| I always believe in looking ahead, but this week I’m making an exception to feature World Cloud Security Day which was yesterday. I bet with that opening some of you already stopped reading, but if you are still here, know that there is something in this letter for you.
First, let’s define what cloud is and how it works. Your emails, calendar sync, online file storage all runs on cloud technology. An oversimplified way to put it is that cloud is collection of interconnected computers owned and maintained by someone else. This definition helps us focus on the important fact that most security concerns for your PC or Mac also apply to cloud technology. I often find people over trusting cloud providers like DropBox, Google Drive, Microsoft OneDrive, and etc. Cloud providers actually only offer very limited protection for your data. To stay competitive, they keep their costs on security to a minimum as most people only pay attention to features and functionality. Don’t worry – as always, I will take you through some good cloud security practices so you can sleep better at night.
So how do you secure your data in the cloud? A great place to start is to check your cloud service settings. Here are few helpful ones to review:
- Complex Passwords: Make sure your passwords include combination of upper case, lower case, special characters, and numbers. A good rule of thumb is minimum 12 characters.
- MFA: Enabling multi-factor authentication is strongly recommended to keep bad guys from accessing your account. If you are the account administrator, I also recommend enforcing this for all team members in your account.
- Permissions: Chances are not all team members need access to every folder in your cloud storage. Adjusting permissions help limit the scope of damage if a regular user’s account gets breached as they can only wreak havoc on folders they have access to.
- Login Alerts: Email alerts for suspicious logins and/or all login events are often available as an option. Login alerts usually get emailed to you so you can take immediate steps to secure your account.
- Activity Alerts: Some cloud storage providers such as DropBox offer advance notification features which can be very helpful. Alerting of mass file deletions or modifications can help you take action quickly and lock your account.
In addition to the list above, there are third parity services that can continuously scan your data in the cloud against threats as well as provide security alerts. While I’m unable to make specific product recommendations since the services we use are for IT providers, a quick Google search should show a number of results. Just do your research before signing up for any service since bad guys often hide malicious code behind tools that look legitimate at first.
No matter how many locks you have in place, you should always be prepared for a break-in. Here are some important considerations to save the day when the unthinkable happens:
- Backups: Much like your computer, cloud services should also be backed up regularly. Most cloud providers offer limited options to restore your data to an earlier date, and it can take a long time to get help from them. Downloading and keeping a local (offline) copy of your cloud data weekly will help you get up and running quickly if your cloud data is not accessible. However, this will be tedious and backups are often outdated. The best option here is to use a third parity cloud based backup provider which can take a snapshot of your data daily and you can quickly restore from when needed. One golden rule here is to ensure your backups are active by checking them regularly and performing restores time to time for verification.
- Cybersecurity Insurance: Imagine losing all your data and how much it would cost your business to get up and running again. Once you can put a dollar amount on this catastrophe, you can call your insurance company to add a cybersecurity coverage. Keep in mind, insurance companies will ask various questions before providing you with a proposal. The more security practices you have in place, the higher the chances of them accepting your application and offering you a reasonable premium. We can help!
- Incident Response Plan: Having a document that outlines important contacts and your response plan for potential cybersecurity breaches makes a world of difference. There are a lot of critical steps such as preserving evidence, reducing exposure, and documenting the sequence of events. Having a plan ready will help you sleep better and avoid hysteria when a cybersecurity breach happens.
Much like you, I find technology full of magic. It makes so many aspects of my job easier. Even if it’s at a limited capacity, taking a bit of time to understand the inner workings of this magic and improve your cloud security will help ensure you will always be entertained but never fooled.
Wishing you a less cloudy and more secure week,
– Burak Sarac, Team Lead
|
