The next article from our IT specialist Darren from Pivotal Data Solutions talks about how you can keep your data safe when using cloud technology.
Is it really safe to work in the cloud? The answer is yes – unless you work in an environment that does not use the internet you are already exposing your data to potential leaks or losses. In most cases, working in the cloud can be safer than the traditional environment with physical servers.
Prior to the cloud, IT professionals focused their efforts on securing their networks with technology like firewalls, virtual private networks (VPNs) and anti virus software.
In many cases, these were the only layers of security small business used. However, in the cloud environment we need to pay closer attention to lower level security layers (closer to the user) than we may have previously.
If implemented properly, these five security controls can mitigate over 70% of data security risk when using cloud based services. You may even find these tips help your team be more productive too!
1. Strong passwords
Using cloud based systems and programs means we’re now accessing our information via the web through publicly visible gateways – and our passwords are the key. Keeping your password secure is now more important than ever.
The recommended practice for a strong password is to use Multi Factor Authentication (MFA) – which means using two components to prove your user is authentic. This could be using a security token combined with a password.
Along with a strong password, users need good password practices. You should not use the same passwords at home and at work, or across different systems such as banking and social media sites. Reusing passwords puts private data at risk when a site using the same password and user name (e.g. email address) is breached.
“In most cases, working in the cloud can be safer than the traditional environment with physical servers.”
2. Apply patches
Patching is software that updates, fixes bugs or improve programs or data. Patches can keep your systems safe in between big and critical software updates. Businesses should look at regularly applying two kinds of patching:
- Application Patching – common support programs like Java and Adobe Flash are often forgotten, despite representing half of known vulnerabilities.
- Operating System Patching – install available patches regularly, at least monthly.
3. Go beyond Antivirus
It’s no longer enough to just install antivirus software on your PC and hope for the best. Malware and viruses are more sophisticated and evolving every day, and using devices like smart phones and tablets as their entry point.
Modern antivirus measures are all about endpoint protection – which is software that uses behavior analysis and intrusion detection techniques across devices. These days it’s much more affordable – so there’s no longer any excuse to place yours and your customers’ data and privacy at risk by not using a quality solution (we recommend Bitdefender or Trend Micro).
4. Set up your operating system
A poorly configured system can negate all the hard work in patching and protecting a system. If you do not have a central server (e.g. active directory) where you can easily manage the settings on all your computers, then create a common local administrator account on all computers with the same credentials and keep the credentials secure and only known to one or two individuals. These individuals should be the only people installing software on your company devices.
Ensure you know what applications your users need to do their work. Make sure you have legitimate licences for them. A subscription based licence (such as Office 365) offers continual improvements, patches and up to date security all with minimal user disruption.
5. Train your people
Modern ransomware attacks use a technique called Phishing where the criminal tries to trick users into clicking on a link or opening an attachment urgently in order to avoid some dire consequence.
Training your users to recognise these attacks and avoid blindly accepting every emailed instruction or message will help reduce the risk of a successful malware attack. The training does not have to be sophisticated, a simple discussion during the weekly staff meeting regarding the latest trick that you or your IT provider has seen will do.
If you are unsure how to implement any of these tips we recommend talking to an IT professional to help your business be as secure and efficient as possible.