Businesses that use cloud computing services to backup and store sensitive data are leaving themselves vulnerable because employees and administrators are choosing poor passwords, according to CRYPTOCard.
Some of the biggest names in the business, including Microsoft and Facebook, have said that the number of similar passwords used by common customers was putting at risk the millions of items of personal data that people store on their services. This applies not just to social networking and consumer services, but also to the business world and cloud computing solutions.
Firms and employees are allegedly relying on basic, easily predictable passwords to secure their cloud platforms and CRYPTOCard believes that it is only a matter of time before this is exploited by criminals to steal data and industry secrets.
Experts say that the tools that make password hacking simple are freely available online and in a matter of minutes any third party could gain access to the data a business stores on the cloud if it has chosen a weak password. This is said to be one of the biggest weaknesses with cloud computing, perhaps unsurprisingly centred on the human factor.
In a recent study it was discovered that most business managers are unaware as to the types of applications that employees are using at work and cannot explain whether they are based internally or on a cloud platform.
People who have passwords for social networking and webmail services that they access for personal use are often duplicating these basic passwords for work services, according to CRYPTOCard’s CEO Neil Hollister.
Mr Hollister believes that although things are improving, the process of encouraging people into better password habits is a slow one and in the meantime viruses data loss can occur due to poor password choice.
Mr Hollister said that finding out about employee interests from their social networking profiles and then creating a malware-bearing website related to that interest which will be accessed at work is a relatively simple task.
Mr Hollister concluded by pointing out to SC Magazine that there are already security measures out there that can neutralise the risks posed by weak passwords in a cloud-based environment, but the implementation of these has to be kick-started from the top.
