A decade ago, cloud systems were out of reach for all but the most sophisticated, well-resourced companies. Now they’re readily available for any interested small business.
Small businesses thinking about migrating to the cloud might be worried about the safety of their data, but security threats today are largely misrepresented and overdramatized. Here are a few things you should know about securing your data in the cloud.
Practical Ways to Secure Your Data
Know what data you’re storing and where it’s stored
Identify sensitive data
Whether you keep dates of birth, Social Security numbers or credit card numbers on file, your data is valuable. First, identify the most sensitive data you hold. Then decide if retaining this information is absolutely necessary.
Each month TV watchers auto-pay their Netflix subscription charges. This means Netflix must keep millions of credit card numbers on file. This system is convenient for subscribers who don’t have to sign on or type in their payment information each month. But it also means the company must go to great lengths to protect this data.
Only keep what you need
Though this is a large-scale example, it applies to your small business too. Customers expect tight security, and often, a business’s reputation hinges on it. So only keep the data you need.
Know where the data lives
Just as important, you can’t secure something if you don’t know where it is, so know where your data is being stored. What is your cloud company’s reputation? If you know you’re storing your data with a credible cloud company, you can ensure firewall and network security is in place to protect it.
Depending on the information you keep, it may be wise to segment data so that different types of customer information are kept in different places. This means in the off-chance one database is breached, no one gains access to all the data.
Implement a secure point-of-sale system
Because point-of-sale systems are data hubs and collect credit card information, it’s particularly crucial to have one that’s extra safe. Look for a vendor that meets all the PCI Security Standards Council’s requirements, which are listed here.
Having a POS system that can process EMV cards — or chip cards — makes transactions more secure, which is good for you and your customers.
Use two-factor authentication
Single-factor authentication is when you visit a website and log in with your username and password. Two factor authentication — abbreviated as 2FA and also referred to as multi-factor identification — is when in addition to logging in with your username and password, you’re required to “prove” your identity with an extra piece of information.
This extra credential can be a:
- Security question
- Verification code texted to your phone
- Verification email sent with a link
- Code generated by a fob
- Biometric like a fingerprint or voiceprint
When you swipe your credit card at the gas station and you’re prompted to key in your zip code, that’s a form of 2FA. When you log into your bank account from a computer you haven’t used to do so before, you might need to confirm your login via a link in your email before it lets you access your accounts. This is another example of 2FA.
Though this adds an extra, sometimes inconvenient, step to your process, it is an effective security measure.
Stay aware and informed
Account attacks happen, but they’re far less common than we’re led to believe in the movies about hackers in their basements.
Attacks rely heavily on phishing tricks like fake password resets and innocuous-looking emails that lead users to voluntarily offer up security information. Avoiding phishing attempts is entirely preventable with a little upfront knowledge about how they work.
As an example: You may notice that when your bank sends you an email it doesn’t put a lot of information in the email or ask you to reply with any information. It simply directs you to the secure bank website, prompts you to login and conducts any sensitive communication there, where it’s protected by robust security.
If you were to receive an email that looks like it was from your bank but requests you reply directly to the email to verify your Social Security number and account numbers, this is a phishing attempt. Your bank would never ask you to do this via an unsecured email.
Avoid phishing attempts by:
- Not clicking on links from unknown sources.
- Not replying to emails requesting sensitive information.
- Conducting communication via channels like secure portals or websites.
- Only resetting passwords from links you’ve specifically requested directly from websites.
Educate your employees
Small businesses are often hesitant when it comes to migrating data to the cloud. However, in terms of security, your staff are actually a bigger vulnerability than your firewall. Silly mistakes, lost passwords and disgruntled employees are far more likely to be a security problem than than a threat developed in a high-tech lab. Gaps in security are usually caused by accident.
For example, an employee might send sensitive information to the wrong place, publish protected data to a website or believe an anonymous email and grant access to someone with malicious intent.
Prevent these gaps by:
- Hosting a training session to ensure your employees are security-savvy.
- Requiring staff to have strong passwords and to change them frequently.
- Revoking access to shared folders and sensitive data once an employee has left the company.
Securing your small business’s data starts with education, prevention and awareness. There’s no need to be afraid of your data security, so long as you are aware and informed.