to an email if you are unsure, especially if you see any of the above red flags. To verify the message is genuine, get in touch with the sender using an alternative method of communication.

• Resolution 4: Never answer texts you didn’t ask to receive. Phishing is often done by email, but scammers have now started employing texts and phone calls. Such messages and calls can appear to be from well-known corporations like Apple and Amazon due to flaws in the telephone infrastructure. Even worse, with so much shopping done online, it’s becoming increasingly normal to receive phony SMS messages that claim to help you track deliveries. Only click links in texts if you know who sent them and if it makes sense for you to click them. No matter what, never input your login credentials on a website you arrived at by clicking a link because you can never be sure if it’s legitimate.

According to ChiefExecutive.net, around 90% of cyberattacks are caused in some way by human error. Whether via a successful phishing email, text or another method, the best cybercriminals prey on those lacking knowledge in order to gain access to sensitive data. The only way to combat this attack is to keep current on cybercrime trends. Continuing education is key, and the Federal Trade Commission (FTC) has excellent educational resources to share with your employees and members.

Adopting these cybersecurity resolutions is essential to keeping your employees’ and members’ data safe. Let’s toast to remaining secure online in 2023!

Gene Fredriksen is a co-founder and current executive director of the National Credit Union ISAO and the principal cybersecurity consultant with PureIT CUSO. He has previously held the positions of CISO for PSCU, Global CISO for Tyco International, principal consultant for security and risk management strategies for Burton Group, vice president of technology risk management and chief security officer for Raymond James Financial, and information security manager for American Family Insurance.

Fredriksen served as the chair of the security and risk assessment steering committee for BITS, and also served on the R&D committee for the financial services sector steering committee of the Department of Homeland Security. He also served as an advisor on various cybersecurity steering committees for the administrations of George W. Bush, Bill Clinton and Donald Trump, assisting in the preparation of the president’s Cybersecurity Position Paper.

Original Post