Bottom line: Weak passwords, missing two-factor authentication, and misconfigured sharing settings are the primary vectors for data breaches in cloud environments used by SMEs.
Small and medium-sized enterprises in Germany frequently use cloud services without consistent security measures – with measurable consequences for data loss, compliance violations, and financial damage. Responsibility for security remains with users, not cloud providers.
Many small and medium-sized enterprises assume that cloud providers bear full responsibility for security. This is a misconception: while major vendors maintain high security standards, responsibility for user accounts, access rights, and secure configuration remains with the enterprise itself. Customer information, financial data, and internal documents are attractive targets – often accessible through simple vulnerabilities such as insecure passwords or misconfigured shared folders.
A frequent error is the use of weak passwords: simple combinations like “Company123” or personal birthdates, reuse across multiple services, and lack of update cycles. Even more critical is the absence of two-factor authentication. A stolen password is then sufficient for complete control of business data. Central password managers and regular compliance checks are not established in many SMEs.
Managing shares and access rights represents another vulnerability: folders are left public, share links lack expiration dates, and control over internal access is missing. An effective permission model should follow the principle of least privilege, conduct regular reviews, and define clear roles.
With regard to encryption, there is often uncertainty: while data is typically encrypted during transmission and storage, enterprises are responsible for key management and access control. Transparent documentation of encryption methods and responsibility allocation (Shared Responsibility Model) is essential for CISOs to meet compliance requirements and correctly assess risks.
Source: www.it-daily.net · Published 11 June 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.