People and businesses are using more cloud based technologies than ever before, in some cases without even realizing it. For example, data that used to be kept on flash drives for storage, backup, and transfer is now stored, shared, and accessed via the cloud. At the same time, when smartphone users back up data that resides on a device that is also used for work, there is often a lot of uncertainty about the amount of data that has actually been backed up, where it resides, and how long it will stay there.
In many cases, these devices are being accessed by user names, email addresses and pass codes that haven't been changed for years. Take, for example, a current iPhone 6 user whose first iDevice was an iPod. For that owner, the main purpose of having the first device was to download music, which would not seem to require a lot of pass code security. As many iDevice users have done, years of upgrading has taken them from having a device that held their music collections to one on which sensitive company data resides. Through this process the access codes that were protecting catalogues of songs become the same ones used for iCloud services.
If your company has adopted a BYOD standard and these risks sound like possibilities, take these 3 measures now to secure your data as well as network privacy in the cloud:
- Implement a password policy - Many of the most basic passwords, such the types that would be easy to remember while protecting generic data on a simple device can be cracked by an experienced hacking team within seconds. To protect this access point, implement a password policy that includes specific protocols for setting up complex access codes and then decide on a timeframe after which they must be changed.
- Consider a private cloud for highly sensitive information - Across the scope of technology, the creation of new capabilities runs faster than the development of ways secure it. If your company has highly sensitive data that cannot be put at risk, consider using a private cloud that can be put in place and secured with compartmentalized access, two-step verification, 24/7 monitoring, etc.
- Develop an understanding of how data may be transmitted to the cloud as well as what happens to it after transmission – The ease and convenience of using many cloud based services often gives users a “plug and play” mentality in which they start using a platform without having a full understanding of how it works. If there are services that are commonly used by your employees on their own devices, providing ongoing training on how their preferred cloud services work can help to avoid the unintentional transmission of sensitive data.
New technologies are not always accompanied by adequate security measures. By starting with the actions listed above, companies can start taking measures to protect their own interests, data, and privacy.