Cloud security basics for end users

Why cloud security is a behaviour topic

Major cloud providers invest billions in securing their infrastructure. The weak point rarely sits in the data centre; it sits in what users and administrators do inside it. A wrongly shared folder, overly broad access for an external supplier, a reused password, a phishing email arriving at a Microsoft 365 account: these are the main vectors of cloud incidents in 2026.

The shared responsibility model explains why. The provider secures the cloud (hardware, network, base platform), but you are responsible for what you place in it and how you configure it. A provider cannot impose safe settings on you, and even with sensible defaults a single click can make a sensitive document public.

Cloud security awareness is therefore not about deep tech, but about a handful of habits: think before you share, check before you accept, report before you doubt. When those habits are widely adopted, your cloud use is demonstrably safer than that of an organisation with strong tech and weak habits.

The six basics for every user

Not complicated, but apply consistently:

• Use strong, unique credentials. A password manager creates unique passwords per service, and passkeys or FIDO2 hardware keys resist phishing. Reuse a password across cloud services and a single leak is enough.
• Enable MFA wherever supported. Prefer an authenticator app or hardware key over SMS. An unexpected MFA prompt is an attack, not a glitch.
• Share consciously, not by default. "Anyone with the link" looks easy but means a leaked URL gives access. Prefer sharing with named people or groups and set expiry dates.
• Keep your devices and apps up to date. Security updates close holes attackers actively exploit. Postponing is no innocent choice anymore in 2026.
• Use only approved cloud services for work. A free online translator or AI service used to summarise a confidential document unknowingly shares your data with a third party. Ask IT for approved alternatives.
• Report suspicious activity fast. An unexplained login from another country, a strange mailbox rule forwarding mail, a document that suddenly appears public: report straight to IT to limit impact.

Safe collaboration in Microsoft 365, Google Workspace and Teams

Most cloud incidents in 2026 are not technical exploits; they are wrongly shared files, inappropriate permissions and hijacked accounts. Three concrete practices that make the difference.

Limit sharing to those who need it. A document with customer data should not be visible 'to everyone in the organisation'. Set access by role-based groups or named people. For external collaboration: use guest accounts with limited rights and agree when the collaboration ends so access ends too.

Stay alert to unexpected meeting requests and shared folders. A Teams message with a document from an unknown external party, or a SharePoint invitation with an urgent request, can trigger an AitM attack capturing password and MFA code. In such cases go manually to the known login page of your cloud provider, not via the link.

Check what you share regularly. Most cloud services offer a 'shared by me' overview. Tidy it up once a quarter. Remove old links, restrict access no longer needed, and apply policy-driven retention.

AI services and the cloud: new risk, new habits

Since 2024 AI services are a daily part of work: translating, summarising, drafting. Many run in third-party cloud and (sometimes) retain inputs for further training. That means pasting a confidential document into a free AI prompt shares it with a party your organisation has no contract with.

The rule is simple: for work, only use AI services approved by your organisation with proper contractual terms. When in doubt: ask first, do not share. Under the EU AI Act, since February 2025 your organisation must also actively make staff AI-literate; precisely these habits are part of that.

Ask IT whether an internal or contractually safe AI service is available. It almost always is, and the difference between safe and unsafe AI use lies not in the technology but in choosing which window you open.

What to do after a suspected cloud incident

Noticed a wrongly shared document, an unusual login on your account, or a Teams message that feels like phishing? A few quick steps limit the damage.

• Stop further use of the suspect account or document right away. Change the password and sign back in everywhere.
• Report to IT or the security team with as much concrete detail as possible: time, suspected sender, screenshot, document name.
• Check mailbox rules and forwarding settings. A common trick after account takeover is a rule that forwards mail to an external recipient; find and remove it.
• Revoke shared access via the "shared by me" settings if you doubt what you shared previously.
• Help your colleagues. Attacks rarely come alone; briefly warn your team they may receive something similar and ask IT to issue a broader alert if a pattern emerges.

How to anchor this in an awareness programme

Cloud security belongs as a recurring theme in your awareness year plan, not as a one-off module. Practical build: a short base module (six to eight minutes) on the six basics, a role-based deep-dive for admin staff (sharing, external access, expiry), and a short AI module covering currently approved services.

Combine that with practical aids: a quick "check what you share" guide, a list of approved services on the intranet, a report button in the mail client. Make it visible when colleagues report a wrongly shared access or suspicious cloud activity in time; that normalises the behaviour.

Finally, refresh content at least every six months. Cloud services keep rolling out new features (shared folders, AI integrations, guest rights), and attackers track those closely. A 2024 module on Microsoft Teams sharing soon misses the latest lures.

Related articles

• Password management best practices
• Shadow IT risks for awareness and governance
• Email security and social engineering
• Common security mistakes employees make

Sources

• CISA: cloud security best practices
• NCSC NL: cloud use
• Cloud Security Alliance: top threats

FAQ

What is cloud security for end users?

Cloud security for end users is about what you control yourself: strong credentials, MFA, conscious sharing, using approved services and reporting suspicious activity. The provider secures the infrastructure, you secure your behaviour inside it.

What is the shared responsibility model?

It divides responsibility between cloud provider and customer. The provider secures the cloud (hardware, network, base platform); you secure what you put in it, how you share it and who has access. Incidents almost always sit in the second part.

May I use free AI services for work?

Preferably not, unless approved by your organisation. Many free AI services retain inputs for training, meaning you share confidential data with a third party. Ask IT for an approved alternative, there almost always is one.

Is "anyone with the link can edit" a safe setting?

No. A leaked URL is then enough access. Share with named people or a specific group, and set expiry. For sensitive documents, "anyone with the link" is not an acceptable default.

What do I do with an unexpected MFA prompt on a cloud account?

Do not approve. It is almost always an attack (push bombing): someone is trying to sign in with your password and hopes you tap approve out of habit. Change your password immediately and report to IT.

How often should I clean up shared files?

Quarterly is a good rule of thumb. Go through the "shared by me" overview, remove old links, restrict access no longer needed and apply policy-based retention.

What role does NIS2 play in cloud use?

The NIS2 directive and its national implementations require demonstrable measures for risks affecting continuity and information security, including cloud use. Awareness training and concrete behavioural rules about cloud sharing, MFA and approved services are part of the evidence base.