It’s been a long time now since data security meant locking up your documents safe in a filing cabinet. With the recent influx of very public and very large scale data security hiccups from the HMRC data loss scandal, to the mass surveillance of the NSA, I like many of you, are wondering how can I keep my information safe in this age of cloud computing?
1. Strong passwords are key
The first step when talking about data security has to be passwords. Creating weak passwords is an excellent way to compromise the security of your data. A password is like a lock and having a password which is easy to guess means that anyone who is inclined to do so can easily make a copy of your key.
Although passwords can be annoying to remember it is important that users of cloud computing or indeed any kind of computing have different passwords for different systems. If an employee has the same password across all of their personal and professional accounts then once one account is hacked all of their other accounts are very vulnerable.
A recent study by SpalshData showed that the top 3 passwords of 2013 were “123456”, “password” and “12345678”. Passwords such as these defeat the purpose of a password. A good password should be at least 8 characters long, contain upper and lower case letters, numbers and special characters. The strongest passwords will not even contain full words. Finding a secure place to write these passwords down will mean that you’re not relying on having an easy password.
It is important that you reiterate these password guidelines to anyone who uses your company's cloud computing software.
2. Privileged users need greater security
Within your organisation the users that are at an administrator level or have access to sensitive or valuable information should have to undergo a more vigorous security checking process than users with lesser access.
To improve the security of this data, consider training these privileged users in secure data handling and developing stronger access control.
3. Constrict access based on context
Control user’s access to data based on the context of when and how they are accessing the information. For example, implementing more sign-on steps, security barriers and limiting data access to an employee during out of office hours or when they are using a mobile device.
4. Identify high risk areas
Recognise databases with valuable and sensitive data and provide them with additional protective measures. These protective measures can include monitoring and encryption.
5. Take security measures to the device
To ensure the security of company data you should aim to keep business data and personal data separate. This is especially prevalent when it comes to employee’s mobile devices which are often used for a mixture of personal and business.
One such way to improve security on a mobile device is to install a patch management agent onto the mobile device in order to ensure that the device is consistently running the latest version of software.
Scanning these mobile devices will also help to improve the security.
6. Implementing intelligent network protection
To protect your cloud network most effectively, network protection devices must have the functionality to gather analytics and insights to understand which users are accessing what content and using what device.
Creating an audit trail by capturing security data from validating user IDs and passwords will enable regulatory compliance and forensic investigation. This added level of extra control is particularly vital in order to make cloud software as safe as possible.
7. Fail safe
The simple fact is that your information is not 100% safe anywhere, event on your external hard-drive. Cloud accounting software providers strongly advocate the implementation of cloud backup of data so that you are able to recover and restore your businesses’ irreplaceable information. Regular cloud backups are almost more important to secure your business than your actual data as they will provide you with great peace of mind that no matter what happens you can retain your businesses’ data.
Data security is often something that people only think about when it’s too late but it is a truly integral part of your business. To ensure that you have the best chance of protecting your cloud data, try to implement whichever of the above steps that your business can achieve. Some measures will not be possible for all businesses and budgets, but by clearly communicating with your employee’s so that they understand good data security and its’ importance, I believe that you can minimize data security risk in a cost effective way.
Thank you for reading my article on how to keep data secure on the cloud, I hope you have found it useful.