Saving all your startup's data on the cloud is safe… right?
By Sarah Landrum (Founder, Punched Clocks)
It’s this simple: If data security breaches can happen to large corporations with billions of dollars of market capital, such as Home Depot and Target, then they can happen to your small- to medium-sized business, too. It’s in your best interest to take proactive steps to ensure that your information systems security is state-of-the-art.
In fact, according to a Verizon study, more than 30 percent of data breaches that occurred in 2012 happened to businesses with fewer than 100 employees. Another nine percent hit companies that employ between 101 and 1,000 people.
An added risk for your small businesses? You likely use cloud services. You may find it convenient to have your entire IT department outsourced so that you can focus on the core mission of you business. The cloud also offers the added advantage of being a turnkey solution that’s an operational rather than a capital expense.
If you operate a business that relies heavily on the cloud, you should know that there are certain, inherent risks associated with cloud technology. But as with other risks in business, there are ways to limit your exposure. Here are four ways that you can keep your business safe.
1. Be Certain Your Cloud Service Provider Uses Up-To-Date Security
Your cloud service provider might brag about the security of its system, but this is definitely an area where you’ll want to ask questions and verify the marketing hype.
For starters, your provider should be using encryption to protect your data. You can think of encryption as a procedure that encodes your files so that, even if there is a breach, the people who gain access to your data will only be able to view what looks like a bunch of random characters strung together. They won’t be able to read or view your files as you do when you access them.
Encryption is a complicated process that involves an advanced use of math. But there are certain keywords that you should know about when discussing security with your cloud service provider. As of this writing, you’ll want to hear that your provider is using AES-256 encryption, RSA 2048 for signatures and folders, and SHA-256 for security checks.
Also, your cloud provider should use the acronyms SSL (Secure Sockets Layer) and SSE (Streaming SIMD Extensions) when explaining security to you. You should also talk to your provider about the type of multi-factor authentication that’s offered.
Multi-factor authentication ensures only authorized users can access sensitive data by requiring users to authenticate more than one method of authentication of unique credentials in order to verify a user’s identity before granting access.
2. Back up Your Data Regularly
You might associate frequent, consistent data backups with disaster recovery as opposed to data security. But backups are a security measure as well.
This is because if your data is ever compromised – it happens even in the most secure environments thanks to unscrupulous employees and human error – a backup will help you determine what was targeted.
Your cloud service provider probably offers data backups already. Yet the company might keep only the latest backup and not keep a series of recent backups. If that’s the case, then ask your provider to start keeping daily backups from the last several days, weekly backups from the last eight weeks and monthly backups from the last several months. Then, if you’re alerted to a data breach that occurred on a particular date, you can go back and look at the previous backups to determine the exact nature of the breach.
3. Clean Your Own House
Even if your cloud service provider has all of the latest security precautions in place, you can still be the victim of a breach.
Hackers can target your own internal systems. If the workstations at your place of business don’t have the greatest, most up-to-date antivirus software installed, you’re opening your business to a breach. Hackers might gain access to some of your systems and use software to determine the passwords that your employees are using to access the cloud. Once they have those passwords, they have access to the cloud and your business will be in trouble.
4. Set a Cloud Usage Policy
You should have a documented policy in place that explains to your employees when and how they should access the cloud.
The reason that a policy contributes to your overall data security is because it effectively limits access to the cloud. It’s a simple principle that the less people use the cloud, the less they open themselves up to threats.
Also, ensure that only authorized personnel are installing new software and/or performing updates. Avoid granting administrative rights across the board. Let people prove themselves for a while before they have king-like access to your systems. The cloud has enhanced your business productivity greatly. Just be sure that you’re using it in a way that you mitigate the risk of a data breach
About the guest blogger: Sarah Landrum is a freelance writer and Digital Marketing Specialist. She is also the founder of Punched Clocks, a site dedicated to sharing advice on navigating the work world. Passionate about helping others find happiness and success in their careers, she shares advice on everything from the job search and entrepreneurship to professional development, and more! Follow her for more great tips @SarahLandrum.