Businesses must evolve their security practices in order to keep pace with ever-changing technology and the associated security threats. If they don’t, the cost of a data breach can be devastating. According to the 2016 Cost of Data Breach Study published by the Ponemon Institute, the average total cost of a data breach is $4 million, and the average cost of a lost or stolen record that includes sensitive or personally identifiable information is $158. Imagine the cost when thousands or hundreds of thousands of records are involved. These costs are exactly why companies must choose the best in security, and that often means utilizing the cloud. The following 10 security tips are a starting point for all businesses to keep in mind as they use cloud-based technologies.
1. Keep an Inventory of Sensitive Files
How can you know if data is missing if you don’t know what’s there to begin with? Keeping your files safe means keeping tabs on which information is stored where, the manner in which it is stored, and the different ways in which it is accessed.
2. Minimize Unnecessarily Stored Data
The only purpose for storing unnecessary information is to give cyber thieves something else to steal. Only store what’s necessary to keep your business operating. Billing information for old clients and Social Security numbers of previous employees are not needed to run your business and serve as potential targets of theft. Sift through your files and rid your system of anything outdated or non-essential to your operations.
3. Ensure Your Server Host Used Physical
Just because your information is stored digitally doesn’t mean you don’t still need physical protection. Servers should be kept in a locked and secure location. If your files are kept in a remote data center, it should be one with SSAE 16 Type II accreditation and 24/7 physical security. All data should also backed up in additional server locations.
4. Use High-Grade Encryption Protocols
In order to maximize the safety of your files, it’s imperative to take all necessary precautions in regards to electronic safety. This means using high-grade encryption for files both in transfer mode and while at rest along with the utilization of firewalls and SSL/TLS protocols.
5. Keep Secure Passwords with Multi-Factor Authentication
A shockingly high number of data breaches are the result of careless password use. Passwords should be custom-made and include a wide range of configuration options. Multi-factor authentication is recommended along with an account lockout feature following a series of unsuccessful attempts.
6. Configure Activity Tracking to Log Access History
Between team members, colleagues, clients, and contractors, a large number of people may have access to a given file. If each of these users is granted editing access, you run the risk of incorrect modifications being made. You also run the risk of a malicious intent to erase, sabotage, or share confidential information. An activity tracking feature maintains a log of every user who accesses a file, the time they accessed it, and what changes they made while they were inside. A summary of this file activity can be reported back to administrators in emails or text messages for immediate notification.
7. Keep Minimal External Access Granted
One of the greatest benefits of the cloud (the ability to access information anytime, anywhere) is also one of its greatest risks. Consider all the people who have been granted permission to open your files. Chances are, you’ve never even met some of the people who have access to your most sensitive data. Whenever external access is granted to a file, administrators should set up custom permissions and controls according to role. This means each person with access will only be allowed to open, view, or edit information based on their position and responsibilities for the project. There’s no reason one client should be able to see what you’re working on for another client just as there’s no reason a website design consultant should have access to financial information.
8. Limit Wireless Use on Public Wi-Fi
Smartphones, tablets, and laptops have made it so easy to conduct business on the go. They’ve also made it easy for security slip-ups to happen. These personal devices are often used for personal matters, which means they carry a risk of cross-pollination, i.e. having one device infect another with viruses or malware. Additionally, if a wireless device is lost or stolen, your company’s information could end up in the wrong hands, and communication could be intercepted over a public Wi-Fi network. Utilizing a virtual data room can negate many of the risks associated with the business use of personal devices.
9. Train and Certify Employees
You should never grant access to your cloud without the proper user training. Take the time to train new employees on cloud security best practices and even consider implementing a security education day for all employees.
10. Use HIPAA Compliance as a Guide
Even if you aren’t in the healthcare industry, following the same privacy guidelines set forth by HIPAA can serve as an effective model for keeping your information safe and confidential. Using an HIPAA-friendly project management software program can help ensure your data is protected with top-notch security protocols. There are several ways businesses can empower employees to safeguard confidential data and minimize security risks. With cyber-attacks costing businesses $400 to $500 billion a year, you can’t afford to take security lightly. Fortunately, following the tips listed in this article will help ensure your business runs as securely and as profitably as possible.
About the Author: Adrian Phillips leads product marketing for Citrix ShareFile. With a diverse career dating back to the dot-boom era, his passion is helping customers transform the way they work by using cloud-based technologies. Striving to live a paperless life in Raleigh, N.C., Adrian holds a bachelor’s degree in journalism. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
