This is the third article of a series, the first article is available here, and the second one is here.
In a world of ransomware attacks, companies should prepare for the worst-case scenario by having smart backup strategies in place to mitigate any potential damage. The public cloud ensures that your information is always backed up and encrypted. Encrypting backup files in the cloud adds an extra layer of protection against unwelcome external parties.
Unlike many other systems, cloud providers have the resources to employ teams that stay one step ahead of hackers. Even if they someone did break in, encrypted your files themselves, and asked for money in exchange for the decryption key, having backups of your cloud data lets you restore a clean version of your files.
Companies also need to insulate themselves from human error. Employees often accidentally delete company files or make unwanted modifications. Imagine if someone edited a PowerPoint slide deck for an upcoming presentation and removed all of the important slides. While the file hasn’t been deleted, all of the vital slides are gone unless it has been backed up. Using public cloud platforms ensures that you can customize permission settings and access past versions of documents to resolve any man-made mistakes.
Hopefully, the implementation of other security measures will mean that you’ll never need to worry about accessing your backup data. However, it’s important to cover your bases. If there are secure backups in place, your company will not have to worry about compliance or experiencing productivity losses in the event of a security breach.
Compliance
The introduction of new GDPR regulations in Europe has put data compliance back in the public eye. However, the reality is that companies have been navigating the complex and constantly evolving world of privacy law for some time. With the latest regulations, companies are no longer able to hide breaches. If they do, they face fines of up to €20 million or 4% of their annual revenue. Governments are also bolstering standards to ensure that companies aren’t cutting corners when it comes to security and privacy.
GDPR, for example, is the EU legislation that applies to any organization that handles the personal data of European residents. Under GDPR, companies must control precisely where and how this information is stored. In addition, the people that they collect it from can ask for it to be updated or deleted at any time. Companies that don’t comply with requests are subject to hefty fines. Financial penalties and lawsuits aside, organizations should comply with GDPR and other government regulations because it’s simply good business.
The burden that regulations, like GDPR, place on companies is daunting. Securing your business processes with a cloud platform helps simplify corporate compliance because public cloud companies are required to maintain their own set of compliance standards.
Training and awareness
Employees, in general, don’t have a high level of computer security knowledge. However, they need to exercise caution and avoid risky practices. Companies have a responsibility to bridge the natural skill gap by providing training and awareness programs that help to prevent well-meaning employees from doing things like accidentally uploading a malicious program to the organization’s network or inadvertently sharing confidential documents.
While the IT and executive leadership teams may have buttoned up their network from external threats, unsuspecting internal users can be a hacker’s best friend. Make sure that company-wide training initiatives are conducted regularly and include the best practices for:
- Downloading files and using unauthorized devices
- Suspicious links and email phishing
- Social engineering
- Personal device maintenance and safeguards
- Passwords
- Reporting a security threat.
Where should companies focus their team’s attention? While employees require training on all of these topics, there is one preeminent security threat: email phishing. With 76 percent of businesses reporting a phishing attack during the past year, phishing attempts have grown by 65 percent. While the methods of attack are varied, from posing as retailers or banks to “whale phishing,” where an individual with access to large sums of money or confidential company information is targeted, these cyber attacks are expensive for companies. The average cost of a successful phishing attack for a mid-sized company is $1.6 million. Educating employees about the warning signs of a phishing attempt and offering clear reporting instructions is essential.
Summary
Given the potentially huge financial gains, hackers will always be trying to break into your systems and human error will continue to put your data at risk. To protect yourself, your employees, and your company, you need to put everything in the public cloud. These solutions are able to keep your company’s data secure by:
- Using their extensive resources and expertise to ensure that your network and infrastructure stay secure.
- Automatically implementing software and security updates without service disruptions or the need to coordinate with other departments.
- Allowing you to set up customized document permissions and integrated workflows to increase security and improve productivity.
- Automating file management to minimize the risk of human error.
- Providing access controls and change logs to minimize files’ exposure to unwanted modifications and sharing.
- Using aggregated audit data to identify and investigate suspicious events and creating automated alerts that allow you to immediately respond to security breaches.
- Automatically backing up and encrypting your files, protecting you from ransomware and providing you with a secure file repository in the case of a security breach.
- Making it easier to stay compliant with your industry’s regulations.
- Offering user-friendly security controls, like two-factor authentication, that makes training employees easier while also providing your company with an extra layer of security.
IT security is an arms race and the public cloud providers have access to the latest technology and top experts. They employ the best and brightest whose full-time jobs are to protect your information from hackers and malware. While the public cloud will provide you with secure infrastructure, even the best infrastructure is not enough. As we’ve seen, human error also poses a major security threat. Fortunately, this problem can be solved with proper training and process automation features from document management tools.
from Help Net Security http://bit.ly/2t0fMQs
0 comments:
Post a Comment