IT security has never been a bigger issue for startups and SMEs, with 3 in 5 digital firms likely to experience service failures by 2020 due to improper mitigation of risk. It comes at a time when small businesses are increasingly being targeted by hackers keen to exploit network vulnerabilities, and access their data.
Ensuring the security of your data – and more importantly, the data you hold on your customers – is essential. It’s one of the reasons that many businesses are moving to the cloud, where data is stored virtually.
It’s a cost effective solution for most business, but those things that make the cloud an attractive option – accessibility, flexibility and price – are reasons why others consider it to be unsafe. As more and more small businesses move data and processes to the cloud, here’s a handy guide to ensuring your data is safe.
Not all clouds are equal
When we talk about the cloud we’re talking about using the internet to manage, process and store data. It frees your business up from owning and managing expensive resources like networks and servers.
It also means your data is accessible from anywhere with a secure internet connection, allowing greater flexibility at work.
When it comes to cloud services your business can choose to store some, or all of your data virtually. Each SME is likely to have their own unique set of requirements for using the cloud. This will depend on what current IT systems are in place, what hardware you own, your data requirements and the amount of data – particularly that on your customers – that you need to store.
It may seem like the cloud is one single system, but it’s not.
There are numerous cloud solutions, platforms and providers out there – and you may already be using some of them.
The first thing to understand is that not all clouds are equal. Some are safer than others.
Where is my data?
When we talk about the security of the cloud, we are often talking about the security of the provider.
How and where your data is stored is increasingly important with the introduction of the new EU Data Protection Regulation which will affect all businesses.
Your data will be stored somewhere, and this is important. Some cloud companies store data in the UK, whereas others will send it to storage facilities in other parts of the world.
This legal change places additional responsibilities for the safety of data onto both the owner of that data (you) and the company processing it.
Get things wrong and you could both be looking at hefty fines.
When investigating what cloud provider to use, part of your due diligence should be spent exploring the security credentials of your partners. If you are unsure of what to look for, there are some handy tips that should help here.
Pay to play
Many small businesses use free cloud systems. While these might save your business money, they could expose you to unnecessary risk.
The reason is that free cloud storage won’t contain the highest levels of security for your data. If you are relying on free data storage, it’s also likely that you will be breaking data protection rules too.
Paid-for storage will have higher levels of authentication, allow files to be stored for longer and offer greater retention (storing more iterations of previously saved files).
As a business owner you will also have greater control over the administration of your cloud services, ensuring you’re in control of who uses your cloud, and how they use it.
As well as higher levels of security, paid-for storage sees you entering into an agreement with the provider, with legally enforceable terms and conditions – useful in the event of a problem or costly data breach.
One of the easiest ways for a hacker to gain access to your system isn’t by exploiting technology, it’s by exploiting people.
The safety of your data is most at risk from the actions of your staff and, if you’re not careful, yourself too.
With almost 50% of people admitting to using unsafe passwords, like familiar birthdays or children’s names, it’s likely that many people will use the same passwords (and often email addresses) for work and personal purposes.
Staff training, proper password etiquette and an understanding of the impact of a security breach are all essential ways you can safeguard your data in the cloud. Find out more about how to do this in our guide on; How to defend your small business from ‘Insider Threats’
The cloud makes your data accessible in new ways that challenge security. Mobile phones, tablets and personal computers and laptops can all be used to access your workplace data – and can all be used by hackers.
The phenomenon of using your own tech, known as ‘Bring Your Own Device’ or BYOD for short, is tricky because it requires your staff to be as security conscious and up-to-date with their virus protection and system updates as your business is.
It’s difficult to legislate for this, and difficult to estimate the risk your business faces, but the ‘lack of visibility’ of so-called ‘shadow IT’ devices is a key concern for IT professionals as we head into 2017. Training, policies and awareness are all methods of improving your protection.
Is the cloud safer or not?
The cloud is new, but the risks and vulnerabilities aren’t. Lapsed security, poor password etiquette and malicious attackers manipulating vulnerabilities in technology are as old as computers themselves.
The risks of the cloud are all manageable. Many SMEs find they have adopted cloud technologies on an emergent basis, adding them in a piecemeal way.
The best way to protect yourself is to plan your cloud IT implementation strategically. This means planning and investing in the right areas, building a system from the ground up that’s secure.
It’s not something that small businesses have always been good at, but it’s about working with partners who value security as much as you do, and about investing in training for staff to help them understand the importance of security in a rapidly changing IT environment.
The cloud is neither inherently safe or not. What is different are the risks your business faces. How you manage these will define how safe your business is.
About the author
This article was written exclusively for ByteStart by Principal – a national IT and print solutions company.
ByteStart is packed with lots of help and great advice on all aspects of running your own business. Try some of our most popular guides and articles for starters;
- Getting your IT right as your startup grows
- How to master your inbox in five simple steps
- 5 Top small business tools that will save you time, hassle and money
- A Beginner’s guide to cloud computing for small and start-up businesses
- Should you prepare your small business to take payments through Apple Pay?
- 5 things you must do when you go self employed
- 10 advantages running your business as a limited company has over being a sole trader
- How to set up a limited company
- 10 Do’s and Don’ts of writing a business plan
- Which types of insurance must your business have?
Funding your business
- How to maximise your chances of securing a small business loan
- A Guide to ‘Alternative Finance’ – the new funding options for startups and small businesses
- Finding finance for your new business – funding advice for start-ups
- How peer-to-peer lending offers businesses a new funding option
- What to do when the bank says “NO”!
Tax & Accounts
- 10 ways small business owners can pay less tax
- How to choose the best online accounting software for your business
- Book-keeping basics every new business owner must know
- A Guide to the main business taxes
- Dividend tax changes from April 2016 – A summary of the financial effects for small business owners
Website & Online marketing
- Turn your ecommerce website into a deadly selling tool with these 5 steps
- 7 Mistakes you could be making with your website
- Making your business a success online – A Digital marketing guide for small business owners
- How to attract customers from heaven – not clients from hell!
- When to get SEO for your website, and when not to