Safety First! 6 Best Practices for Protecting Your Data In the Cloud

According to a 2019 estimate by Research & Markets, the global cloud computing market was projected to grow from USD 2.8 billion to USD 9.0 billion by 2024. It’s not hard to see why; cloud computing-public and private-offers the advantage of a lower cost of ownership of IT applications, super-fast time to market, and unmatched surges in employee productivity. But with this explosive growth, cloud computing brings extra risk to your organization; a security breach of your data can cause the loss of ultra-sensitive information and intellectual property, compliance violations, credential breaches and hijacking of accounts. Making sure the right security measures are in place, and utilizing common-sense best practices are key to protecting your data in the cloud. Here are a few of our suggestions:

1. Understand the Risks, and Ask your Cloud Provider the RIGHT questions. It’s critical to consider the areas of risk and vulnerability your company may be exposed to, so you can select a cloud partner who can address your unique security issues. Before making a significant investment in a cloud computing strategy and platform your organization should conduct a thorough risk analysis. Be sure to include risk management professionals in your cloud design and deployment project, and make sure that you seek counsel from the legal and compliance teams.
2. Once you and your company have decided to move to a cloud service platform your first step is to choose a provider that fits your needs. Some points to take into consideration on your search are:
   • Are their security standards appropriate? Do some research. Make sure that the company has a good reputation and solid security policies. Remember, you are trusting this company to store your sensitive business and personal information.
   • How much data will you be storing? Search with a realistic expectation of the size you need to store all your files.  Many companies charge by the amount of storage you are requesting.
   • Is your data encrypted when being uploaded to or downloaded from the cloud? Make sure that your browser or app requires an encrypted connection before you upload or download your data.  Look for the “https://” or the padlock beside the URL in your browser.
   • Is your data encrypted when stored in the cloud? You will have to read the terms of service to find this out, but often your data will be stored on the cloud server with no encryption, this means that anyone that has (or can get) high level access to that server will be able to read your files.  This may not be an issue for many files, but you should carefully consider what kind of information you are storing in the cloud and whether you are comfortable with some other person you don’t know accessing it.  At a minimum, no data that is protected by law (medical information, personal identifiers, financial data) should be stored in the cloud unless the storage solution is encrypted and you know who can decrypt it (it should only be you or your organization) and for what reason.
   • Understand how access is shared with your cloud folder. Several cloud storage providers allow you to share access to your online folders with other people. Be sure you know in details how this works.
   • Understand your options if the cloud provider should be hacked or should lose your data. Services like this require that you sign their terms and conditions before they allow you to use the service.  In the vast majority of cases, these conditions state that you have very little, if any, remedy if anything bad should happen.  Be aware of what you are signing away.
3. Remember: ultimately YOU are responsible for your data. See above. The first, most important thing you must understand about data security in the cloud: you can outsource the processing and storage of your data, but you can’t outsource responsibility for securing it.  Security takes a commitment from everyone in your organization not just the IT staff or security personnel. In fact, according to insurer Beazley’s Breach Insights report, as of July 2018 fully 30 percent of all security breaches were caused by employee error or fraud. Ever-changing malware and social engineering attacks are a constant threat, so educating employees to identify red flags found in fraudulent email sources and implementing strong, consistent password policies are critical in mitigating internal data security breaches.
4. Establish Strong Data Authentication and Access Policies. Now that you have addressed the general employee level of exposure what steps can you do to secure your data in the cloud? The idea here is to contain, mitigate and report any form of intrusion.   Limiting users to access only the necessary applications and data essential to their job function in essence limits the reach of a rogue employee; Role Based Access is a key step in securing your data and environment.
5. Always Backup your Data. One of the most overlooked aspects of cloud computing and one of the easiest way to increase the control of your data is to make sure that whatever happens, you have a secure backup of that data. This is more about securing your business than your actual data but provides the same type of peace of mind.
6. Be Proactive. Regularly test your data security with regularly scheduled penetration testing, vulnerability scanning and employee assessments. Make sure you have a well-defined process in place for regular patches and updates.

Achieving sufficient security assurances in the cloud is possible but it is not guaranteed. Just like any other IT project, you have to do your homework and in the case of security, it is better to be safe than sorry!

