Cloud computing has become a central component of business technology. The fact is that for small and midsized firms, using the cloud opens significant doors to productivity options they never had before. As cloud applications like Office 365 make moving to the cloud a compelling choice for businesses, there are still important questions executives should address before leaping into a new production model. This is because the cloud introduces its own set of security concerns and training needs to the business world.
- Establish firm organizational policy on what type of documents can and cannot be stored in the cloud, and what cloud vendors these documents can be shared with. There are soft and hard ways to do this, I’ll give you an example from the two extremes:
- A clear written policy is the bare minimum. Your company hiring documents should include information to end users about how not to use company data. If you don’t at very least clearly define correct behavior, you have very little legal or ethical ground to defend yourself when an employee does something stupid.
Use process: There are technology tools to control information flow within your organization. For example, SharePoint allows you to clearly articulate companywide policies on accessing files. This gives users the ability to ‘check out’ documents they are working on or lets admins establish version history so Fat Fingered Fred can’t save over your mission critical excel file.
Another example would be Exchange Online offers organization wide compliance tools that can ensure emails are not inappropriately used (e.g. that documents with client SSNs aren’t sent out to competing firms, etc.)
Whether you decide to build an idiot-proofed fortress or to just trust your employees and state it in the handbook, you at least should take a moment and deliberately think on why you are making that choice.
- Don’t store personal documents on your company cloud environment.
- Don’t store company documents on the same SkyDrive or DropBox account you use for home.
- Be cautious downloading company documents from the cloud on personal devices.
- Check organizational policy on downloading personal documents at work.
If your firm does have a BYOD policy (bring your own device), the owner should review how they want to execute this BYOD policy with a consultant. For example, do your employees understand you have a legal right to wipe their personal data off their device if they have company data on it and misplace it? Are you as an employer comfortable doing this from a HR standpoint? (Leaving company data on a stolen device is not really an option, so make sure you are prepared for that scenario, as people do frequently lose phones and tablets)
Given how many things we use passwords for, it is tempting to reuse the same one over and over and over…..don’t do it! If someone hacks your personal password, they could gain access to your company’s sensitive information. Create a unique password for each cloud account (and for that matter, all other accounts).
Note that I recognize this can get insane to deal with, so I would recommend looking into password management tools. Just make sure if you use them, the main password to the manager is insanely secure. Otherwise you just gave any interested hacker a skeleton key to your life.
To learn more, see our subsidiary EMRSoap’s post on creating secure passwords.
Configure your cloud accounts to automatically not share any files or information with anyone your company IT hasn’t designated – you can always individually determine sharing on a case-by-case basis, but you don’t want to default to leaving your pants down.
This is brought up as some services are secure by default (Office 365 is an example of one that errs on the side of caution), but other cloud products default to sharing or use of your data by default. (Gmail is a good example of that defaults to sharing your data). I.E. If you use Google Apps for your business accounts, which small firms do, take a deep breath and reconsider the logic of using a cloud service who makes their money by selling advertising and search data.
- Additional Note: If you are the type of user who constantly gets frustrated with Anti-Virus processes slowing down your CPU and you just turn the processes off. Consider heuristic based (behavior based) antivirus options instead. These inherently require less processing as they don’t endlessly que off of a virus database for their process. ESET is a good example of a strong heuristic based endpoint AV.
If your organization is considering moving to the cloud, contact Office 365 Advisors. We offer expert consulting and services regarding Office 365 migration, use, and security. Contact an Office 365 Advisors representative today for more information.