Cloud Security for Small Businesses

Seven Simple Cloud Security Measures For SMES

More and more of us are storing data in the Cloud and using Cloud based apps, making the most of the anytime, anywhere access and constant back-up of our data that the Cloud provides.

But how can we ensure our data in the Cloud is safe? Here are seven simple security measures to help you ensure your business data is as safe as it can be in the Cloud (and out of it!).

Pick Your Cloud Provider Carefully



Make sure you’re armed with as much information as possible before you make your choice. Where are their cloud servers located? What security measures do they have in place (and do they include encryption?). Under which data protection regulations do they fall (this can vary depending on the physical location of the servers and the location of the registered office of the company). Do they offer a VPN (virtual private network) service for more secure remote access?


It’s also worth asking what happens to your data when you delete it at your end. Although you can no longer see it, it may not truly be deleted at all, meaning it’s still out there to be found by determined cyber criminals.

Keep Security Software Up to Date



Any security software is only as good as it’s last update, and the most secure versions of any other apps and operating systems you use is the most recent, so make sure everything is updated regularly. It’s a little pointless to choose a Cloud provider with a great security record if malware on your PC is logging every keystroke.

Use encryption



Your Cloud provider should be encrypting your data, but another good layer of security is to encrypt the data at your end too, so that’s it extra secure before it’s uploaded to the Cloud.

Avoid Operating on an ‘Access All Areas’ Basis



While allowing everyone in your company to have access to everything may seem tempting simple and hassle-free, it’s not a good idea. Ensuring that employees can only access the specific information they need to do their job is one of the best ways to protect not just your data but them as well.


Also, while it may seem a good idea to upload everything to the Cloud, using it as another form of back-up, this isn’t wise either. It can be a hard habit to get into, but think before you put information online or upload it to the Cloud. If it doesn’t need to be there, it’s almost certainly safer where it is – and if it’s sensitive but redundant data, it’s best to be rid of it entirely

Lock in your logins



This may sound like security 101, but do ensure that you and your employees keep their passwords secure – and although everyone will hate you for it, insisting on regular password changes is a good idea too. It only takes that sticky note on Robert’s monitor to fall into the wrong hands and bam – your security is gone. Encourage employees to choose different passwords for work than those they use at home, and to go for the memorable but not the obvious.


Combinations of characters, numbers and symbols are more secure than words.

Use Two or Multi-step Authentication



This requires an additional element to be provided when you login, be that a biometric element such as your fingerprint, voice or retinal scan, a possession element (such as a keycard you must swipe or a security token), or a code or pin (this could be randomly generated and/or sent to the user by test or email).
Remember that awareness is the key


There are two facets of awareness to be considered here – your awareness of your company’s Cloud and internet use, and the cyber security awareness of your employees.


Your Cloud provider may supply activity monitoring as a service. It may not be the most fascinating data to look through, but it’s worth casting your eye over who has logged in – and when and where they did so. This allows you to pinpoint any unusual or suspicious activity and investigate immediately.


Ensure your employees are aware of all the methods cybercriminals can use to hack your system, including phishing. They need to be wary of any email or phone call asking for information, and emails containing links or attached files. They also need to make the security of hardware a priority, making sure laptops, tablets, Smartphones and USB sticks etc are password protected and stored securely.

Stephanie Whalley
Serial snacker, compulsive cocktail sipper and full time wordsmith with a penchant for alliteration, all things marketing and pineapple on pizza.