We look at some important security measures you should take to keep your charity’s cloud services secure
How easy is it for cyber criminals to access your charity’s cloud accounts and steal your confidential information or even your charity’s funds?
It’s an important question to ask, because charities are increasingly turning to the cloud for vital software services such as constituent relationship management (CRM), fundraising, service management, and even online retailing.
The answer is that it is very hard for cyber criminals to gain access to these services – but only if you take the right security precautions. That’s because most reputable cloud service providers have stringent security measures in place to protect your charity’s data.
The principal weak spot is you, the cloud service user, and most cyber criminals that break in to cloud services are able to do so because the cloud service user, rather than the cloud service provider, has failed to keep their cloud accounts secure.
Here are the most important things that you should ensure that your charity’s staff can do to keep your charity’s cloud accounts secure:
Three quarters of all cloud breaches are caused by service users choosing weak passwords, which cyber criminals can easily guess. That’s why you should use a password made up of at least 13, and preferably more, upper and lower case letters, numbers, and special characters such as ! or &.
For maximum security, choose a password made up of random characters rather than a combinations of words. These random passwords are almost impossible to remember, so use a password manager to store them rather than writing them down.
When you activate 2FA for a cloud account, you need to provide your password and also something else such as a fingerprint or a code which is sent by text message to your phone, before you can log in.
This makes your cloud account far more secure, because in order to break in a cyber criminal would have to guess your password and get access to your second factor (such as your fingerprint or your phone).
Malware called keylogging software, which can infect your computer as a result of a phishing attack, is capable of recording your password when you type it on your keyboard and then sending it to cyber criminals.
The best way to protect against keyloggers and other malware is to ensure that any computer that you use to access a cloud service is protected with up-to-date endpoint protection software.
Many cloud services offer the option of providing alerts whenever anyone logs in to a cloud service, or when they log in from an unrecognised computer or from a new location of IP address.
These alerts can be very valuable to help you monitor your charity’s cloud account usage and to spot when unusual activity is taking place in the account.
Open Wi-Fi spots in cafes or train stations can be very insecure because it is relatively easy for anyone with basic hacking skills to intercept your passwords as they travel over the Wi-Fi connection.
Public Wi-Fi access points that require a password are far more secure because each Wi-Fi user’s traffic is encrypted with a unique key. But despite this they still provide opportunities for criminals to access your cloud accounts.
The solution is to use a VPN service to encrypt all your data as soon as it leaves your computer or mobile device and before it goes over the Wi-Fi connection.
Some cloud services allow you to connect to them through a variety of external apps and accounts, and this can be very useful. However, it is important to review which apps and accounts have access to your cloud services regularly and remove access to any that are no longer used.
This is important because external apps and accounts may be hacked by cyber criminals, so the fewer of these that can access your cloud accounts the better. It’s also likely that you may not take care to secure any apps and accounts that are no longer used.
A CASB is a piece of software which your charity can run in its offices or access from the cloud to help keep its cloud accounts secure.
It works by sitting between cloud service users and the cloud services they want to access, monitoring all activity, enforcing security policies (such as password policies or the activation of 2FA), and preventing malware attacks.
Gartner provides a list of CASBs, along with reviews and ratings.
It may seem obvious, but one of the most important ways to keep your charity’s cloud data secure is to ensure that you log out of the service after you have finished using it.
Failing to log out means that anyone gaining access to your computer either in person or remotely can completely bypass many of the security measures which are in place to protect your charity’s cloud account.