Companies are moving to the cloud faster than their security strategies are keeping up. Ninety-five percent of organizations are now using the cloud for infrastructure or applications, according to RightScale’s 2016 State of the Cloud Report. But although 95 percent of IT professionals are aware of security risks associated with cloud migration, only 62 percent say they have protective measures in place and 53 percent say their company needs to prioritize developing a cloud security strategy, a Computacenter survey found. If your business is on the cloud or planning a cloud migration, here are five basic security steps you should take to keep your company’s network and data safe.
Only Store Data You Need
Don’t collect data you can’t protect, the Brookings Institute says. Businesses tend to collect a great deal of sensitive information they don’t actually need to retain, such as customer credit card numbers and employee Social Security numbers. This creates unnecessary risk. One of the simplest ways to minimize this risk is by not collecting such data in the first place or discarding it as soon as it is no longer needed. For instance, rather than processing customer transactions on your own website and relying on your own security, you can use a third-party online payment processing service or payment-enabled software.
Use Strong Passwords
Despite decades of advice from security experts, the top 100 passwords people use haven’t changed over the years, Computerworld says. Worse, people tend to use the same password on multiple accounts, creating the risk of multiple accounts being compromised by a single hack. To reduce these risks, be sure that you and other members of your company use strong passwords with long character strings (at least 12 to 14 characters long) and a mixture of capital and lower-cased letters, numbers and symbols. This applies to all passwords used to connect to the cloud, including passwords for mobile devices, network devices, network connections and apps. To fortify passwords, use multi-factor authentication when possible.
Use Encryption
Encryption is another essential security measure for businesses, says the Federal Trade Commission. Use encryption to protect sensitive data wherever it is stored or transmitted. Depending on the nature of your business, TLS/SSL encryption, data-at-rest encryption or an iterative cryptographic hash may be appropriate. Make sure your data remains protected at all stages of its lifecycle, including during transmission from customer browsers to your company’s server and during any exchanges of your server with other communication channels, such as email. Make sure your tech team has your encryption properly configured, and follow industry best practices.
Keep Security Updated
Another essential step is keeping your security up to date by using current versions of operating systems, software apps and antivirus updates. Outdated operating systems and apps contain security vulnerabilities that hackers can exploit. Make sure all devices connecting to your network have up-to-date software and antivirus releases. Even an otherwise-secure network can be breached by a single compromised device.
Back Up Your Data
As a safeguard in the event of a breach or other emergency, make sure your sensitive data is backed up by a sound backup procedure. A comprehensive backup strategy should include physical backup measures such as using tape, discs or external drives as well as virtual backup strategies such as file sharing and syncing. Data stored on the cloud can be backed up efficiently by using a business cloud data protection solution. Library of Congress archivists recommend that data backup procedures should follow the 3-2-1 rule: create three backup copies and store them on two different types of media, with one copy in a separate physical location.