Keeping Your Business Data Secure In An Insecure World

Keeping Your Business Data Secure

If you’re a small or medium-sized business (SMB), you might be hoping keeping your head down and staying off the Cloud will keep your data safe from interlopers — hackers and government agencies alike. Yet Verizon Communications’ 2013 Data Breach Investigations Report found 72 percent of data breaches occurred in companies with fewer than 100 employees. As long as your business is above board, malware and phishers might be a bigger concern for you than the National Security Agency. Still, the privacy of your data is related to two C words: choice and control.

HIPAA-compliant

Depending on the needs of your business, public or private Cloud, on-premises, or a hybrid model might work best for you. Setting up a server room might be cost-prohibitive for a small business, while a healthcare company might have concerns about keeping their data security HIPAA-compliant. (Trends suggest many companies see the Cloud in their future. A 2012 survey from Vanson Bourne found 38 percent of businesses have already adapted Cloud computing, while another 29 percent have plans to do so.)

When choosing between Cloud, on-premises, and hybrid options, it’s important to keep the data security pyramid in mind. At the bottom, or least secure, would be running everything from your non-password-protected mobile device, while a tier-one cloud provider or On-Premises severs could be at the top, or most secure. But simply because a public Cloud might be a few layers up from the base, it doesn’t mean you and the vendor can’t work together to encrypt and protect your data.

Cloud Control

Regardless of where your business decides to keep its data, it’s essential to opt for technology that lets you keep a measure of control. If you’re putting information on the Cloud, do you know where it’s physically stored? Can you pull it off whenever you want? Will you be holding the encryption keys to your data, or will they live in the provider’s Cloud? You’ll want to address these issues with your vendor. The Cloud is everywhere. You’re already in the Cloud.

Even if you’re not on the Cloud, strictly speaking, it doesn’t mean your data isn’t. Your own employees may be storing sensitive files in Dropbox or emailing them to their Google e-mail address so they can work from home. Perhaps their company e-mail is synced to their personal mobile devices. A recent poll from McAfee showed 45 percent of SMBs don’t secure data on employees’ personal devices.

It’s easy to feel insecure when some of the biggest companies in the world find themselves vulnerable to snooping. After a recent breach by the NSA, Google’s working to encrypt the traffic between its data centers. But the revelation serves as an important reminder to review or update your own security policies — and remind your employees why they’re so important. A survey from data security firm SafeNet, Inc. found that 59 percent of respondents would be unsurprised if their boss was violating company policy by using a file-sharing service such as Dropbox. Instead of shunning these convenient tools, Chief Information Officers (CIOs) or Chief Information Security Officers (CISOs) need to take a more realistic approach to protecting data by making sure these Cloud-based apps are used securely.

Ok, now what? Unless you’re planning on unplugging the router and going entirely on paper, it’s imperative to protect your data wherever it lives. The Cloud Security Alliance’s best practices is a useful guide. Its recommendations include evaluating which assets you feel comfortable transferring to the Cloud, identifying threats and how they would impact your business, and developing risk treatment plans.

But perhaps the best place to start is a refresher course for employees. Forrester research shows 36 percent of security breaches are caused by employees’ inadvertent misuse of data. Last year, businesses lost $1.5 billion in phishing attacks, according to a report by EMC Corp. Employees at all levels — online-rsa-fraud-report-012013 — are tricked into opening e-mails that appear to be from a colleague. From there, the recipient is asked to reset a password, click a harmful link, or even wire $100,000 into an account. Falling for such a scam can happen to just about anyone. (Just ask Coca-Cola exec Paul Etchells.)

Finally, in line with the desire for control and choice, make sure to grill your cloud software provider with questions like these.

You should have the power to control where your information ends up and choose who has access to it. The threat of spies or hackers shouldn’t send you screaming for the WiFi-less hills, but hopefully it will inspire you to tighten your security belt, no matter where it lies.

By Stijn Hendriks

Episode 2: Coronavirus Phishing Emails and Work-from-Home Meetings

Coronavirus Phishing Emails What to watch out for as scammers exploit pandemic panic, and tips ...

Episode 3: The Bottomless Cloud – An Interview with David Friend of Wasabi

Why data is not “the new oil” and why “cloud” means more than we think ...

Episode 1: Why Small and Medium Sized Businesses Need an MSP

Small and Medium Sized Businesses Need an MSP Small and medium-sized businesses don’t enjoy the ...
Dan Saks 1

How the Cloud Will Transform in the Next Decade

Transformative Cloud Silicon Valley is easy to stereotype: the gadgets, the startup perks, the culture and mentality. However, the real reason Silicon Valley captures headlines ...
Aruna Headshot

Top Four Predictions in 2020 for Unified Collaboration

Predictions in 2020 The year 2020 promises to usher in significant new developments in collaboration and communication. It’s part of an unending climb, moving higher ...
Human Resources

Web Optimization Could Transform Your Organization – A Cost Containment Strategy

A Cost Containment Strategy With more and more resources available in the cloud, it’s easy to lose track of your costs and handicap the whole ...
Chandani Patel

Design Practices: AWS IoT Solutions

AWS IoT Solutions Internet of Things (IoT) presents an unparalleled opportunity for every industry to address their business challenges. With the proliferation of devices, one ...
Hamza Seqqat

The Benefits of Virtualizing SD-WAN and Security

Benefits of Virtualizing SD-WAN As more companies adopt SD-WAN technology to enhance the agility of their networking architecture, they must give strong consideration to how ...
Armen Najarian

Martech: Brand Marketing is the New Demand Generation

Martech: Brand Marketing First, An Apology Sorry, demand generation professionals. We still love you and your jobs aren’t going away. But, as you are well aware, the ...
Aarti Parikh

Serverless Multi-Tier Architecture on AWS

Serverless Multi-Tier Architecture Multi-tier Architecture Multi-tier Architecture is also known as n-tier architecture. In such architecture, an application is developed and distributed in more than ...
Mark Kirstein

IT Pros Can Now Deliver a More Streamlined, Cost-Efficient Migration of Microsoft Teams

IT Pros Deliver a More Streamlined Migration of Microsoft Teams In the modern workplace, the ability for employees to collaborate and engage with each other ...
Mike Johnson

Data Transmission Travel Plans – From The Ground Up

Don’t Forget Networking The term “cloud” was first used by the telecomm industry in early schematics of the Internet to identify the various, non-specific uses ...
Ajay

Explainable Intelligence Part 1 – XAI, the third wave of AI

Explainable Intelligence Artificial Intelligence (AI) is democratized in our everyday life. Tractica forecasts the global artificial intelligence software market revenues will grow from around 9.5 billion US ...