Simply stated, no company is immune to stolen records and other costly forms of data loss. The latest hacking incidents or data breaches splash across headlines with alarming regularity.
Luckily many small and midsized businesses are in a unique position, Patrick Heim, head of Trust and Security at Dropbox, told Small Business Computing. SMBs are flocking to the cloud, foregoing investments in on-premises servers and applications and trusting third-party providers with their data.
And that trust is well-earned, said Heim. That attitude is hardly surprising, given that Heim works for one of the major cloud storage providers. But consider this.
Dropbox and other top-tier cloud providers run excessively tight ships, Heim said. Certified data centers typically meet the most stringent security and compliance requirements, which they then back with physical security measures that put many banks, airports, and other sensitive locations to shame.
According to Heim, cloud-averse companies typically "have the hardest time with security." Bogged down by their own massive IT investments, they suffer "a real burden to maintain the complexity of their systems," and that allows things to fall through the cracks.
Nonetheless, moving to the cloud doesn't absolve small businesses owners of their data security responsibilities. While information stored in cloud data centers is generally safe, it's still vulnerable to sloppy user practices.
Small business owners can minimize cloud-security and human-error risks by following Heim's cloud security tips.
Small Business Cloud Security
Get Serious About Passwords
Taking a "one password to rule them all" approach can prove disastrous to your small business.
Using the same password across multiple accounts and online services makes it easy to remember your login details. The downside is that it may take just one data breach at your favorite online store for attackers to pry your digital life wide open.
"Criminals are very industrious," warned Heim. Once they get their hands on a cache of stolen login information, they turn around and test them across popular cloud services, online banks, and other accounts to scam their way into a payday.
"Roll out a password management tool," Heim advised. They help balance long, complicated passwords with human usability, he said. Low-cost tools like 1Password can mean the difference between brushing off a breach at a third-party provider and scrambling to lock down your payroll accounts. Dropbox takes password security so seriously, said Heim, that the company reimburses employees if they purchase 1Password.
Take the Sting out of Stolen Passwords
Even if your passwords end up in the wrong hands, you can still thwart criminals.
"Turn on two-factor authentication or two-step verification," said Heim. Two-factor authentication schemes require that you enter not only a correct password, but also follow up with a code the service provider sends you as a text message on your phone. Another two-step verification variation involves a hardware security dongle or alternate means of delivering the code.
In either case, this extra layer of protection is one of the easiest and cheapest ways to strengthen password security and to keep your data safe.
Despite how easy and cost-effective—free in many instances—cloud service providers make two-factor authentication, few people take them up on the offer. Less than one percent of Dropbox customers have turned on the security feature, said Heim.
Establish Cloud Security Accountability
Many small business owners rush to get cloud services up and running quickly and give little thought to how they're going to manage those services going forward. "They'll sign up for a cloud service in an ad hoc fashion," said Heim. "Accountability isn't well defined."
Problems often arise when workers leave and take their companies' business data with them, which causes no shortage of anxiety. Many cloud storage providers offer business-grade subscriptions that include a unified user- and account-management dashboard.
"When you adopt cloud services, make sure you have backup and recovery codes," said Heim. Another good step is to configure a backup user after setting up an administrator account. Then begin assigning secure access to your employees. They'll remain productive by accessing your company's data on their own apps, but if they day comes that they move on, you'll remain firmly in control of your business' vital information.
Pedro Hernandez is a contributing editor at Small Business Computing. Follow him on Twitter @ecoINSITE.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|