If your company holds or accesses any data whatsoever remotely in 2019, the chances are that you're using a cloud server. Using the cloud, however, often means that you're putting your eggs in someone else's basket. How can you keep your data as safe as possible when it's not on your personal, local machines? Even if it is, how can you limit the risks involved? Here are some quick and easy tips to help ensure that your cloud data stays exactly where it should be.
1) Avoid storing anything too sensitive, personal, or classified on the cloud. All cloud systems can be compromised (in theory).
2) Choose secure passwords for your cloud accounts. The longer and more complicated the better. '12345', 'Admin', or 'Password' won't cut it.
3) For joint accounts, try to limit who knows the joint password as much as possible.
4) Assign separate accounts to different projects, departments, and people. Compartmentalising your vital data makes life much harder for any hacker.
5) Vary, replace, and regularly cycle your cloud passwords. Tip 4 could prove useless if you don't. Two-step authentication can be added, such as sending a unique access code via email upon login request. This prevents what's known as a privilege escalation compromise if your login credentials are only partially obtained by a criminal.
6) Set up a dedicated 'high security' account for your critical, top-secret data.
7) Delete any junk or historical data you don't need from the cloud. Get rid of files containing old addresses, contact information, or customer names as soon as they're irrelevant. Any odd bit of data could come in useful to a cyber-criminal.
8) Consider old-fashioned, local backups on physical media for storing any historical data that doesn't need to be accessed often. Keep the backups behind at least one lock. Servers should likewise be kept in a secure, locked room with heavy doors and glass.
9) Monitor user activity on the cloud very carefully. Any unauthorised or otherwise strange IP addresses accessing your cloud should be investigated straight away. Some services allow you to track user file reads and modifications, as well.
10) Train employees using the cloud to look out for threats such as phishing and viruses, particularly those who aren't directly involved in IT day-to-day. Any employees who have left your company should be 'locked out' via a password change.
11) Encrypt your cloud files, making them worthless to anyone who copies them without the encryption key. Some cloud services will offer account and file encryption as standard.
12) Keep your internal company devices internal. Laptops and tablets containing vital cloud data or passwords should not be used on unsecured public or home Wi-Fi networks.
Secure Data Disposal
While the cloud has reduced the dependence of many businesses on physical storage devices, hard copy backups are still important. When data-bearing IT assets are disposed of, precautions must be taken to ensure data doesn’t fall into the wrong hands. To find out how we can help, please call 01332 371989.
Image source: Pixabay