Snowflake—such an unassuming name. If you haven’t heard, it’s the center of a data breach disaster for hundreds of companies. The problem doesn’t involve a vulnerability in Snowflake’s systems, but stolen credentials for their customer systems that don’t use MFA – multi-factor authentication.
Snowflake, a cloud-based data warehouse, is a platform that doesn’t enforce MFA for customer accounts. While it securely stores your data, protecting it lies with you. What measures does your cloud service offer for data protection?
Stolen credentials accounted for almost 40% of ransomware attacks in 2023. MFA, or two-step verification, is a simple prevention solution that requires users to confirm their identity in at least two ways.
Not all MFAs are equal. Some use an SMS or voice message sent to your smartphone as the second identity confirmation and can be compromised. App-based MFAs use an OTP (one-time password) or mobile push notification.
The most secure is FIDO, which is considered phishing-resistant. Passkeys replace passwords for sign-ins. A private passkey stays on the user’s device; the public passkey is with the online service.
The passkeys are exclusive to each service, adding another layer of privacy. Passkeys don’t allow multiple services to share information to track users across the Internet. This level of privacy is something we can all appreciate.
Check with your cloud services provider about the cybersecurity they provide and what they recommend. Plug any gaps you may find. Consider MFA if you’re not using it now.
Author: Kris Keppeler is a writer who finds technology fascinating and loves humor. She writes on Medium.com. She is also an award-winning podcast producer who enjoys telling funny stories. Follow her on X (formerly Twitter) @KrisNarrates or on LinkedIn.
Small Business Solutions 