A Russian hacker stole 176 million encrypted login credentials from LinkedIn in 2012 and put the password details up for sale on a darknet marketplace. The scale of such an attack is impressive and concerning.
But cyberpunks aren't the biggest security challenge faced by businesses with operations in the cloud. It’s actually your fellow employees.
Often due to a lack of communication, employees are unaware of corporate cloud security protocols that need to be followed in order to keep critical company information safe and guard against data breaches. In today’s fast-paced world, professionals try to work in a way that saves time and is convenient, even though it might be less secure. In a hurry to get things done, they are oblivious to the fact that their actions put the company’s data at risk.
Security protocols mean nothing if you don’t communicate the hard and fast rules to your employees. Data protection within your business begins with the individual, and there are many preventive steps your employees can take to help the company guard against data threats.
Here are 7 security tips to keep sensitive information safe in the cloud.
1) Create complex passwords
The best passwords are the ones that are impossible to crack – a mix of capital letters, lower-case letters, numbers, and symbols. Try to go for passwords that are at least 12 characters in length. Avoid recognizable words (your spouse’s first name is not the safest bet), but also patterns on the keyboard. If your password is “qwerty” or “12345”, then you better change it.
Don’t use common substitutes either. “Passw0rd” isn’t a strong enough password just because you’ve replaced an o with a 0. That’s just obvious.
To generate a powerful password, you could of course just bash your fingers against the keyboard. Ao%t&gSb&2hZ4#t6 is a pretty good one, but the odds are you won’t be able to memorize it.
Unless you have a photographic memory or are up for spending time drilling random characters into your brain, there is one trick to help you remember complex passwords that fit the requirements: Come up with 2 sentences you can easily remember – “I live on 1845 Fake Street. Rent is $1500 per month.” Then use the first digits of each word and generate a password – “Ilo1845FS.Ri1500$pm”.
If you find it difficult to remember complex passwords, use an app that creates random passwords and stores them for you.
2) Use different passwords for your cloud applications
It’s not all about password strength. If you reuse the same password for all your cloud applications, both private and business-related, it jeopardizes data security and puts your company’s databases at high risk.
Two-factor-authentication (2FA) adds an additional layer of protection to an already strong password.
Here is how it works in a nutshell: After entering your password, you will be required to acknowledge a phone call, text message, or an app notification on your smartphone. With 2FA in place, your Microsoft Office 365 account is protected against unauthorized access. A compromised or stolen password is not enough to log into your account, the second challenge (layer of authentication) needs to be satisfied first.
Get more Office 365 security tips in our blog post on two-factor-authentication.
3) Keep your passwords safe
The rule is simple: don’t share your passwords, don’t write them down on a piece of paper for everyone to see (you probably wouldn’t do so with your banking credentials), and don’t use the same passwords for more than one cloud application.
If you need to share your password or use a public computer, make sure that you change your password as soon as you are finished with your session.
4) Only use secure network connections
Wireless connections are convenient. But they tend to be unsafe, too.
Here are a few data security tips and rules of thumb to go by when working mobile:
- Avoid Bluetooth whenever possible because it has proven to be the easiest connection to break.
- Be aware that randomly chosen public Wi-Fi networks are often not much better. Use them with caution as hackers oftentimes set up such networks to gain access to your internet traffic and compromise passwords along with other sensitive information.
- Your Wi-Fi at home can also be the cause of a security breach. Make sure the passwords for your router are complex, ideally with a WPA2 encryption.
- There is a workaround that makes communication much more secure and protects your online privacy: VPN service. As data is encrypted before it leaves your computer, it is a good way to keep sensitive information safe and bolster your security.
5) Backup your data
If critical information is lost due to theft, fire or other disaster, and everything else fails, backup is usually the last resort. Your best protection against this type of data loss is to keep another backup next to your computer. While you could use an external hard drive to create an archive of files or a bootable backup, cloud backups are the easiest way to keep your data safe.
In other words: ensure that important files are stored in at least two separate, easily accessible locations – on your computer, in the cloud – to not compromise data security and avoid any downtime in the event of an emergency.
Microsoft Office 365 automates your backup procedures which helps you keep your data safe and restores it in the event of an emergency. Read our article on disaster recovery in the cloud to get more tips from Office 365 that help shield your data.
6) Only use software approved by the IT department
Only install approved software on the devices you use for work. Stay away from games or utility software that is offered as free download because those packages are frequently infected with viruses with the sole purpose of extracting critical business information and accessing sensitive client data.
7) Some more basic security hygiene tips for data security
There are several other straightforward security practices your employees can follow to protect sensitive information in the cloud:
- Install an anti-malware app on the devices you use for work and keep it up to date to protect yourself against viruses, malware, and other harmful software. Windows Defender is a free antimalware program that comes with Windows, and you can easily automate updates through Windows Update. If you want to try out other antivirus software, have a look at the list of consumer security software providers that work with Microsoft Windows.
- Use a firewall that notifies you about suspicious activity if a virus tries to infect your PC. It can also block viruses, worms, and hackers from trying to download potentially harmful apps to your PC.
- Don’t open email messages from unfamiliar senders or email attachments that you don’t recognize. Many viruses are attached to email messages and will spread as soon as you open the attachment.
- Use a pop-up blocker. Although most pop-ups are created by advertisers, they can also contain malicious or unsafe code. Pop-up Blocker in Windows Internet Explorer is turned on by default. For more details, see Change security and privacy settings in Internet Explorer.
- Don’t transfer data with USB flash drives. They are the easiest way to infect a computer with a malicious program. Once the USB stick is connected to your computer, it is almost impossible to stop a virus.
We at Templafy care about keeping your corporate data and identity protected. Get in touch with us to learn how we handle cyber security in the cloud. Just write firstname.lastname@example.org or simply click the link below to schedule a meeting.