Business data is increasingly being stored online in the cloud. What does this mean for your business and your customers? What can you do to make your data safer? Here are some essential tips on cloud security.
TIP: Take the right precautions to protect your data and always get professional advice if you have concerns about the security of your data (whether in the cloud or otherwise).
Today, more and more applications run online, from remote servers. And the data they generate is also stored on those secure servers. Professional cloud applications use secure, encrypted connections. That means your data is encrypted on your computer before it's sent to the server – and also when it comes back again.
In fact, it's easier to steal a USB stick or a laptop full of data than it is to steal information in the cloud. And cloud software companies like WorkflowMax and Xero – take data security very seriously!
That said, it’s also in your best interest to do everything you can to keep you and your business safe. Here arefive keys ways to make your data more secure:
1 – Make sure your passwords are secure
Unfortunately many people use passwords that are easy to guess or that can be cracked by brute force. For example, they might use their pet's name combined with their date of birth, or their child's name spelled backwards.
So what determines a good password? Length alone is no longer enough. Longer passwords are harder to crack – but also harder to remember. Check out ‘correct horse battery staple’ for some interesting information on secure passwords.
Additional tips on password safety:
- Keep your passwords long, as random as possible, and unrelated to your own life.
- Use a different password for each cloud application.
- Never share your password
- Try using a passphrase instead. Passphrases are typically about 20 to 30 characters long and usually harder to crack than passwords.
- Store your password in a tool such as KeePass or LastPass.
2 – Use multi-factor authentication
In addition to requiring a username and password to log in, some software solutions offer multi-factor authentication. This type of solution places an additional layer of security on your login. This means that in addition to your standard login, you're required to provide another factor to authenticate your identity.
This could be a unique code generated by a separate application, service or device, or something unique to you – like your fingerprint or voice. This reduces the risk of your account being accessed if your password is compromised.
3 – Take advantage of login and online activity monitoring
Some cloud applications provide additional information about how their system is being used. Review the additional security services they provide and take advantage of them – every precaution you take makes a difference.
For example, some online services display details of when you last logged in to their service. If you notice this is incorrect, or from a suspicious location, then raise it with the appropriate party. Remember: tools like this are provided as a service – they're there for you to use.
4 – Use anti-malware (also known as anti-virus software)
Malware (short for malicious software) can get onto your computer, laptop, tablet or smartphone and do something malicious like stealing your data. It usually means that the user of the device has clicked on a link or attachment in an email, or visited a website that’s not secure. If there’s a link or attachment that you don’t know or trust then don’t click on it.
Once malware is on your machine, it might log your user ID, password or credit card information and send it to a hacker. Or it might quietly take over your computer and use it to attack other machines.
Malware is designed to be hidden, so you're not likely to notice it by chance. Make sure you use anti-malware on your phone, laptop, desktop and tablet. And always ensure that your anti-malware and any other software you have is kept up to date.
Make sure you get your anti-malware from a reputable source. This is because often what can look like genuine software, is actually malware in disguise. If in doubt, run virustotal.com as a preliminary check. Malware is one of the easiest ways for hackers to get access to your device, so it's important to take this seriously.
5 – Be aware of phishing and email fraud
‘Phishing’ happens by email. Often the email will contain links that the hacker wants you to click on. Without training, your staff might give away vital security information via phone or email.
Which brings us to the next point...
6 – Train your staff about online safety and good security practices
You wouldn't let your staff drive a forklift truck or work in sales without proper training. The same should be true of computer equipment and software.
Whether your business uses a smartphone, laptop, desktop or tablet, staff should be trained in data security best practices. They should also be taught how to choose secure passwords and identify phishing scams. Here at Xero we take our staff through mandatory online security courses at least once every year.
Every business should have a data security policy too. Check out this resource by Get Safe Online.
In Summary, make sure you take cloud security seriously by:
- Using sensible passwords
- Protecting your computing devices against malware
- Training your staff to identify risks and phishing attacks
- Complying with all laws about data storage in your area.
Security at Xero
Xero has a dedicated team of IT security experts on the hunt for any patterns of malicious activity across our systems. Therefore we can notify our users immediately if there are any problems. location of those logins, including IP address.
Security is a constantly-evolving issue for the tech industry. We strongly encourage our customers to remain vigilant about the online solutions they use. If you have any questions about this area, please check the Xero Security Page or the Xero Security Noticeboard and keep following the WorkflowMax blog for regular updates on online safety and security.