sb-nz logo
Story image

Security tips for SMBs moving to the cloud

30 Oct 2018

Small-to-medium sized businesses (SMBs) are increasingly moving their data, information, and processes to cloud-based services, due to the benefits in cost reduction and workflow the cloud offers. While cloud-based information storage and management services are touted to improve internal business performance, there are risks involved in cloud storage, especially when networks are improperly secured. Organisations taking the next step in digitalisation, innovation, and cloud management must take appropriate security measures to protect their data according to ESET. 

Cloud-based services offer organisations benefits including faster and more accurate data management, network connections that aren’t bound to physical or time restraints, and improved overall workflow. Organisations that want to enjoy these transformations need to properly adopt and install cloud systems. 

Nick FitzGerald, senior research fellow, ESET, said, "SMB managers considering moving to the cloud should assess and prepare for the changes this will bring to their existing security infrastructure. Due to the confidentiality and volume of information cloud services usually store for organisations, shifting to the cloud comes with added security responsibilities that leaders need to be on top of." 

ESET has shared four ways organisations considering moving to the cloud can set themselves up for secure data management: 

1. Pre-emptively consider the security risks. Decision-makers should assess their organisation's IT security capacity to fend off cybersecurity threats. Cyber attacks targeted at organisations can be sophisticated, so cloud systems must be fortified against the latest malware. 

Nick FitzGerald said, "Part of this audit might include examining security processes and tools IT admins use and making changes where needed, based on informed understanding of the type of threats which could affect them. This needs to be done before data is shifted to a cloud-based system." 

2. Check credentials. Organisations can choose between various cloud services and providers, weighing up variables such as cost and effectiveness. Organisations should also compare cloud services in terms of their security. Managers can research cloud providers’ security track records, consult reviews, and be aware of any past data breaches or successful attacks. Organisations should lean towards providers with a transparent commitment to cybersecurity, and opt for encrypted cloud services that enable authentication and access restrictions for immediate and basic security. 

3. Encrypt data. Organisations should prepare to encrypt all data that will be stored in the cloud. Data stored in the cloud can’t be physically protected by its "owners", so enterprises need to implement the right technologies to protect it. Encrypted data is not accessible without valid access credentials, so even if a cloud provider’s systems are compromised, encrypted data they store is effectively inaccessible. When important and sensitive information about clients, consumers, partners or internal practices are encrypted in the cloud, they are safer from breaches.   

4. Enlist two-factor authentication (2FA). While an esteemed cloud provider may protect data to a higher degree than others, the responsibility still falls to individual organisations to manage data security. Organisations must not forget that data breaches can still occur internally. Open networks are vulnerable so, to prevent successful data breaches from within, organisations should police access to stored data. An effective method of restricted access is 2FA, which validates users’ identities more reliably than just passwords. 

Nick FitzGerald said, "Organisations must be aware of and prepared for the extra responsibility that comes with cloud transformations. Organisations can’t just sit back and relax once data is moved into the cloud because, while the cloud offers various benefits, it potentially creates a higher risk of information breaches. Organisations must invest in quality systems from trusted cloud providers to leverage the benefits of cloud securely." 

Story image
As digital transformation grows in A/NZ companies, misconceptions about their role in cloud security abound
While an 81% majority of A/NZ organisations are accelerating their digital transformation, a giant 99% of surveyed respondents say they believe their cloud security provider provides enough protection, according to a Trend Micro study. More
Story image
Dark net vendors wanting Bitcoin payments for unverified COVID-19 vaccines
As the medicines are being offered on the dark net, purchasers have no way of knowing whether they are genuine, according to Check Point.More
Story image
Quantea and Attivo Networks launch joint network security solution
"Attivo and Quantea together provide advanced, real-time, in-network threat detection and improved incident response."More
Story image
The current state of ransomware — and its future
Discoveries made by analysts at Sophos have unearthed a new development: ransomware code appears to have been shared across ‘families’, and some of the ransomware groups seemed to work in collaboration more than in competition with one another. More
Story image
How the editorial team works at Techday: Our tips for you
Preparing your releases in a particular way will not only make our lives easier, but improve the chances of your lead being picked among the masses.More
Story image
Hornetsecurity acquires Altaro, the latest in acquisition spree
The move is a culmination of a medley of acquisitions made by Hornetsecurity recently, following the January 2019 acquisition of Spamina, a Spanish cloud email security company, as well as EveryCloud, its British market partner, in early 2020.More