Winter is coming for your cloud systems.Are they ready?

And with Black Friday and Cyber Monday upcoming (with new year campaigns after that), the present represents the perfect time to upgrade your security measures so that your business isn’t caught out right before the busiest time of the year. While some companies – like one of the leading e-commerce companies in Turkey – get caught out by not following the data on such days to make sure their inventory can handle the volume of business that occurs on these days, others get caught out by not paying attention to the security risks that come with doing big business.

Many businesses see the idea of using the cloud for work as exacerbating these risks. The cloud means that other people are seeing your data, opening you up to cyber-attacks, the threats of insider leaks seems higher, there could be legal liabilities, a lack of standardization, a lack of support, and other issues.

Don’t worry – it’s actually the other way round. Unless your company invests time and money heavily in updates, implementations and security issues – the cloud is actually the more secure way to go. This is mostly because cloud providers absolutely do have the time and expertise to maintain all software patches and implement security, and probably they can do it all for much cheaper than you’d do on your own. Here are a few ways that services such as those offered by Commencis make sure your cloud usage is as healthy as possible.

Passwords are obviously incredibly important for any security policy, particularly for companies for whom employees work remotely or on personal devices. Services that help generate and manage passwords with secure password generation options can ensure that passwords are safe and secure. Alternatively, Lightweight Directory Access Protocol (LDAP) (which are by definition not encrypted), can become encrypted communications using Active Directory profiles to highlight any weaknesses in the password security chain, as well as help with syncing devices in the even that people are using personal devices rather than company ones.

All this is necessary, as you just can’t rely on employees to be safe with passwords in the modern era. In an age where even one easy-to-hack password can bring down an entire company, the vast majority of people reuse simple passwords across literally hundreds of channels³.

Encryption is just about the easiest and most obvious way to protect your data. Despite this, most companies don’t use encryption, mostly because they think it will be too complex and too much of a hassle. Well, encryption technology has caught up with the times and it’s never been easier to encrypt your data, so that even if a laptop is stolen, the data inside it will remain safe.

This includes making sure that online transactions use Secure Sockets Layers (SSL), which ensures an encrypted link between browsers and the web server.

The e-Bay hack from 2014 provides a prime example (amongst many) within e-commerce wherein over 120 million passwords were stolen by phishing e-Bay staff members. Two-factor authentication would have solved this, preventing anyone from logging in without either an encrypted USB key or asymmetric public key generator⁴.

As in the above example, most security breaches begin with mistakes by regular employees. In fact, 54% of all data breaches can be traced back to either the negligence or ignorance of employees⁵. Training can provide clear guidelines for how to handle the most sensitive data, and particularly lower-level executives who are often the primary targets. To prevent basic negligence on top of ignorance, 6-month refreshers have been found to be useful, which can also update employees on the latest threats.

Black Friday is famous for sites crashing, as it has with Lowe’s, with J. Crew, and with Turkish sites. In 2013, PayPro Global faced an active attack that served the same purpose: to overload the site in order to crash it, and from there either extort money to or distract them from other security threats while they got the site back up. Software can be hooked up to any e-commerce website to handle this threat (whether it’s an intentional attack or not), and yet despite the cost not even resembling the cost of a crash on a busy day of commerce, relatively few companies invest in this software⁶.

The one thing you know about security is that the bad guys will be constant. There will always be new ways of infiltration, new technologies to put your data at risk, and new problems to deal with. On top of that, you’re obviously always spending your time and energy in producing revenue – companies famously spend too little on risk and too much focus on sales alone. Cloud technology and cloud security is an example of where throwing (a relatively small amount of) money at the problem and saving yourself the hassle of going through security yourself can enable your business to be set on a path for long-term success. So next time there’s a big data hack, you can chuckle to yourself rather than scrambling to make sure that you’ve done everything necessary to protect yourself.