Cloud-based applications like Dropbox, GoogleDrive, and iCloud have made it easy for business owners to save and share an unlimited amount of data, but storing information in a virtual cloud may only be as safe as storing your information “in an actual cloud”, according to the Information Resources and Technology division of the Stanford School of medicine.
Because they have to be compliant with government health care regulations concerning the storage of medical records, the Stanford School of Medicine has taken explicit measures to ensure that anything they store on a cloud is as safe and secure as possible. If you want to ensure that your own data is at least that safe, you should keep the following five points in mind:
If you decide to store your company’s files on a cloud that is only protected by a password, make sure you choose that password wisely. Pick a word or phrase that won’t be compromised easily by a dictionary hack, and change the password frequently to reduce the threat of unwanted intruders or bitter ex-employees.
Although passwords can be an effective gatekeeper, try to find cloud-based storage systems that ask for double authentication. If possible, limit access to the cloud to certain devices, or use a system that combines a password with a four digit PIN that is texted to your employees’ cellphones before they access the cloud.
2. Employee Education
Ensure that your employees are well educated when it comes to online security. Remind them that technical support will never ask them for their passwords or other secure data, and train them to identify and avoid phishing scams from people acting as technical support. If you send your employees on the road, advise that they never access the cloud over a shared WiFi system, and if they need to do that on occasion, ensure that they only access encrypted sites.
3. Third Party Encryption Audits
Before signing up with any cloud-based service, take a few steps to make sure that you can trust them. Ask them for proof that they have had a recent third-party security audit, and make sure that any subcontractors they use abide by the same security rules, advises The Guardian.
Thomas Trappler, the director of software licensing at UCLA, suggests going even further when looking at a third party audit. In the Seattle Times, Trappler urges business owners to speak with the cloud storage provider about their encryption methods, and if necessary, ask if their employees have had adequate background checks.
4. Recovery Specialists
Unfortunately, regardless of how careful your cloud provider is, they may occasionally experience a security breach. The Seattle Times advises having detailed notification policies in place in the case of a breach, and LifeLock videos advises enlisting the help of a recovery specialist who can help you recover lost information and repair any damage that may have occurred.
5. Assess Level of Risk
Before putting anything in a cloud, assess how risky it might be, and carefully determine whether or not you are comfortable with that level of risk. Sharing a document of ideas over GoogleDrive may not be that risky, but loading a Human Resources file full of your employees’ personal information to a less secure cloud could be incredibly risky. You need to determine the level of risk versus the level of convenience and make your decision accordingly.
Updated on January 5th, 2014