IT Security Tip- Don’t be so quick to respond!

What would you do if you received an email from your CEO or CFO asking you to make an immediate or urgent wire transfer of funds? If you are the person in your organization who is responsible for such tasks and receive requests like this regularly, you may not think twice. However, with the increased sophistication of hackers and cybercriminals, you must Stop, Look, and Think before deciding how to proceed.

Business Email Compromise is an advanced form of spear-phishing which targets employees of businesses that routinely perform wire transfer payments or work with foreign companies or suppliers. This form of cybercrime is steadily on the rise, and companies are losing thousands, even millions of dollars instantly because of a spoofed or compromised email address.

How it Happens:
First, the scammers target the email accounts of business executives or high-level employees. Either they will gain actual access to those individuals’ email accounts through a targeted phishing attack and wait for the perfect time to take over (such as when those employees go on vacation or leave for a business trip), or they will simply spoof the email address and change where the email is sent when it is replied to. This is called header manipulation. Then, they will email an employee within an organization who may be responsible for making wire transfers or handling funds, asking them to process a transaction.

When you receive any requests to transfer or wire funds:

• Look closely to verify the email address when you receive a wire transfer or monetary transaction request. Check for any spelling errors or missing letters.
• Call the person who is requesting the transfer directly to verify that the request is legitimate, or follow your corporate verification procedures carefully.
• If you think a request is suspicious in any way, trust your instincts and inform management or IT immediately.
• If you reply to the message, be sure to look at the real email address before replying.

To prevent YOUR email from being the one that is compromised:

• Never provide your security or account credentials to anyone.
• Do not click on any links or open attachments in emails you receive, unless you are absolutely positive they are safe and from a legitimate sender.

It is best to have a wire transfer process in place that requires more than just an email request. Either a phone call, face-to-face, or multi-person process is best.

Remember, you are the key to preventing cybercrime in your organization.

The Many Faces Of Corporate Leadership

Employees’ happiness at work is more important in the workforce than ever before, and that feeling of fulfillment and engagement often comes from the top. If you are aware of what type of leader you are and how your leadership affects employees and clients, you can mitigate your weaknesses and discover your strengths to ultimately lead more effectively. Let’s take a look at a few leadership personas I’ve witnessed while coaching and what works best for each.

In-The-Weeds Leaders

Leaders who are “in the weeds” tend to spend too much time in the day-to-day. They get bogged down with what’s in front of them and don’t think outside the box. Without innovation, the company runs the risk of coming to a grinding halt.

These leaders need to delegate current tasks to their team members. They can then focus on finding new ways to drive the business forward. In-the-weeds leaders may even need an outside party to hold them accountable for setting and reaching these new goals.

Frustrated Leaders

These leaders know their companies can be better, but they’re upset because they can’t scale at the rate they want. They bottle up their grievances and aren’t sure where the disconnect is with their teams.

These leaders could seek guidance from a third party, whether that’s a friend or colleague. An outside perspective can help identify problem areas. They also need to hear out their team members and get firsthand accounts on what’s not working. Both perspectives can help turn frustration into focus.

Mindful Leaders

These leaders recognize that rapid growth is positive as long as they scale appropriately with formal organization and efficient processes. They are careful to avoid pushing forward blindly and losing essential parts of their culture and values along the way. However, they may take too long to think things through and miss new opportunities that come along because they couldn’t act quickly enough.

These leaders should make sure they are sticking to the systems they have in place while remaining open to new opportunities and evaluating them in a timely manner. It’s important to constantly reevaluate and adapt as the company grows and changes shape.

Control Freaks

These leaders can’t seem to let go of the wheel. They micromanage and don’t trust their team to get the job done, which fosters an atmosphere of frustration and mistrust. In this atmosphere, they can no longer lead effectively.

They should work with their teams to identify why the company exists, what motivates team members and why their work is important. That will not only help the leader and the team establish a better dynamic, but it will also help them both understand where the company is now and where it’s going.

When evaluating your leadership style, be honest with yourself. If you can pinpoint where you are on the leadership spectrum, then you’ll better account for your challenges and capitalize on your assets. And that’s how you become more self-aware and, in turn, a much stronger leader.