“File too big? No worries, I’ll just share it with you through Dropbox/Google Drive/Microsoft OneDrive/SharePoint/Whatever FTP.” Most of us hear that phrase at least once a week, if not once a day. These days we’re all syncing data to and from the cloud more often.
If you have employees working from home, or conducting a lot of business from their mobile device, chances are they are also uploading photos, music and other files to the cloud, too.
Here are Ten Tips you can offer them, or use as the basis for corporate policies place that will help reduce your exposure.
Use extra-strength passwords and two-factor authentication (2FA).
A long and unique (i.e. that you do not use on other sites) password, that does not include any personal data, is a good start. Some experts recommend using a password manager. Do not trust them? Will do also do not trust pen and paper… And it’s a really bad idea to have a computer file entitled “passwords”, although many people do.As a company, it makes sense to introduce 2FA, which requires the employee’s entering a code that is sent to a designated mobile device. This way, if the password is hacked, you might still be able to deter trespassers. Many of your personal FTP sites also give you this option; take advantage of it! (Just remember to update your information if you get a new phone number.)
Take out the Trash.
Many cloud storage services provide clients a little peace of mind by letting them recover deleted files for a period of time that ranges anywhere from a few days to a few weeks… just in case.That “just in case” can come back to haunt you. If you are deleting sensitive or confidential information, personal or corporate, it is important that you know what undelete options exist with the service you use. You may need to go into the “recently deleted” file to permanently wipe documents that you want to vanish permanently.
Enable all account recovery options.
I know, we just talked about the importance of making sure things have really been deleted. But what if someone else did the deleting? What if your account passwords get changed without your knowledge?Make sure you answer the security questions and complete the password reset email. Obviously, you should use a second email for the password recovery, and choose personal questions that you do not use on other sites.
Regularly audit your folder and file “shares”.
As we said at the beginning, it is common to share links with friends, family, colleagues, clients and… well, just about anyone these days. Depending on how you set up the share, it is possible these links can be passed on to others, either deliberately or by a hacker.How can you protect yourself? Use passwords on shared files – and send the password through a separate text or email. If possible, and appropriate, make the files you share “read-only”. Put time limit on the active share period. Routinely check to see who is sharing the files in your folder, and rescind privileges as needed.
Turn on and heed “Account Alerts.
Many cloud storage services have an option where you can be alerted when other sign into your account, files are shared or deleted, etc. Always keep them on – and never ignore the alerts. Many hackers will wait and see if you notice unusual activity and if you do not, they’ll hijack your space. Many viruses work the same way.
Regularly check what is going on in your account.
Same reason as above.
Consider carefully what apps you connect to what accounts.
Today, you are often asked to login using a social media account, or are asked to connect your calendar and other applications. Although it might be convenient to do so, resist the temptation. Why create another channel that could put your data at risk?
Sign-out each and every time you’re done.
This is especially important if you are using a shared device, which is very common these days of working from home.
Got a new device? Protect the new one and Deactivate the old one!
Got a new number with the new device? Make sure you change your recovery and 2FA information. Once device is no longer in use, disable it and make sure it is no longer connected to any of your cloud networks or storage spaces.
Buy extra security for all endpoints and update regularly.
Even with the best policies in place, people can inadvertently forget important protection steps, so it makes sense to protect their devices. Cisco’s AMP, Umbrella, Duo, etc. are good options you may wish to consider.
