In the last few years, there have been a number of incredible advancements in technology, especially in cloud computing. Among the most appreciated advancements are the cloud-based services that provide employers and employees alike with improved user mobility and flexibility. End-users are now able to work remotely from almost anywhere in the world, which has led to increases in productivity, efficiency, and work/life balance. Of course, there’s always give and take in these situations, and while the ability to work anytime, anywhere has been a boon, the use of cloud-based applications and personal devices has also made it more difficult to ensure network and data security.
If you’re considering deploying cloud-based or SaaS applications for your organization, or if you’re doing an audit of your current security protocols, here are a few things to keep in mind to ensure that security isn’t compromised for convenience.
Proper Configuration
Around this time last year, Verizon was forced to announce that nearly 6 million customer details had been exposed. This wasn’t because a hacker had logged into their system using usernames and passwords, or because an employee had dropped an encrypted USB key containing all of the data and a hacker managed to decrypt it. It happened because it was basically left out in the open - the portal used to access the information was on the public cloud, and not password protected. All that was required to gain access to the data was a little bit of patience and the ability to find or guess the URL and there it all way. Crazy, right?
To ensure that your company doesn’t fall victim to the same (very silly and preventable) mistake, make sure that your cloud services are being set up properly. Data on the public cloud is actually pretty safe in general, however it’s important that strong passwords are used when available and that user-access is strictly limited to those who need access.
Similarly, it’s important that when user accounts are set-up on SaaS applications the proper permissions are set. It’s all too frequent that user accounts are set-up with all the same blanket permissions, meaning that any employee (or person who can access the employee’s account) can access virtually any information or program. Be sure to restrict user access when possible. It may feel cumbersome to have to change permissions from time to time if a user requires more access than they are originally given, but giving every user admin (or close to it) access could lead to a huge problem down the line.
Secure Personal Devices
Use a strong password. We repeat, use a strong password. We know, we know. This is the most basic of IT security measures, and it almost goes without saying… almost. Unfortunately, however, a large number of data breaches happen due to password vulnerability. In this age of remote work and telecommuting it’s important that end-users be required to utilize strong passwords, even on - actually, especially on - any personal device from which they may access company data. If they have the ability to access their work email on their phones, for example, they should require an airtight password.
We understand, though, that securing personal devices can be tricky. While some applications will automatically require a user to set-up a password on their phone to access email, for example, most won’t and so it becomes a matter of training to get employees on board. Educating employees on the advantages of using a strong malware and anti-virus tool, how to avoid becoming the victim of a phishing attack, and - yes - how to create a strong password will all go a long way in protecting your organization’s data.
To get a good handle on how well your organization is protecting its data and network, schedule a free assessment with us today.