Modern small businesses are more complex than ever, often generating a tremendous amount of data and requiring ever-greater flexibility and ease of access. Moving that data to the cloud offers a range of advantages, facilitating a more efficient and productive work environment, allowing businesses to meet consumer needs with speed and agility, reducing IT and overhead costs and providing superior continuity in the event of a disaster or other disruption.
Cloud services also invite risk, however, as small businesses have become an increasingly popular target for cybersecurity threats. There are so many other tasks that accompany running your own business that it can be easy to save tasks like protecting your IT infrastructure for last.
That said, by following basic cloud security practices and some of the suggestions below, you can easily mitigate much of the risk and allow your business to safely capitalize on the many benefits conferred by cloud-based data management.
Focus on preparation
Before making any decision to incorporate cloud services into your business operations, you should begin the process by conducting a thorough assessment of your data. Identify all data that will be moved to the cloud and make sure that you understand the value, risk and liability associated with that data. Some information, such as company financial records and proprietary assets, could prove to be a higher-risk target than nonessential information.
Cloud storage of other data, such as healthcare-related information or customer credit card records, may be subject to strict government or industry regulations. Additionally, it’s important to research whether your business could be held financially responsible should sensitive data be compromised. Understanding these factors is the critical first step in finding a cloud service that is capable of not only handling your business’ data, but also providing the level of protection you need.
Trust, but verify
Using cloud services to manage business data requires no small degree of trust, but that doesn’t mean it should be done blindly. Before entering into any agreement, be sure to do your due diligence on the cloud service provider. Ask prospective providers these questions:
- Where and how your data will be stored
- Whether your data will be encrypted
- Whether data you delete actually will be removed from the cloud entirely
- What the provider’s security procedures entail.
Your business data is important, and it’s your responsibility to understand exactly what will happen to it once it leaves your hands.
Additionally, ask to see any security and reliability certifications the service provider may have. If you’re storing sensitive or valuable data, consider restricting your search only to providers that carry certifications and proven track records operating in the business space. Be sure to also inquire about the expected uptime percentage of the cloud service and the available options and typical response time for technical support.
Develop effective password practices
Even the best security system is only as effective as its weakest link, which is why it’s critical that you design and implement best practices for accessing and managing cloud-based data. This begins with strong passwords. You and your employees should use unique passwords for each account related to your business, and passwords must always be random and strong. A strong password should contain at least 14 characters; contain a mix of uppercase and lowercase letters, numbers and other symbols; and avoid any personal information, quotations or other common phrases.
Two-factor authentication offers an added layer of protection, and it should be considered for any application involving sensitive data. Two-factor or multi-factor authentication involves the use of a second authentication factor – often a PIN number sent via SMS, a physical object like a card or key or a biometric factor such as a fingerprint – in addition to a traditional password. While it may be slightly less convenient, it’s a valuable protection measure that can make a breach far more unlikely.
Be mindful of identity theft
Identity theft is not just a problem for individuals. In fact, business identity theft is a rapidly growing problem that causes millions of dollars in damages each year, and businesses of all sizes are at risk. Business identity theft involves the theft of business credentials, financial records, trade secrets and other sensitive information, often by means of a digital security breach. This information can be used for a variety of malicious purposes, including opening lines of credit or accessing bank accounts under the business’ name, defrauding customers and manipulating business owners.
Business identity theft often begins through a phishing campaign, which utilizes fake emails or websites that are designed to resemble those of a real person or company. Employees who are duped by these tactics may be persuaded to provide login credentials or other sensitive personal or business data, unwittingly handing criminals all the information they need to steal your business’ identity.
To keep your business and its cloud data safe, train your employees to recognize credit card fraud and phishing attempts and provide appropriate guidelines for response. One effective solution is to establish a dedicated mailbox to which employees can forward suspected phishing scams, where they can then be investigated and handled safely.
Take advantage of activity monitoring
Perhaps nothing is more valuable to your business’ cloud security than knowing the “who,” “where” and “when” of how your data is accessed. Many cloud services offer basic activity monitoring for this purpose, providing time logs, location data and other information that can be reviewed to spot potentially unwanted data access.
For more sensitive data, consider a service that offers active real-time monitoring. Though it often comes with an added expense that may not appeal to all small businesses, real-time monitoring can quickly detect and shut down suspicious activity, potentially preventing a data breach before it can occur.
Additionally, you may wish to consider offline monitoring as an added layer of protection. The truth is no data storage system is 100 percent secure, whether it’s based in the cloud or stored on a local server, and a breach may not be immediately apparent. By closely monitoring relevant records such as business credit reports, bank statements and other financial records, you’ll be in a better position to quickly identify a potential breach and take action to keep your business safe and secure.
Beth Kotz is a contributing writer for Credit.com. She has also been featured as a writer and editor for numerous blogs in the energy, entertainment and home verticals.