Protecting Your Cloud-Based Enterprise: It’s Everyone’s Responsibility
[Editor’s Note: Especially in the past few years, cybercrime has skyrocketed at an alarming rate as criminals increasingly find opportunities to target businesses, causing unimaginable chaos from data breaches to attacks on the supply chain. To help businesses shore up their digital defenses, we’re publishing a 5-part series about cybersecurity, covering topics from the benefits of the cloud to multi-factor authentication. In part 3 of this series, we explore the significant role the cloud plays in reducing data breaches. To view the other parts of this series, scroll down to the end of this article.]
Protecting Your Cloud-Based Enterprise: It’s Everyone’s Responsibility – Part 3 of 5
More businesses are turning to the cloud to store data and access useful applications. It’s a convenient choice that can unburden your digital infrastructure of costly and space-consuming hardware while providing greater access to employees in work-at-home or far-flung locales.
However, using the cloud carries risks if employees aren’t careful. Security lapses can compromise important information stored in the cloud, like credit card or social security numbers, and personal information that could lead to identity theft or other crimes in the hands of cyber thieves.
When breaches happen, the damage can be significant and difficult to mitigate. Your patients or customers can lose faith in your organization, and so can shareholders. And nothing harpoons a stellar brand image like a trust-eroding data breach or ransomware attack.
Protecting Your Cloud-Based Enterprise
Running securely in the cloud starts with an accurate assessment of needs. This blog post from Cloud Industry Forum states, ‘armed with clarity on technical, service, security, data governance and service management requirements, you can effectively interrogate your select group of potential providers.’
The post adds that there are eight key areas to consider when conducting your evaluation:
Certificates and Standards
Look for accreditations in security, service, and operations that align with your organization’s priorities.
Understand how your provider intends to evolve technology and service to accommodate growth like offering Managed Services to monitor, protect and optimize your network.
Data Governance and Security
Consider legal and compliance regulations and the provider’s ability to provide cloud services that are in step with the requirements of your industry.
Services Dependencies and Partnerships
Ensure that your provider can integrate with or accommodate other digital relationships you rely on to conduct business.
Review service level agreements to ensure you understand what you can expect from your relationship with the provider.
Examine provider stats that measure downtime, mitigation, and reporting.
Understand how easy or challenging it may be to switch providers should you choose to do so. Some use proprietary technologies that make it more difficult than others.
Review the provider’s history to ensure they have a track record that’s stable and reliable.
Human Factors Influencing Cloud Security
Operating from a cloud-based platform should be relatively risk free with a reputable provider that meets your business’ security and service needs, right? Unfortunately, there’s a human side to cloud security that can undermine the safety of even the securest cloud environments.
Employees: the Front Line of Defense
In a cloud-based business, each employee with access to the data and applications has a responsibility to protect and secure it. This means integrating an information security training component to help them appreciate and understand the risks.
A comprehensive approach to employee training would cover:
Ensure employees use strong passwords when logging into the cloud and changing them at proper intervals. Strong passwords include numbers, special characters, and upper and lower cases. Pass phrases, words strung together only the user knows, such as ‘my cat, Penny, likes cheese on salmon’ are also encouraged.
Phishing Awareness and Social Engineering Training
Provide employees with the information they need to recognize phishing emails that could harvest log-in credentials and compromise cloud access. In addition, train them to recognize social engineering tactics cybercriminals use to trick them into surrendering sensitive data stored in the cloud.
Desk and Device Habits
How an employee maintains their workspace and cares for work devices can considerably impact cloud security. Train them to keep their workspaces clear of post-its with passwords written on them and other sensitive information. Ensure they lock their screens when they leave their workspaces for extended periods when working in the cloud. And make sure they’re securing laptops, phones, or other devices to protect them from loss or theft.
Logging into the cloud on any WiFi network other than a secure one can introduce risk. Ensure employees understand that free WiFi at public venues like airports and coffee shops is usually unsecured and that logging in puts usernames and passwords out there for anyone who’s monitoring, including cybercriminals.
Enlisting Information Security Training and Help
When you realize that your organization’s cloud-based security is only as strong as an employee who’s susceptible to scammers (or simply careless with passwords and post-its), shoring up your weakest links can seem daunting.
However, several options are available, ranging from free government resources to fee-based programs from firms that specialize in cybersecurity. An online search reveals a multitude of options.
The Cybersecurity Series:
Part 1: Ransomware: A Prescription for Prevention
Part 2: Making the Case for Multi-Factor Authentication
Part 4: The Hidden Risks of Mobile Devices and Removable Media
Part 5: Protecting Your Remote Workforce from Cybersecurity Threats