There is a presumption that if your business uses the Cloud for IT and data storage – it is secure. As more businesses have switched to using the Cloud to help their workforce work from home and multiple locations, the Cloud has become increasingly popular in recent months. Let’s be clear that Cloud systems are very secure, but with any IT system, it is important to protect it from the growing threat of cyber-attacks.
So here, we cover five simple steps to make sure your information and data is super-secure while using the Cloud.
This is becoming more of the norm now. How many times have you tried to log into something online, only to be sent a text with a six-digit number to type in before you are allowed access? This practice is a must for any Cloud activity. When an employee accesses the Cloud to download a document or access a system this should be a standard security requirement that you have in place.
The vast majority of cyber-attacks on UK businesses take place outside of the country. So, by blocking or whitelisting access from specific locations you can create an additional layer of security. Although not foolproof it is certainly a smart move. You can ensure that people only based in the UK (or wherever you operate) can access your information and anyone who tries to access from say, Russia, will be instantly blocked.
If you operate by the ‘principle of least privilege’ when setting up Cloud user accounts and access permissions, you shouldn’t go far wrong. This is the same for all IT systems. By giving a member of staff enough access to do their job but not to do anything they shouldn’t, you will limit the possibility of both mistakes like accidental deletion as well as malicious attacks if their account should get hacked.
Realtime alerts and logs
These are really useful if unfortunately, you are on the receiving end of a cyber-attack. Firstly, you can set up alerts for activity that could indicate a security risk. For example, elevating administrative permission for someone or diverting someone’s email to an external address. This will notify you or your IT team immediately that something may be wrong so you can investigate quickly. If you combine this with activity logging you can have a full audit trail of exactly who did what and when. This is essential in investigating what is going on within your Cloud environment.
Put blocks in place
Not many people know this, but you can block elements of your Cloud IT system. So, for example, you can block people from deleting emails, transferring files, and even from sending emails from a particular address pretending to be someone else within the business. This is all very useful stuff for mitigating security risk, talk to an IT consultant if you would like to explore these options further.
Greystone: Making sense of IT and software solutions.