Security is not automatically built into the cloud
        
The digital workplace is particularly vulnerable, since most attacks stem from poor end-user password management. “Email is in the cloud,” says Maarten. “Microsoft offers a solution that scans emails, Teams content and SharePoint for malicious files – but if you want to secure your data, you have to invest.”
To demonstrate this general lack of in-built cloud security, Maarten sometimes stages a live mock attack of a business. “I’m no hacker,” he laughs. “This is just to prove how easy it is for the guy next door to obtain user names and passwords and then exploit compromised users’ permissions in email clients, SharePoint, etc.” 
A company’s IT team has little or no control over external devices accessing company email, something that has become commonplace – even essential – in modern businesses. “Mobile-first is the future, and it can open a back door to security problems,” Maarten says. “When you access your work email using your Android smartphone, do you worry about how protected it is? Probably not. The solution is to apply security measures that are active between the device and the cloud.”