If you have data living in the cloud (who doesn’t nowadays?) and an ecommerce business you should be taking cybersecurity seriously. October is cybersecurity month and we thought we’d take the opportunity to tell you how to make sure you are doing everything to secure your data.
A number of cloud services are readily available for businesses to improve their day-to-day operations including Amazon Web Services (AWS), Google Cloud Platform (GCP) and other Infrastructure-as-a-Service (IaaS) providers. These services have allowed organizations to expand and grow their business. But while AWS and GCP excel in helping enterprises deploy Software-as-a-Service (SaaS) products, they may not offer sufficient protection for data stored in the cloud.
There is a naive level of trust in cloud computing that has permeated our daily lives. [The] illusion that the cloud is a magical place where your data is easily recoverable and available on all your devices, regardless of what apps you use. – James Ciesielski
The 2020 pandemic forced many brick and mortar companies to move much of their business online – e.g., allowing employees to work from home, signing up for new SaaS services, introducing new ecommerce stores or expanding their existing ones. While this sudden change helped protect employee safety, maintain business continuity, and recover some of the revenue lost to decreased foot traffic, the rapid shift to doing business online also introduced multiple security and data protection issues.
This article discusses the importance of implementing cybersecurity measures, the limitations of cloud computing, and tips on how to apply security protocols.
Constraints with Cloud Computing
The benefits of using an IaaS provider are obvious – no need to spend money on buying and maintaining expensive servers and computing power, along with a general sense that your data is safe, because it’s “in the cloud”. However, business owners would be wise to look into the fine print around how protected that data really is.
Once you host your data in the cloud, the IaaS provider is responsible for the protection of the foundational infrastructure, whereas business owners are responsible for protecting their own data.
Source: Awsstatic
This model clearly portrays how the customers and cloud services communicate with each other. The IaaS provider is able to support you by giving you secure infrastructure, bandwidth access, and disaster recovery, but it is up to you to be aware of the limitations of cloud computing and how you protect your information.
Cybercrime & Cloud Computing
In recent years, big companies like Adobe, Sony, Target, Equifax, and Marriott have suffered from cyberattacks. The annual Accenture’s report, Cost of Cyber Crime, has identified more than half a dozen techniques being used by criminals to compromise or delete data:
Source: Accenture
It isn’t only corporate giants that risk having their data compromised. Small to mid-sized businesses still face a threat from cybercrime even if they believe they can fly under the radar. According to the National Cyber Security Alliance, over 70 percent of small businesses were attacked, and many of them do not bounce back. The increased reliance on cloud computing has created the perfect environment for cybercriminals to take advantage of unprepared companies.
Learn more about how to secure your data here.
6 Ways To Protect the Data That Drives Your Business
Here’s a best practices checklist to ensure you are taking all the necessary precautions to protect your business:
Use a Password Manager
With multiple tools come multiple passwords. The choices for office workers today can seem to be between using weak passwords that are easy-to-remember (“password” or “1234567” are always in the Top 10 when the results from the latest data breach is published) and strong passwords that are hard-to-remember.
Instead of trying to come up with better passwords, try implementing a password manager such as 1Password or LastPass. This makes it possible to use different strong passwords for all your online services but you only have to remember a single master password. These managers help keep your passwords encrypted and locked away from unauthorized eyes.
Embrace Two-Factor Authentication
It has become common for online services to implement “multi-factor” authentication (MFA). In fact, if you don’t have that set up, you should. MFA tools send a unique code via SMS text or use an authenticator app on your mobile device.
If you have the option to choose between an SMS text or an authenticator app, go for the app. Many authenticator apps are not linked to only one device – giving you access to the MFA code if your phone isn’t close by. Secondly, it’s possible for hackers to steal your cell phone number and access any MFA codes being texted to you.
Adapt The Principle of Least Privilege
As a company expands its online footprint, it’s common for several people in the organization to have access to the online tools required to run your business. The principle of least privilege means only the people who really need the tools to do their job should have access to them.
Some tools offer “temporary permission” features, allowing limited time for an employee outside the core team to complete a task. This can make sure business doesn’t slow to a crawl while still offering improved data protection.
Control Access for Third-Party Apps
It is vital to understand how much access third-party apps have to your data. Some apps request authorization to manipulate or even delete your data when they don’t need to. As a business, you must diligently read the terms and conditions to assess the level of risk you could potentially put your business in.
Reports from industry analysts like Gartner and Forrester, along with reviews from software evaluation portals like GetApp, G2 Crowd, and Capterra, can often be helpful when evaluating a vendor’s reputation and trustworthiness.
Arm Yourself with Knowledge
Employees working from home tend to be more vulnerable to phishing attacks, malicious software, and other threats to data security. It can be hard for remote workers to stay focused with non-work related distractions at home, making it easier to click on a suspicious link. Additionally, work from home typically is done using standard residential network equipment which is less robust and easier to breach than the commercial-grade firewalls found at most offices.
The first step is to educate yourself and your team on how to avoid different phishing attacks. Here’s what to look for:
- Verify suspicious emails and texts with the sender by sending a new email, or by picking up the phone and giving them a call.
- Ignore and delete unsolicited emails or texts from people outside the organization.
- Do not open or click suspicious documents or links in an email or text. Always verify with the sender in a different channel before taking action.
- Be suspicious, always be alert when receiving unsolicited instructions via email. If you are unsure, best to leave it.
Backup Cloud Data
When was the last time you backed up your data? If your data is ever compromised, having a backup makes recovering it a lot simpler. As easy as it may sound, there are different methods for protecting data beyond the cloud. Let’s take a look at them.
Read more about Cybersecurity and cloud computing, here
Data Backup Strategies
One way of protecting your data, outside of using the cloud, is to leverage the SaaS capabilities and download your data. It can be tedious and time-consuming, as well as create clutter because you will end up with many files. Keep in mind, if these files are also saved in the cloud, you are still in a compromised situation.
The second approach is to build your own backup software in-house. This is resource intensive and lies outside the core competencies for most businesses. Even if you have the skills in-house, the opportunity costs can be prohibitive.
The third option is using a third-party solution for your data backup needs. These companies provide automated backup and restore services that allow customers to quickly recover from accidents and/or malicious attacks with just a few clicks.
Remember, always do your research, and make sure the vendor has a great track record and a history of good customer service.
Protecting your data is Protecting your Business
With cybercrime threats on the rise, it’s just a matter of time when an accident or attack happens, not if. Commit to constantly auditing your cloud computing data and taking the appropriate actions. Avoid future business disruptions by taking a few precautionary steps today. Backup your data, yesterday.
Want to learn more about ecommerce data security? Check out our data security and engineering blog. Or contact us at team@rewind.io
