It's easy to leave your cloud storage alone and trust it's taking care of itself. However, this is a sure-fire way to encounter problems with security, which you might not know about until it's too late. Unsure whether you need to take action now? These signs could help you out:
You don't have a password policy
Experience has shown many businesses that, without proper guidance, employees will go for basic variants of password123 to secure their user accounts. If this is the case, your cloud could be in danger of being compromised. To ensure that all employees are using passwords that are difficult to hack, distribute some simple guidelines for them to follow.
The key tip everyone should observe is that passwords should be a string of words rather than just one. Uppercase letters, numbers, and special characters don't actually help as much as you imagine, rather employees should be devising passwords like ‘telcommunicationsaregreat’. If these phrases are nonsensical, then even better, though the main trick is to make passwords difficult for computers to crack rather than people, which are two very different things.
Employees should also be discouraged from having sticky notes by their monitor with their password on, and storing passwords in e-mails or in a document on the cloud is also a no-go. Ideally, staff should memorise their passwords, which is actually much easier to do with phrases than strings of letters and numbers (and both of these offer the same level of security!)
You're relying on built-in encryption (or have no encryption at all)
Although your cloud storage may claim to have built-in encryption, you should always invest in an extra layer of protection, just to be sure. Before you transfer a file to the cloud, you should use specialised software to password protect it. Ideally, each file should have a different password that you only share with those who need access to that information. Minimising the number of employees who can access certain documents means there's a lower risk of a breach occurring. Many companies allow all their staff to access everything, but this just simply isn't necessary in most cases.
The best type of encryption to use is authenticated encryption, as this stores additional metadata alongside the file that tells you whether any of the contents has been edited since its creation. When using this kind of security, it's unlikely that anyone other than authorised users will be able to access files. It's important to always be aware of who is in possession of the encryption keys, as although it's easier to let your cloud provider handle this, it means they do have access to your data. Storing the encryption keys yourself can be a more secure solution. Additional layers of encryption are often passed over by cloud users, as it means functions like searching through files and live editing are no longer available. However, it's one of the most effective ways of keeping your data safe, so it should at the top of the priority list.
The cloud service you're using should also be encrypted. As mentioned before, it's not good to rely on this alone, but it offers double the protection for your files. With two layers of protection, it's more likely that nobody unauthorised will be able to access your data, including those who run and maintain the servers you're using to store files.
It's important to always assess the level of security you need for the files you're storing. If working collaboratively with large numbers of people on projects is more important than an information leak, you may want to forgo encrypting certain files. Sensitive information, on the other hand, needs to be treated with the utmost care. Many IT experts even recommend businesses to store particularly personal data outside of the cloud, especially with new GDPR regulations on the tip of everyone's tongue.
You haven't read the user agreement
It might seem like common sense, but most users happily click agree when signing up to cloud solutions without reading a word. User agreements can be long and dry, but if you're going to take your security seriously, you'll need to put aside a bit of time to get through it. You'll learn about the level of encryption you're provided with as well as who might have access to your data without your knowledge. You might even gain insight into additional security measures your provider is using, is your data being sharded to make it more difficult for hackers to access it in its entirety? If not, you might want to consider upgrading your package or chatting to a representative of the company.
You haven't considered your devices and network
It's all well and good to encrypt the cloud within an inch of its life, but if your office computers are compromised, it probably won't do much good. Ensure that your network is sufficiently protected by firewalls and that you have a good in house or outsourced IT maintenance team. They'll be able to patch up any holes in your security as well as ensure everything is always up to date. Another good way of securing your cloud is by restricting employees to only accessing the cloud on approved devices. This means using a work laptop even when working from home and never accessing files from shared library computers or a friend's smartphone. Although a main benefit of the cloud is that it is accessible anywhere, this use must be regulated and restricted.
Although there are many steps you can take to keep your cloud storage secure, it's important that your provider is trustworthy to being with. Here at Immervox, we take your privacy and the privacy of your files seriously. To discuss any concerns you might have, get in touch with our professional, friendly team today.