With UK organisations rapidly adopting all manner of cloud services, it’s essential to proceed with caution and understand the potential security threats. Here are some of the cloud’s key risks and how to avoid them.
Nowadays we have to remember numerous passwords for different cloud-based services but keeping them simple, to aid memory re-call, can increase the risk of them being cracked. In fact, easily guessed passwords are the biggest cause of data breaches and compromised accounts. The reason for this is simple: many people choose a poor password and re-use it for all websites. This means that when one is hacked, everything is compromised. Therefore, so your password isn’t easily guessed, ensure it possesses at least eight characters and numbers – and make it memorable to you. Never store notes of your passwords in low security places – such on email or mobile devices.
2. Logging In
As a compromised password is the most common way to lose control of a cloud account, it’s important to take every precaution whilst logging in. Don’t use public computers or Wi-Fi for things you’d rather keep secure. Ensure that your username and password isn’t remembered when using public devices. Many cloud storage providers offer two-factor authentication – take advantage of this extra layer of security as it could be the barrier between your information and a hacker.
If you are storing any kind of sensitive data in the cloud, it’s essential that you encrypt it first. This means that even if your cloud service is compromised, any exposed information will be rendered unreadable. You can either choose to store your information with a cloud provider than includes encryption in the service, or encrypt it yourself using a third-party encryption service such as BoxCryptor. Finally, always ensure that your encryption key is not the same as your access password.
4. General Security
Stay smart and on top of your basic security measures so that you aren’t caught out by something easily preventable. Make sure that you maintain your antivirus software, and only download things from trusted sources. Extend this to mobile devices as well, so that you keep everything updated with the latest security measures. Also, be aware of false URLs – so ensure that if you click a link, your destination is trusted and has a valid security certificate.
5. Access The Risk
Depending on what you store in your cloud, you should be gauging the level of security that you need. Something that contains sensitive information – name, address, banking details or even a social media profile – should be protected properly with encryption. If you are not storing valuable data, you should still take precautions but it’s not always necessary to encrypt or monitor the contents of your account.
6. Know Your Cloud
The many current options of public, private or hybrid cloud mean that you can tailor your security measures to fit. Although reasonably secure, a public cloud can be vulnerable and you should take more precautions, whereas a private cloud is less likely to be breached yet still requires a sensible amount of security. You should still ensure any cloud provider offers SLAs of at least 99.8%, or guarantees for security provision and audits. If in doubt, you may be wise to keep your proprietary data and critical business applications in-house.
7. Know Your Cloud Environment
You should establish where your data is stored, especially if it holds the keys to your personal data. Only use a known cloud provider who is reliable, with a proven track record. Determine how you access your data when a Cloud provider’s systems are down and what applications will be affected and that a swift recovery can be guaranteed. It’s also essential that your provider can show it offers full UK data protection. A cloud data centre should be certified to international standards including ISO 27001 for information security management, ISO 9001 for quality management and ISO 14001 for environmental management.
8. Control Your Data
Ensure that you keep a current, local copy of your data so that you can still access it if your cloud services fail. In the event of an outage, loss of internet or a security issue, you can still access everything you need. If you are truly concerned about storing sensitive data in the cloud, keep this data on your personal computer. Security measures will still be required, but are likely to be supplemented by antivirus software. Delete things from your cloud that aren’t required – they take up space and could become vulnerable in the future.