Many small to medium businesses are embracing the move to the cloud, quickly finding themselves with hybrid environments which combine on-premise technology with online services. But what are the implications for security? How can you be sure that company information is secure and that hackers aren’t getting into your company?
Firstly, accept that information security is a very real and ongoing risk. It is a simple fact of life; some 1.1 billion personal and sensitive records were compromised in 2014< across 3,014 incidents. There’s no shortage of statistics and data available to show the extent of the problem.
It sounds awfully frightening and, with attackers using automated approaches to constantly probe for weaknesses, the possibility of experiencing a breach is very real.
But the scary side aside, here’s the good news. Protecting your organisation doesn’t have to be onerous. Most of the breaches which occur are the result of attackers using known vulnerabilities. Many attacks result from poor security policies and a failure to observe the basics – like instituting a rigorous approach to passwords which protect company data.
In the cloud environment, many SMBs are using services such as Xero, MYOB, Microsoft Office 365, Dropbox and many more. For starters, trustworthy vendors have security solutions and protocols in place, including ‘unbreakable’ encryption. But if your password is ‘password’, it isn’t going to take much for a hacker to brute force it.
Complex, difficult to guess passwords are perhaps one of the major issues which can be the difference between being a soft target, or impossible to target. Combine that with a further focus on the basics, and it is quite straightforward to put your business on a strong security footing (understand that nothing is ever 100 percent secure – even Fort Knox can be compromised with a sufficiently motivated and determined attacker). The trick is to make your security sufficiently rigorous, at a reasonable cost, to allow business to be conducted safely.
Additional basics include always updating software to the latest version; cloud applications and software as a service does this for you, delivering a big advantage for SMB operators. Every device used to access the internet should have a recognised security suite installed; that suite should include a firewall, intrusion detection and prevention, antivirus and antispam.
Most important of all, perhaps, is that staff should be trained to have a ‘security mindset’. They should be alert to the risks of Trojans, for example, which masquerade as legitimate emails, or WhatsApp messages, but in reality conceal a dangerous payload of malware.
They should be aware of the techniques that hackers use, such as phishing – and it isn’t just on their computers, either. Hackers have been known to steal passwords using social engineering and the telephone – so be aware of the techniques and get your staff thinking about security, too.
As your network and infrastructure grows and becomes more complex, it is necessary to increase the security measures to ensure it is ready to enable business, but keep the nasties out. That’s where more specialised help starts becoming necessary.