Rushing Cloud Migration Causes Increased Security Risks
The events of the last year pushed cloud solutions to the forefront of every business in every industry across Australia and the world. According to Unit 42, businesses increased their cloud workload by over 20% between December 2019 and June 2020, driven by the surge in remote working. But rushing into any solution – including the cloud – carries serious risks to data security. No matter how safe, efficient, or practical cloud solutions are, they have to be implemented correctly to actually deliver.
Data Security Breaches on the Rise
The same report shows the impact of rushed implementations, where failure to automate cloud security effectively resulted in increased security incidents. During the second quarter of 2020, incidents in retail rose by 402%, manufacturing by 230%, and government by 205%, with 65% of these incidents caused by customer misconfigurations rather than vulnerabilities in the solutions themselves. It’s a bit like having a state-of-the-art security alarm for your home, then forgetting to arm it on your way out.
The pressure of the pandemic, of a never-before-seen economic shutdown, and the stress of facing entirely new challenges made these missteps more common and more available to cybercriminals than ever before. In Australia alone, 67% of CrowdStrike’s surveyed respondents said their organisation experienced an attack, second only to India in terms of the highest volume of cyberattacks in 2020, with the Australian Cyber Security Centre (ACSC) reporting losses of up to $29 billion annually in their 2019-2020 report.
How to Protect Your Business
- Have up-to-date backups – Should a breach occur that compromises or locks down your system, the most effective way to recover is by resetting to the latest backup. However, the older the backup is, the more you lose. Set up a separate physical or encrypted cloud backup to run daily, with end-of-week, quarterly, and yearly server backups.
- Look for misconfigurations – Now that things have calmed down a little and businesses have adapted to the new normal, it’s time to have specialists look over your cloud solution to ensure that there are no misconfigurations, that all security measures are implemented, and that your setup is optimised for your business.
- Make sure all devices and networks are secured – Security software, multifactor authentication, firewalls and spam filters all work to prevent attacks from reaching your data. Have a strong password policy and actively protect administrator privileges with restrictions and strong passwords. Remember to implement policies for BYOD devices and remote working as well as your office networks and devices.
- Turn on network encryption – All data that is sent between devices on your network should be encrypted to reduce risks of theft, tampering or deletion. This can be activated on your router settings or by using a Virtual Private Network (VPN). Again, this needs to include remote devices and networks as well as those in your office space.
- Actively monitor for threats – Be clear on all IT security and BYOD policies, and educate your employees about preventing, detecting, and reporting threats. Eliminate past employees from your system, keep software updated with the latest patches, implement solutions with strong data security, and actively guide your staff in guarding company and personal data.
If you moved to a cloud or hybrid cloud solution during the pandemic and aren’t sure if your data is properly secured, speak to our team of IT security specialists today. We can evaluate, upgrade and monitor your network to prevent your business from becoming the next statistic.