The future of business is in the cloud, but many companies have no idea about the dangers they face.
Earlier this month millions of subscribers to the dating network Adult Friend Finder had a nasty surprise; their account details had been hacked. As well as providing plenty of embarrassment for those effected, it provided another timely reminder of just how dangerous cloud computing can be for business.
The cloud is one of those ideas which has got businesses of all sizes excited, and they are flocking to transfer all sorts of information online. Accounts, administration, sales, and HR can all be managed online, allowing staff to access information from anywhere and greatly reducing overall costs for business. Small wonder this is an area of exponential growth. The global market is expected to reach more than USD 79 billion by 2018.
There is a problem, however. The cloud may offer many benefits – it can make administration systems more affordable, flexible and mobile, but it can also make a company much more vulnerable to attack. As the Adult Friend Finder hack demonstrates, even those companies that have prided themselves on the security of their systems can be at risk. Indeed, most businesses have very little idea just how exposed they may be.
The first thing to do is to understand where the risks lie and who is responsible for the security. For example, software as a service system – which takes software offsite and hosts it in the cloud – such as Salesforce – often causes confusion about who is responsible for security and what the response will be. Before choosing a provider, make sure you understand what happens if there is a breach and what the provider’s response will be.
Providers will offer some security and encryption technologies, but you may well need to opt into these. Look for password protection and user controls which limit access to your more sensitive data. Look at the people within your organisation and only provide them with as much access as they need to carry out their jobs. When people leave a company, ensure that passwords and access are revoked promptly. Create a clear internal policy which outlines how cloud computing should be used, and who has access to the cloud.
Employee education will play a central role. In the Adult Friend Finder hack a surprisingly high proportion of the email addresses were company emails. This is a problem, because employees may be vulnerable to blackmail, with hackers threatening to release the details if they are not given further access to company data. Equally, that information in itself can give hackers a route into your system. Many people take a lazy approach when creating passwords and choose the same options for several platforms – this can be incredibly dangerous, because if one is hacked then everything else is also at risk.
Always choose a reputable vendor. Ask for references and do a ‘due diligence’ or background research online. If customers have had problems with their data they will be eager to share their bad experiences.
Understand how legislation affects your security
The UK has now passed the Draft Communications Bill, better known to most as the ‘Snoopers Charter’. This means that internet service providers must retain a list of all the websites you visit in a 12 month period. This is important for businesses, because they lose control of a large proportion of their own information.
Imagine your internet service provider is hacked. Criminals could gain access to information about your internet activity over the past 12 months. If you store the contact details of clients and customers, or sensitive information, online, then it could all be at risk.
Make sure you manage what you store, where. Create a virtual private network to make it more difficult for hackers to locate the source of internet activity and ensure your most sensitive data is kept offline. Above all, be aware of how these rules could affect your business and take steps to plug the gaps.
Stay on top of it
The last point is perhaps the most important. Cloud security is an ever changing landscape – it’s a game of cat and mouse between companies and the criminals. The more you increase your defences, the more the cyber criminals will come up with new ways around them. Make sure you’re always at the cutting edge to ensure you don’t fall behind. This can often mean calling in an expert. They can look at your systems, identify weak spots and make sure you stay ahead of the game.
We are entering an age of new and unfamiliar technologies. Nobody expects businesses to understand them completely, but you need to work with people who do understand them to ensure your sensitive data – and that of your customers – does not fall into the wrong hands.