- Change theme
it's an internet thing! est 1999
10 Best Practices For Protecting Your Company's Cloud Data
Small businesses are the victims of 43% of cyberattacks, and the effects can be devastating.
13:43 03 February 2022
According to the best management books, data breaches and account takeovers to human error, data security is pivotal for the prosperity of today’s organizations. Companies spend millions gathering data and make millions more selling it - so you can imagine exactly why it’s at risk.
You may have read about high-profile attacks on Yahoo, Facebook, and eBay. Yet, smaller businesses are the victims of 43% of cyberattacks, and the effects can be devastating. A data breach can damage reputations and erode trust. The reparation costs can be huge, alongside legal fees and penalties, as well as potential loss of earnings.
So whatever data you are storing, from phone numbers to product barcodes, your security is paramount. Let’s take a look at some of the best practices to protect your cloud data.
Scenario plan your response to a data breach
Scenario planning is a technique in which a team proposes responses to a hypothetical problem. It can help with workforce management (WFM), team building, and generating practical solutions efficiently. So, even if the perceived incident never happens, your staff are primed to deal with whatever occurs.
No matter what other responses you plan, your first step upon identifying a suspected attack should always be to report it. Businesses are frequently reluctant to report security issues through fear of negative publicity. However, the reaction to unreported or covered-up security issues can be far more damaging, as are the penalty fees. Speak to your lawyer or consult online legal services the moment you suspect a breach. It could save your organization millions in the long term.
Back up data on external hard drives
When you’re developing your data security practices, make sure you take into account both cloud storage and physical storage. If the worst happens and your cloud security is compromised, data should be backed up on external hard drives. Otherwise, you could lose vital information which could take weeks to recover. By that time you could be out of business.
On-site hard drives should be password protected and stored in locked cabinets in a locked room. Access to the keys should be limited to one department, such as IT or HR. Keep permanent records of when the drives are accessed, by whom, and for what purpose. For added security, a third external hard drive backup should be kept off-site.
Ensure that pirating and torrent sites are blocked from use on company devices. That's an obvious measure in the office, but if an employee works from home on their own laptop, they may assume they can access less-than-secure sites. Make sure they are aware this is not acceptable, and that your IT department has the jurisdiction to identify breaches.
Insecure sites can lead to trojans, malware, spyware, and viruses. If your employees are using their own devices, you might want to have your cloud data only accessible through a virtual browser to add an extra layer of security. If a problem like this arises, it is best for your organization to seek assistance from your cloud provider’s contact center services to ensure immediate resolution.
Passwords should be a minimum of 10 characters. Use a combination of lower and upper case letters, as well as numbers and special characters. Random word sequences, such as staple-smile-rider, are both strong passwords and easy to remember. You could also make acronyms from phrases and the shift keys of number sequences, eg: "I'll cross that bridge when I come to it 2011" becomes "IctBwIcti@)!!".
Change passwords at least every six months. This procedure can be automated by your IT department to make it mandatory.
Don't reuse passwords across multiple channels. Data breaches are commonplace. If you have an account with Chatwork, and you have reused your login on apps similar to Chatwork then the consequences of a data breach are exponentially increased.
Multi-factor authentication (MFA)
Multi-factor authentication is a great way to ensure that only the account holder can log in. Whether it involves sending a unique code to a linked smartphone, or answering a few specific questions, it means you’re no longer relying on passwords alone. Fingerprint and retina scanning are also increasingly prevalent.
Alerts can be automated so that you will be informed if there is a login attempt from a new device or from an unexpected location. MFA has been embraced by banking and finance for a reason, and other sectors need to catch up.
Avoid human error
74% of cyber issues can be traced to careless or untrained employees. Therefore, desktop PCs and laptops should be set to go to sleep or standby mode within 2 minutes of being idle. Carry out periodic audits and assessments. Consider conducting different testing methods, like mobile application testing as an example, for your systems to identify bugs, security risks, and potentials for human error.
Wipe data that isn't necessary
You should regularly review what information you have stored. Delete whatever is no longer relevant or required. This reduces the chances of it accidentally leaking, as well as helping to streamline your databases.
Across all your systems, ensure employees can only access the information that is relevant to them and their roles. Only designated users should be able to edit, read-only should be standard. An astonishing 88% of data breaches result from human error. The fewer humans who can access and edit data, the fewer errors.
Security training for employees
All employees who use computers, devices, or access emails should receive training. They should be aware of phishing scam emails and SMS, malwares, and scarewares that can jeopardize company security and might even cause business website downtime. These should always be reported to IT. Every employee should be security conscious, and aware of their role in identifying risks and preventing breaches.
Security needs to be one of the best practices for effective software developer team collaboration. All employees should be fully trained in the software and systems they use for their roles. Ensure they receive regular refresher training. Not only will this make them more efficient, but it will also reduce the risk of data breaches caused by human error.
Protocol for when employees leave
43% of data breaches are internal, often from disgruntled current or former employees. If an employee leaves for a direct competitor, the first point of contact should be IT. Their passwords should be changed across all channels. They should request any documents or data they require, to be considered on a case-by-case basis.
It would be best practice to ask them to leave immediately, or as soon as any outstanding duties are completed. This needn't mean an acrimonious departure, it's simply a necessary step towards protecting your organization.
Choose trusted providers
If your organization is in healthcare, you may have a telemedicine platform. You would likely need a cloud-native database to distribute your services. Not to mention a platform for electronic health records.
That's a minimum of three clouds requiring multiple APIs. Use reputable services rather than cheap or free alternatives - and that also includes your cloud call center software. There are usually numerous UI and service benefits with licensed solutions, as well as more robust security. Furthermore, if you follow the backup procedure in step 2, you can be secure in the knowledge that a data breach doesn't mean disaster.
Cybersecurity costs are often covered by general insurance policies, but not in detail. A dedicated cyber insurance policy will cover the specifics of dealing with data breaches and attacks. It will cover you for damages and costs incurred and loss of earnings, and provide third-party liability.
Invest in your IT department
A skilled IT department is essential for security issues as well as for the smooth running of your organization. They’re not just there to help with your CRM, set up speed dial and fix the printer! Hackers try to identify vulnerabilities in your systems, and your IT department should be doing the same. They should be researching the latest scams and closing loopholes, attending cybersecurity-themed hackathons, and informing employees of potential threats.
They can employ techniques such as hard drive partitioning. This isolates different sections of your hard drive for different functionality and data storage. This means that if one section of your hard drive becomes corrupted, the other sections will be unharmed. IT should also install appropriate security software and ensure it's always up-to-date. This doesn't just apply to desktop PCs and laptops but also to smartphones, gadgets, and IoT devices.
Increase your cybersecurity budget
You wouldn’t leave the doors and windows of your offices unlocked overnight. So you should invest both time and money in your cybersecurity and spend around 3% of your total budget on it. This might sound excessive. But if you consider that data breaches cost an average of $150 per record, it's one of the best ROIs you can make. Put cybersecurity at the forefront of your business strategy, it can protect your organization.
Invest, invest, invest
Invest in training. Invest in security automation tools. Invest in personnel. Investing upfront now will save time and money in the long term. It’s important to protect your business, your customers, and your reputation. By following these practices, you’ll be able to have peace of mind about your company’s cloud data.
Richard Conn - Senior Director, Demand Generation, 8x8
Richard Conn is the Senior Director for Demand Generation at 8x8, a leading communication platform with integrated call center quality assurance tools, voice, video, and chat functionality. He is an analytical & results-driven digital marketing leader with a track record of achieving major ROI improvements in fast-paced, competitive B2B environments. Check out his LinkedIn.