Insights
INSIGHTS
All Topics
How to protect your data in the cloud
21 Jul 2021by Paul Rubens
We look at some important security measures you should take to keep your charity’s cloud services secure
How easy is it for cyber criminals to access your charity’s cloud accounts and steal your confidential information or even your charity’s funds?
It’s an important question to ask, because charities are increasingly turning to the cloud for vital software services such as constituent relationship management (CRM), fundraising, service management, and even online retailing.
The answer is that it is very hard for cyber criminals to gain access to these services – but only if you take the right security precautions. That’s because most reputable cloud service providers have stringent security measures in place to protect your charity’s data.
The principal weak spot is you, the cloud service user, and most cyber criminals that break in to cloud services are able to do so because the cloud service user, rather than the cloud service provider, has failed to keep their cloud accounts secure.
The top cloud security tips
Here are the most important things that you should ensure that your charity’s staff can do to keep your charity’s cloud accounts secure:
-
Use a strong password
Three quarters of all cloud breaches are caused by service users choosing weak passwords, which cyber criminals can easily guess. That’s why you should use a password made up of at least 13, and preferably more, upper and lower case letters, numbers, and special characters such as ! or &.
For maximum security, choose a password made up of random characters rather than a combinations of words. These random passwords are almost impossible to remember, so use a password manager to store them rather than writing them down.
-
Use Two Factor Authentication (2FA)
When you activate 2FA for a cloud account, you need to provide your password and also something else such as a fingerprint or a code which is sent by text message to your phone, before you can log in.
This makes your cloud account far more secure, because in order to break in a cyber criminal would have to guess your password and get access to your second factor (such as your fingerprint or your phone).
-
Use endpoint protection software
Malware called keylogging software, which can infect your computer as a result of a phishing attack, is capable of recording your password when you type it on your keyboard and then sending it to cyber criminals.
The best way to protect against keyloggers and other malware is to ensure that any computer that you use to access a cloud service is protected with up-to-date endpoint protection software.
-
Turn on account alerts
Many cloud services offer the option of providing alerts whenever anyone logs in to a cloud service, or when they log in from an unrecognised computer or from a new location of IP address.
These alerts can be very valuable to help you monitor your charity’s cloud account usage and to spot when unusual activity is taking place in the account.
Related Articles
-
Use a VPN on public Wi-Fi spots
Open Wi-Fi spots in cafes or train stations can be very insecure because it is relatively easy for anyone with basic hacking skills to intercept your passwords as they travel over the Wi-Fi connection.
Public Wi-Fi access points that require a password are far more secure because each Wi-Fi user’s traffic is encrypted with a unique key. But despite this they still provide opportunities for criminals to access your cloud accounts.
The solution is to use a VPN service to encrypt all your data as soon as it leaves your computer or mobile device and before it goes over the Wi-Fi connection.
-
Check connected apps and accounts
Some cloud services allow you to connect to them through a variety of external apps and accounts, and this can be very useful. However, it is important to review which apps and accounts have access to your cloud services regularly and remove access to any that are no longer used.
This is important because external apps and accounts may be hacked by cyber criminals, so the fewer of these that can access your cloud accounts the better. It’s also likely that you may not take care to secure any apps and accounts that are no longer used.
-
Consider using a cloud access security broker (CASB)
A CASB is a piece of software which your charity can run in its offices or access from the cloud to help keep its cloud accounts secure.
It works by sitting between cloud service users and the cloud services they want to access, monitoring all activity, enforcing security policies (such as password policies or the activation of 2FA), and preventing malware attacks.
Gartner provides a list of CASBs, along with reviews and ratings.
-
Don’t forget to log out
It may seem obvious, but one of the most important ways to keep your charity’s cloud data secure is to ensure that you log out of the service after you have finished using it.
Failing to log out means that anyone gaining access to your computer either in person or remotely can completely bypass many of the security measures which are in place to protect your charity’s cloud account.
More on this topic
Recommended Products
08 Nov 2024by Laura Stanley
Artificial intelligence: Responsible use for charitiesSponsored Article
31 Oct 2024by Laura Stanley
What cyber certification can do for charitiesSponsored Article
30 Oct 2024by Jane Waterfall
A charity guide to maintaining Cyber Essentials all year roundSponsored Article
Our Events
Charity Digital Academy
Our courses aim, in just three hours, to enhance soft skills and hard skills, boost your knowledge of finance and artificial intelligence, and supercharge your digital capabilities. Check out some of the incredible options by clicking here.
© 2022 Charity Digital Trust. All rights reserved
