== Ask Yourself Whether

* The S3 bucket stores sensitive data.
* The S3 bucket is not used to store static resources of websites (images, css ...).
* Many users have the permission to set ACL or policy to the S3 bucket.
* These settings are not already enforced to true at the account level.

There is a risk if you answered yes to any of those questions.