Let caution be your watchword.
More and more organizations are moving to the cloud. And that’s great because it allows your employees to share files easily and efficiently. However, no matter how convenient this technology is, business owners and employees alike should be aware of a few basic security risks and counter-measures.
Employees must clearly understand what type of information can be shared and what storage mediums are eligible for each category of information. This approach will enable companies to establish a consistent and manageable process as it relates to the secure use, access, and storage of company information.
Beware the Password! Most cloud services provide users with their own accounts. Generally, employees select their own passwords. What will stand between a hacker and the content of those files is a password. It is very important for employees to select a “strong” password. (View one of our recent blogs – Do’s and Don’ts of Password Security). Passwords should be changed periodically. This can be set automatically through most databases and ensures that employees don’t use duplicate passwords.
Do You Have Remote Users? Any computer or device that accesses company data should be considered a risk access point. Be sure that all devices are protected with security updates and patches. All these access points should have anti-virus / anti-malware protection as well. If you have employees who travel frequently, they may be using public Wi-Fi connections. Be sure that employees understand that if their devices are being used to send and receive files in the cloud, their data may be at risk, if unprotected.
How Secure is Your Cloud Service Provider? It is important to know whether the service provider can see your data.
- If so, does the provider have controls in place to avoid sending, copying, or e-mailing your valuable data?
- You also need to ask your cloud service provider what their data-protection policy is, and what the audit procedures are. Then, you should perform your own due diligence on those procedures.
- What happens in the event of data corruption? Are there proper backups, and how far back do the backups go?
Evaluate Your Security Policies
Evaluate your security measures regularly to be sure they are doing the job. Circumstances change, equipment and software become outdated, and people make mistakes. As a result, effective security is dynamic, and requires monitoring and updating.