An IT security guide: How to keep your business secure in the cloud
IT security has never been a bigger issue for businesses, especially for start-ups. According to research and advisory firm Gartner, 60% of digital businesses are likely to experience serious service failures by 2020 because IT security risks haven’t been properly addressed.
This is scary stuff indeed – not least because hackers and cyber thieves seem to be turning their attention from the big players to smaller businesses. Many start-ups and SMEs simply don’t have the budget and resources to cope with or recover from these situations. The result? Businesses are forced to stop trading and end up going under.
Fortunately, there are things you can do to protect your business from data theft, ransomware and other forms of cybercrime. One of these is to use online applications to manage, process and store your sensitive customer and financial data in the cloud.
As well as being one of the safest options for data storage, the cloud also has other advantages. You can access your data and applications anywhere with a (secure) internet connection, making life easier for remote and field-based workers, and facilitating collaborative working. It’s also cost-effective as you don’t need to invest in lots of expensive hardware. And without a big server taking up oodles of space, you’ll have more room in the office, too!
Despite all these advantages, you’ll still need to take steps to protect your business when you’re working in the cloud. We’ve put together this handy IT Security Guide to help you make the right choices and keep your data safe and sound online.
Choose the right services for your business
Not all cloud-based platforms and applications are created equal. Some of them are better and safer than others, so take time to do a little research. Generally speaking, the larger the company hosting the platform, the safer your data is likely to be as they’ll have invested heavily in security and backup measures.
For data storage, names you might be familiar with include Google Drive File Stream (this has replaced Google Drive), Microsoft OneDrive, SugarSync, Dropbox and Apple iCloud Drive. Some of these offer a free service with limited storage whilst others are paid-for services only.
Here at RoundWorks, we recommend you don’t opt for a free service. Yes, it’s tempting to save money this way and as a start-up, you may not have much data to store yet. But there are reasons why a free service isn’t a good idea. To start with, security levels are likely to be lower (after all, you get what you pay for, right?) And you might be in breach of the new General Data Protection Regulation (GDPR) which came into force on 25 May 2018.
Paid-for services not only avoid these issues, they also offer other benefits. For example, your files are more likely to be synced with your devices in real time rather than ‘every so often’. So if your PC or laptop crashes, you won’t lose any work and can still access the latest version of your documents. Your files may be stored longer than with a free service and you’ll have access to a higher number of previous versions and revisions.
You’ll also have more control over how your cloud-based services are managed and administered. This gives you better insight into how your staff are accessing and using your company data. What’s more, you’ll have legal come-back if there’s a problem, as you’ll need to enter into a formal agreement with your provider.
Find out where your data will be stored
A smaller provider will probably store your data on servers here in the UK, whilst larger companies such as Google and Microsoft have storage locations all over the world. There are two key considerations here. The first is that having your data stored in multiple locations mean you’ll still be able to access it if one set of servers goes down. This means you can keep trading as normal if your provider is having problems.
The second issue is (you guessed it): that pesky GDPR again. This affects where your data is stored as well as how it’s stored. The regulation applies to all data collected, stored and managed by any business outside the USA about people and businesses within the EU.
Whilst there’s still a lot of confusion around how GDPR will be implemented and policed, it’s better to be safe than sorry. You could face a big fine if you get things wrong. Our article gives an overview of some of the things you need to do to comply from an IT viewpoint, so why not have a read of it now?
Put robust IT security systems in place
Setting up your cloud-based storage and services is just the start. You’ll need to invest in business-grade IT security systems as well, to make sure you can stop any potential cyber threats in their tracks. And we don’t just mean picking out a free or cheap anti-virus solution and hoping for the best! (In fact, a free service will invalidate your software licence as they’re designed for domestic use only).
The exact systems you need will depend on your business type and size, and the kind of information you’re storing. As well as anti-virus, services you should consider include firewalls, email filtering and security, web filtering and full disk encryption. Here at RoundWorks, we offer all these as managed services, which means we can set up, monitor and look after everything on your behalf. Simples!
We work with market-leading vendors including Webroot Secure Anywhere, Watchguard and AppRiver to keep your business and confidential data operating safely in the cloud. You can find out more about our Managed IT security services here.
Keep your systems and software up to date
Remember the WannaCry ransomware attack that brought the NHS to its knees in 2017? This could have been much less serious or avoided if a loophole in the Windows operating system used by many NHS trusts and GP practices had been patched. NHS Digital knew about the issue and cascaded the required update…but it wasn’t installed in good time.
The moral of the story is to make sure you install all upgrades, updates and security fixes as soon as they’re available. As a start-up, you’re likely to be using current versions of operating systems, software and other services such as firewalls. But don’t rest on your laurels – keep an eye out for those all-important updates and act on them ASAP. And make sure you upgrade any systems that are due to become obsolete or unsupported, well before the time comes.
RoundWorks can take care of all this for you with our Managed IT Support service.
Put IT security ‘best practice’ in place
Most cyber attacks don’t just happen by themselves; they need some form of human intervention. In most cases, that means a team member unwittingly clicking on a malicious web link or downloading an infected email attachment. You can help prevent this by putting an IT Security ‘best practice’ policy in place.
Password safety is an important part of this. Many people are guilty of using passwords that are easy to guess (birthdays, kids’ names etc) and/or using the same one across multiple applications. This is music to the (virtual) ears of a cybercriminal, so make sure it doesn’t happen in your business. You could introduce a password manager such as LastPass, which helps your staff create strong and unique passwords for each website and application they use.
Access control is another key area. You should only give each person access to the systems and programmes they need to do their jobs. For example, if a forklift truck driver working in a warehouse doesn’t need internet or email access, don’t give it to them. And make sure you close accounts for any staff members that leave or change their roles.
Other things to consider are policies around general internet use; personal and business social media use; online banking and purchasing for business purposes; and whether and how staff members are allowed to access your network using their personal smartphones and tablets.
The content of your individual IT Security policy and the rules and procedures it sets out will depend on the nature of your business. As part of our Management & Consultancy service, RoundWorks can help you implement an appropriate policy and set of procedures. We can also train and mentor your staff to adopt IT Security ‘best practice’ as part of their daily working lives.
Looking to get started in the cloud?
Let RoundWorks help! RoundWorks can take care of all this for you with our Managed IT Support service. Our expert IT consultants are here to help you get the right cloud services in place for your business. From hosted email and desktops to cloud-based servers and backup solutions, we can implement flexible, scalable systems that will get your new business off to a flying start.