Cloud based and online SaaS services are a normal part of business these days. Whether it is GSuite, Salesforce, HubSpot, or any one of thousands of other online services, people and companies rely on these for their day to day activities.

So what can you do to ensure you are using these services in as secure a fashion as possible?


This one goes without saying, but any service you are using these days, will (should!) be using HTTPS. This is the little lock icon up in the address bar of the web browser. This encrypts and secures the data going between you and the website, and ensures you are interacting with the correct website, and any online service worth its salt these days will be doing this.

2. Authentication

The first and most obvious means of adequately securing your cloud services is to pick and use a long, strong password. Password length is the greatest factor to focus on. A long password allows you to easily include numbers and special characters. And it isn’t any more difficult to type in – once you enter it a few times it just becomes muscle memory.

Pick a password of at least 4 random words, and ensure it is not one you use for other websites. Use a password manager, to help you manage and use passwords which are long, strong, and totally unique to each and every site you are logging onto.

Along with using a good password, Multi Factor Authentication is important for truly securing your login. MFA is a second means of proving that you are who you say you are, and with this, even if your password is stolen, an attacker can’t access your account.

3. Set up Text Authentication

While an app on your physical phone is best, a good alternative is to have the service send you a text message when you log in. There are attacks where your SIM & phone number can be cloned, but it is still better to have this.

Also, when the text message is received, the code can often be read from the locked screen, so be aware of who around you might be able to see your phone, even while it is locked.

4. Controlling Access

If you have multiple people using the service, give one or two Administrator level access, and reduced level access for everyone else.

If you are using a file share, give limit people’s access to only the files they need. Many online services offer the ability to create roles, and assign permissions and team members to these, making it easy to assign, remove or move people around as needed.

5. Test Password Recovery options

Test your fallback options to ensure they are not giving an attacker any advantage in getting into your accounts. Many sites offer options if you don’t have your phone with you, of even if you have forgotten your password. Explore these ahead of time to ensure they don’t undermine all of the security you have put in place.

Let me know if this was helpful, and what other cyber security topics you would like to see discussed