Jennifer Lawrence and other celebrities’ personal affairs were made public recently after a brute force attack by hackers on the Apple iCloud. The hackers stole and leaked private nude photographs after compromising the security of the celebrities’ Apple iCloud accounts. Thankfully, Apple has since repaired the vulnerability in their cloud storage service, so we can hope that another grievous breach of privacy like this won’t happen again.
We run across businesses who every day trust services such as Google’s Drive, Apple’s iCloud, and even Dropbox to store sensitive business information and even confidential accounting and investment data. Can you image your financial advisor storing your personal investment information on a service such as Dropbox or Google Drive?
Doesn’t sound like a great idea? However, many businesses continue to risk their business data to these cloud based services, many of which are prime hacking targets.
So what can your business do to ensure the confidential and sensitive information you have is properly protected?
- The cloud is not all bad.
Some services have been more of a target than others, and all online services are at risk to some degree. But, the cloud is not all bad. Your on-premises servers are also equally at risk from a hacking attempt. Do your research when selecting any cloud service and ensure their security track record speaks for itself.
- Know where your data is stored.
One of the biggest challenges facing businesses using public cloud services like Dropbox and Google Drive (there are many others) is wondering, “Where is my data stored?” Is it in the country, or stored across the world? Can you visit their data center to inspect their physical security? The answer most often is no. That’s why you need to find out for yourself where the storage is, and make certain it meets any legislative or regulatory requirements you might face.
- Is your data encrypted?
Only you should have the key to unlock the encryption of your files. The service administrator does not need to know your encryption key. It is your responsibility to record the encryption key to your files. This protects your data so, if the servers are hacked, the hacker still cannot gain access to your files and they remain secured.
- Keep a local copy whenever possible.
This doesn’t guard against a hacker stealing your information, but it is always a great idea to have a backup copy of your data available just in case the service is down for any reason. Using onsite and offsite copies of data means that if there’s ever a problem in one area, you’re still covered and can access your important files. If you’re using cloud email services, make sure you have an email continuity procedure in place, just in case.
These are just some very basic concepts to protect your business. We are not saying Dropbox, Google Drive, or many of the other cloud services are a bad idea – but we caution businesses to make sure they are making an informed decision when selecting online data storage.
One last thing: make sure your children are practicing safe file storage as well. Teach them that these online services such as iCloud, Instagram, and others are great services but to think twice about storing their own confidential information, or anything they wouldn’t want others to see.
Technology and cloud services are never 100% secure, but when you practice safe computing habits and ensure your business invests in the right cloud technologies, you mitigate the risks of your personal and business data ending up in the wrong hands.
Have questions about cloud security? As your trusted computer and networking security company in Baltimore, Washington, DC and across Maryland, we welcome you to contact us for a zero-risk and no obligation review of your computer security and cloud services. We will sit down with you and show where you have weaknesses on your network or let you know what you are doing well.
Ready to book your computer and network security review? Contact Tier One Technology Partners at (443) 589- or drop us an email to firstname.lastname@example.org.