Cloud computing is an integral part of our lives. It’s in our homes, schools, offices, and it powers a lot of our favorite technologies. In fact, it’s estimated that by 2020, half of all new large scale enterprise applications will be running in the cloud. But the cloud is not without its risks. Here are 10 cloud security tips to help you keep your information safe.
1. Choose a reputable provider
Before you decide to run sensitive information in the cloud, you should choose the appropriate cloud security provider. Choose one with a history of integrity, reliability, and customer support. The providers who are most reliable will also be least expensive, and they are able to give you peace of mind in what they offer and how much they will charge you.
The best cloud security providers out there will take great care in ensuring that your information is safe. 2. Train yourself As with any other security precaution, you need to invest in your mind. You need to train yourself not to open email attachments from people you don’t know, so you can guard against malware attacks, phishing attacks, and similar attacks.
2. Disclose site information
If you’re a private citizen, you can use your credit card to buy a secure, private, and anonymous PayPal account. If you’re a business, you can also set up a secure PayPal account. If you are an FBI agent, you can use a credit card to buy a government-issued secret security clearance. If you’re a government employee, you can use a government-issued credit card to buy a top secret security clearance.
If you’re a hacker, you can use the same credit card to buy a top secret security clearance. However, if you are a government employee, the same credit card could be used to purchase top secret government documents. This is why you need to be careful about disclosing information about your transactions online.
3. Use strong passwords and two-factor authentication
One of the first things you should do is to use strong passwords. Don’t use “password” or a variation of the word password. Instead, consider using one of the standard password dictionaries that you find on the internet or a password management tool like 1Password. But don’t stop there. Your passwords should be multi-step, multi-character passwords with letters, numbers and special characters.
Password management tools like 1Password automatically create and manage strong passwords for you. So use them. You can also use a password manager like Dashlane. Dashlane supports all popular password managers and they can keep all your passwords in one secure place. Dashlane also supports two-factor authentication.
4. Take care of your devices
There are literally tens of millions of PCs, smartphones, tablets and other computing devices all over the world being used right now. And they’re all vulnerable to attack. Your smartphone, which you carry everywhere, is very vulnerable. Just hold it up to a cell tower, and it can be hacked. Ransomware is not just about computers being locked up. It can infect your smartphone, too.
Hackers can force your phone to open a message with a unique code, and then hold you over a barrel for ransom money. Don’t let this happen to you. “Avoid clicking on messages or attachments from people you don’t know or trust. That can open you up to clicking on things that can damage your device, like phishing scams.” Hackers can use phishing scams to infect your smartphone and lock you out of it.
5. Backup frequently and regularly
You should never assume that you can use cloud storage forever. If your cloud provider crashes, malware strikes, or a breach occurs, all of your sensitive data is at risk. Here’s an example of why you need to backup: If you were to lose access to your Dropbox or Google Drive accounts, your data would be gone. That’s why it’s crucial to back up often and regularly. It’s best to use dedicated cloud storage.
Whether you use dedicated hardware, or simple online storage services like Dropbox, OneDrive, and Google Drive, make sure you keep a backup of important documents. You can learn more about how to backup frequently and on the go. 6. Guard your credentials It may seem obvious, but one of the easiest ways to get hacked is if you have a single password on multiple services.
6. Control your data with encryption
Encryption will help protect your sensitive data from prying eyes. The good news is that encryption is a relatively simple and free process. Even if your cloud provider isn’t using it, you can easily get encryption if you set up your own VPN for your employees. You’ll be able to encrypt the data so that the information is still accessible, but only those authorized can see the contents of the file.
By creating secure encryption keys, you can also encrypt sensitive data from the cloud provider as well. 7. Keep track of your data with in-cloud backups It’s very easy for a cloud service provider to forget to encrypt your data. That’s why it’s very important to use backup and recovery features in your cloud provider’s software.
7. Manage the permissions on your account
Cloud providers track the usage and data on your account, and can therefore change the terms of service, security agreements, or add extra apps and services you need to run your cloud services. This can be daunting, as it’s hard to keep track of permissions you’re granting, but it’s important to.
Here are some tips to help: Never assign more permissions than you need Review the benefits of granting new permissions (e.g. is this a helpful feature for you or your business, or is it just a limitation for someone else?) Don’t forget to check out our comprehensive guide on securing your enterprise cloud. 6. Learn to use the terminology and jargon Cloud terminology is a minefield – especially in the marketing realm, where all those secret coded words sound really technical.
8. Enable multi-factor authentication for critical accounts
Multi-factor authentication is a security feature that’s designed to protect your sensitive information from unauthorized access. It takes two forms: something you know, such as a password; something you have, such as a fingerprint or facial recognition; or something you are, such as a fingerprint scan or a wearable wearable It’s especially effective in an environment where the password could easily be stolen or compromised, as it makes it more difficult to obtain your private information.
Whether you use multi-factor authentication for sensitive information or not, it’s still important to do so for all important accounts. 9. If a user is logged into your account, check their email Make sure to set up Outlook to notify you of new emails when logged in.
9. Carefully vet third party vendors before using them
For any web-based service, a huge part of the problem is the fact that in the digital age, a lot of those services rely on outside vendors for their core functionality. This creates an inherent risk, since the vendor is never liable for the security of your information.
This may be a time-honored practice, but be very careful about whose hands your data may end up in. Even if you're happy with a company's ability to protect your data, you have to question whether they're on the level. Don’t hesitate to get at least three recommendations for a vendor before you sign on. 8. Enable multi-factor authentication While any one account is vulnerable, multiple accounts tend to be much more secure.
10. Look Out for Suspicious Behavior
Hackers are always looking for ways to steal your information, and what better way than by stealing your identity? Thankfully, the information necessary to steal someone’s identity isn’t hard to come by. There are a lot of websites, emails, or social media accounts that can give someone your personal information, such as your name, address, date of birth, mother’s maiden name, social security number, and a whole lot more.
That said, it’s better to be safe than sorry. Always be on the lookout for suspicious behavior on your account and if something looks fishy, report it immediately. Keep in mind that not all online providers will let you block a phone number from email. They may require a phone call or in some cases, a subpoena or warrant to do so.