No matter how traditional your business may be, sooner or later, you will have to put data in the cloud. You will need to share files for collaborative work, you will have to use internet-based services to manage your customers’ information, and even your payroll services and other administrative tasks can become dependent on cloud-based tools.
Although the general assumption is that anything in the cloud can be vulnerable to attacks, putting your data in the cloud does not have to be a nerve-wracking experience. Here are some tips to help secure your corporate data:
- Encryption – Encrypt your data or use a cloud service provider who encrypts their data. Encrypting your own data is more reliable as it ensures that the data is unusable if an attacker manages to get on the service. Some cloud service providers also provide local encryption and decryption – so that the data is only readable at the client location and the providers themselves cannot read the data.
- Strong Passwords – Cyber security experts agree: “password” is a terrible password. Make sure that you and your staff use strong passwords; mix of upper-case, lower-case, alphanumeric characters, and at least one symbol usually works to deter most hackers. If the option is available with your cloud service provider, turn on two-step verification to further secure your data.
- Classify Data – Data classification helps you to determine how to handle data and who can view it. Sensitive information should not be uploaded unless really necessary, and if so, it must be encrypted and access to it must be limited.
- Backup Data – While syncing or saving to the cloud is a good idea, a backup to a local drive is still an important safeguard.
- Access Control – Ensuring that your staff only have access to data that is necessary for them to complete their tasks will prevent unnecessary sharing of data – especially if it pertains to other employees or to management plans.
- Read the small print – Carefully read the small print in your service agreement with the cloud service provider. Do they have the right to share your data to affiliated companies? Where do they store their data – an important question as the privacy laws may be different from what you are used to.
For further peace of mind, you can also implement an intrusion detection system that works with your cloud service. An example would be the LightCyber Magna behavioral attack discovery platform, a network-based attack detection and endpoint analysis system. Intrusion detections systems like this can detect if malware or unauthorized users are trying to access your data so you can then take action. Your cloud service provider will be able to give you more information on which security platforms work best with their service.