Cloud computing has become invaluable to small businesses. 94% of companies now use the cloud in 2022, largely because of the shift to remote and hybrid work. You may not even realize how much you’re using the cloud. Businesses use it for everything from email and video conferencing to software and storage. Because of all the cloud-based products and services we use, Statista reports that 60% of corporate data is now stored in the cloud. This only continues to grow.
One of the many benefits of the cloud is how secure it can be. In fact, McAfee reports that the majority (52%) of organizations experience better security in the cloud than IT environments that are set up on site.
That said, the many ways we use the cloud do make us vulnerable to malicious attacks. Cybersecurity is more important than ever.
Security must be multi-layered and regularly reviewed as part of your business operations. Though the cloud certainly comes with strong security, it’s important to institute your own policies and procedures to add to the protection. We explore six relatively simple steps to staying secure in the cloud.
Understand what security is in place
Cloud-based products and services have a tremendous amount of security. They “offer a broad set of policies, technologies, and controls that strengthen your security posture overall,” Microsoft claims, “helping protect your data, apps, and infrastructure from potential threats.”
60% of corporate data is now stored in the cloudSOURCE: Statista
However, it is up to you to understand exactly what security is in place. Note Microsoft’s use of the term “broad” in their description of that security. You must customize the settings in order to optimize them for your business. Each business is unique, so you may want to increase the security in certain areas depending on your use. Make sure your security settings are consistent with the sensitivity of what you’re storing and how you’re using the product.
In addition, it’s also important to understand how often the security is updated and whether you need to do anything on your end – such as upgrade your operating system – in order to access it.
Control access rights
Access rights should be established when an employee is onboarded and immediately revoked when they leave. Employees should also be trained on security (more on that later) and given the minimum amount of access they need. That need must be proven and regularly reviewed. Unless employees have a legitimate business reason, they shouldn’t have access to your cloud resources and no one should have access to all of your cloud resources. Limited access protects your business. That way if a hacker manages to gain access to one person’s account, they won’t get access to every aspect of your business.
Meraki Go Router Firewalls give you the ability to create four separate WiFi networks. Each network can be configured with a unique name along with custom web blocking and usage settings. This allows you to stay PCI compliant, for example, by segmenting your traffic into separate networks for your business, point-of-sale (POS) systems, and Guest WiFi.
Set up strong passwords
Hackers have an incredible set of tools today to get past your password. One way is just sheer brute force and guessing guessing guessing until they’ve got it right. One hacker, for example, developed a program that could try 350 billion guesses a second to crack 8-character passwords. Then there’s phishing where the hacker tricks you to give up your password. Of course there are other criminals who simply buy your password on the dark web after any number of data breaches.
As a reminder, here are the recommendations for crafting a secure password:
- Make it long This is the most powerful protector. 15 characters or more is the ideal today.
- Make it complicated No “password” or “12345,” please. Mix up letters, numbers, and symbols along with upper and lower case. And guess what? Leetspeak – replacing letters with numbers or characters, as in “c3n50red” – is well understood by hackers and no longer a strong defense.
- Make it unpredictable Create phrases with an odd combination of words that no program could logically put together.
You can also consider using a password generator – which can be a software program, hardware device, or online tool – that produces randomly generated content using an algorithm.
Set up multi-factor authentication (MFA)
Multi-factor authentication is surprisingly simple. MFA allows you to protect your networks by adding another security identifier on top of your username and password. Sometimes it’s a security question you must answer. Many times it’s entering a code that’s been pushed to you by text or email (as shown in the photo above). Other times it’s a separate app that authenticates who you are.
The U.S. Cybersecurity & Infrastructure Security Agency highly recommends using multi-factor authentication. “Even if one credential becomes compromised,” they explain, “unauthorized users will be unable to meet the second authentication requirement and will not be able to access the targeted physical space, computing device, network, or database.”
Though deceptively simple, multi-factor authentication is also shockingly effective. Microsoft reports it blocks nearly 100% of account attacks. That level of security is important to Meraki Go and why we allow you to set up MFA on your account.
Malware and phishing training
Hackers adjust their approach all the time. Sometimes it’s email. Sometimes it’s a text. They find our vulnerabilities, discovering what gets us to divulge personal information or prompt us to click on a link. Because the danger is evolving all the time, so should the training. Training is not something you only do once; it should be ongoing. As a starting point, your employees should be trained at least once a year. Your team needs to be reminded what phishing can look like. The fresher it is in a person’s mind, the easier it is to identify it. And they need to be updated on the latest nefarious techniques of hackers and the damage malware can do.
Regularly review what you keep in the cloud
Just because you have the room, it doesn’t mean everything needs to be stored on the cloud. Personal information, tax information, medical information, and anything central to running your business every day should not be kept in the cloud. The cloud is wonderful for emails and collaborative files, but even those should be deleted if and when they’re no longer of any use.
Multi-factor authentication blocks nearly 100% of account attacksSOURCE: Microsoft
Out of sight does not mean out of mind. Rather than considering the cloud as an endless dumping ground, one should think of it the other way – something must be important enough to store there. Consider deleting unused data or documents after a certain amount of time. Some services allow you to set a time limit for when unused material will be deleted automatically.
As part of an in-depth approach to security, also consider encrypting your most sensitive material even if you think it’s well protected. The Federal Trade Commission adds, “If your data contains sensitive information, encrypting that data is a basic principle of security regardless of where it’s stored.” It’s also good practice to encrypt anything you don’t necessarily access on a regular basis but you still want to keep.
Meraki Go knows security is top of mind for small businesses today and we want to make it easy to protect your network. Everything can be managed through our intuitive mobile app and web portal, so checking your business’ WiFi usage, troubleshooting and making needed changes, and staying up-to-date on security is always at your fingertips.
All of our devices include built-in business-grade security from Cisco. Automatic security updates are delivered in the cloud and let you stay ahead of the latest cyber threats. In addition, the optional Cisco Umbrella security license provides even more protection such as interactive threat intelligence and cloud malware detection. We hope you’ll consider Meraki Go your business’ partner in this “cloud first” world.
Business News Daily
U. S. Cybersecurity & Infrastructure Security Agency
Federal Trade Commission
McAfee Cloud and Risk Adoption Report (2019)