With increasing awareness of cyber attacks, companies and system administrators have responded with more robust and expensive software/hardware to prevent unauthorized access. Many methods such as anti-virus software, encryption of company data, proper authentication of network users, secure connections between devices have all been employed under the banner of cyber-defense. Most, if not all, cloud service providers employ some combination of the above to keep your data safe.
But for all the time, effort and money being spent on security, a critical element of the chain is often overlooked – the user. All the sophisticated software in the world will not be enough protection if the people using the system do not follow security protocols. Such trivial actions like going to the restroom without locking the computer leaves the door wide open for anyone to gain access.
Here are some best practices to ensure security for your company and customer data in the cloud:
1. Using strong passwords
Always make sure that all your employees use strong passwords with a mixture of letters and numbers for their work accounts, computers and mobile devices. Ensure that passwords are changed every few months, so that even if an outsider does find a password it is likely to be out-of-date. Never reset passwords when the employee is not present in the office.
2. Never share passwords
All employees should keep passwords private. They should not be written down anywhere and should never be shared with others whether it is coworkers, friends, family or even tech support.
3. Never leave computers unattended
Even if it is only to get a drink or go to the restroom, no one should leave computers or work mobile devices unattended without locking them. Leaving devices open means that anyone could continue working on your files, destroy data or even change the password so you cannot log into your own account.
4. Train employees to be security conscious
Employees should be trained in security methods and know how to handle sensitive data. Nobody should give out information over the phone without proper authentication. Unusual requests such as an engineer asking for the accounting password should be examined thoroughly before being accepted. Any problems such as connection errors should be followed up with the cloud host to make sure it is legitimate and not a malicious attack on the system.
Following these best practices will go a long way in protecting sensitive data stored in the cloud. Making the weakest link stronger ensures that the system will not be compromised easily.