Cloud storage presents many benefits for the convenient availability of data, but confidentiality risks should be considered at all times. In the unfortunate event of a data breach, businesses are required to prove they had substantial Information Security measures in place to have avoided it; otherwise they could face prosecution and hefty fines.
“When we talk about Information Security, we are referring to the requirements for confidentiality, integrity and availability of your Information Security assets,” says Dale Rollinson, Technical Specialist at QMS.
Here are five tips to tighten your cloud security, starting immediately:
Use better passwords
Computer systems are usually secure. It’s often human behaviour that carries the greatest IT risk . Allowing employees to share logins or use basic, commonplace passwords lowers one of the key areas of defence against hackers or thieves who have illegally obtained your computer equipment. It is vital that your IT department has a password policy, which is regularly checked, to ensure users update their password periodically and do not use shared or generic passwords.
In situations where users have to remember many passwords for different systems, it is often beneficial to use a password management system such as 1password. It allows users to store login credentials in encrypted files, which can then be accessed as needed. Using similar systems grants your IT administrators the ability to enforce password policies such as regular changes and unique strings of characters.
Archive your data
Many companies assume that their data is safe, simply because it is being backed up. However this does not protect valuable information from user errors, such as overwriting or deleting files.
We often hear the industry focusing on the problem of technical IT storage failures, but 63% of all data losses are actually caused by human errors, with a further 15% attributable to situations where the user either failed to own up to their mistake or was simply unaware. Such mistakes can cost companies huge amounts of money. In 2010, Zurich Insurance were fined £2.27m by the FSA for losing the personal details of 46,000 customers.
If data is a valuable part of your business, then an archiving solution will help you to reverse these simple failures. Technical solutions like Crashplan and Backupify can be configured to incrementally store your files, thus providing the facility to call up previous versions of files and limiting your losses to at most a few hours work.
Choose your cloud carefully
“It’s important to consider your choice of cloud provider very carefully to ensure that they are capable of meeting your needs and the findings of your risk assessment,” says Rollinson.
“For example, can the provider prove that information is not being stored outside of the EU? Do your data retention policies correspond with theirs? Are there any Information Security aspects of industry specific standards you need to comply with?”
It is often presumed that providers of large data warehouses such as Google Drive and Dropbox are delivering a solid and secure service. Often their free cloud storage is vulnerable to exploitative attacks from malicious agencies. It is advisable therefore to use a further layer of encryption to secure valuable files that are stored in the cloud. These systems will protect your customers from identity theft and your own records from corporate espionage.
Choose between encryption software, such as SmartCryptor, which gives you the power to selectively protect your files based on your own criteria or more secure storage such as Tresorit or Wuala, which have been designed to make security a priority.
Implement multi-factor authentication
In most companies, access to valuable data can be contained to a select number of devices, including staff laptops, tables, office PCs and phones. Any device or remote location that requests information from your systems can be flagged and manually investigated to ascertain its nature. However, checking all requests can be a laborious task, especially if employees need to communicate with the company across different time-zones.
Multi-factor authentication requires users to provide additional credentials when logging into company systems. This usually takes the form of a passcode that is sent to a secondary device when using a remote or unrecognised location. One of the most common forms is a numeric code that is sent to a mobile phone, which is entered during an access request using a computer. Enabling such security measures not only provides you with a more secure system, but also saves valuable resource in verifying connections.
Create a master system administrator account
If you have many users accessing cloud based systems, this can create problems when staff leave, taking valuable files and customer information with them. In order to maintain control over your data it is essential to have a master admin account that manages the permissions and credentials for all other accounts on the system.
Such an account can be used to instantly remove user access and protect your cloud based data. For instance, if you know a staff member is going to be removed via a disciplinary procedure, their permissions can be immediately terminated.
Need assistance in keeping cloud data secure?
If you’re using cloud storage and backups or are looking for new ways to protect information assets but have not thought about a consistent security policy then ISO 27001 could help. This standard assists in the identification of information risks and puts in place the appropriate controls to help manage and reduce those risk. This standard is also recognised worldwide giving customers and stakeholders confidence that you are keeping your customer and business data safe.