Hopefully you’ve never had to experience any kind of security breach. As we all store more data in the cloud, the thought that this information could become compromised is nerve-wracking. A security breach occurs anytime an unauthorized person accesses your Google Apps domain. There are two types of security breaches: a hard breach and a soft breach.
A hard breach occurs when the software itself is compromised. Hackers found a way to get around your defenses to access your data. Google hasn’t suffered any major hard breaches (knock on wood!) so when it comes to protecting your Google Apps data from a hard breach, you should be feeling pretty safe and secure.
Soft breaches, on the other hand, are a different story. A soft breach occurs when an attacker tricks one of your users into granting him “legitimate” access to your Google Apps domain. These techniques are known as social engineering where the attack focuses on people rather than technology. The most common form of a soft breach is caused by phishing, where users are duped into revealing passwords by way of emails or web pages that are designed to look like “real” login screens.
So, Why Can’t Google Stop a Soft Security Breach?
Unfortunately, there are no real software defenses against soft breaches. It doesn’t matter how sturdy the lock is if you give a burglar the key, and soft breaches are always about convincing you to let attackers in so that they don’t have to deal with Google’s highly effective security measures.
How to Defend Against a Security Breach
The key to preventing a security breach (and specifically a soft security breach) is to train your Google Apps users on security best practices. Simple things like “don’t tell anyone your password - ever!” and “check the web address of any page that asks you to log in” can help stop the vast majority of social engineering attacks. It’s surprising how many users don’t know the basic rules.
Beyond bringing your staff up to speed on good Internet safely habits, implementing Google Apps’ own security features is a good idea. Google Apps admins should have backup email accounts and phone numbers in case their primary account gets locked out or compromised. All Google Apps users should be required to use strong passwords. Two-factor authentication, which requires users to input both a password and a time-sensitive code to log into Google Apps, renders even stolen passwords useless.
Additionally, having some type of cloud-to-cloud back solution can come in handy if your company does experience a security breach. Having a secure, second copy of the data will be a huge relief. So, what is your company doing today to prevent security breaches?
For more information on how to protect your Google Apps data against security breaches or other threats check out “A Complete Guide to Google Apps and Your Data: Five Potential Threats That Google Can’t Defend Against, But You Can.”