It seems like every month there’s another story about a big data breach at a large company. While this is bad news for consumers, it’s also not good for the companies that experienced the breach. Many of these companies had to pay large fines and lost customers as a result of the breach. So much so that many consider information security to be a board-level discussion. In some cases, the CEO or CIO has been fired due to a data breach.
If you deal with cloud security in your organization, here are a few things your department heads need to know.
It Can Happen to Anyone
As big names like Yahoo, Equifax, Target, and LinkedIn prove, it doesn’t matter what industry you’re in or how big you are, a data breach can happen to anyone. The breach at Equifax, which is one of the latest to occur, impacts around 143 million Americans. Even worse, it compromises highly sensitive information, such as social security numbers, driver’s license numbers, and addresses. As a result, this breach now ranks as one of the worst of all time.
Unfortunately, the problem isn’t going away. In fact, U.S. companies suffered 1,093 data breaches in 2016, which is up 40 percent from the year before.
Employees Pose the Biggest Threat
While we all picture cunning hackers as the masterminds behind all these data breaches, the truth is, employees pose one of the biggest threats to your data security. In fact, a 2015 Data Breach Industry Forecast claims it was actually employees who caused around 60 percent of security incidents. These risks can include anything from employees clicking on a phishing link and accidentally downloading malware to those who work remotely and use their personal device to get access to sensitive information outside of the company network.
You Need a Security Policy
Even with all the headlines about data breaches, a survey from Cloud Security Alliance shows that 25.5 percent of respondents don’t have a security policy in place for dealing with data security in the cloud, and 6.4 percent aren’t sure whether or not they do have a policy in place. This shows that not only is it critically important to have policies and procedures in place to protect your data in the cloud, it’s also necessary to make sure all employees know what this security policy entails. It is highly recommended that organizations adopt a cloud security technology that can protect their data across all the cloud services in use, such as a cloud access security broker (CASB).
You Need to Use the Right Tools the Correct Way
Your security policy will likely include a plan for which tools to use to protect your data in the cloud, and it’s very important that you actually use these tools the right way. In one survey by The Register, 60 percent of respondents said they use VPN connections, which is good news. However, only 34 percent said they use cloud firewalls, and just 15 percent responded that they use tokenization of sensitive data. This shows that companies aren’t using all of the preventative measures they have available to keep data secure.
Whether you dread it or you’re all for it, there’s no denying that cloud computing isn’t going away anytime soon. Therefore, it’s now more important than ever to make sure that the leaders of your organization know about cloud security and how to keep data safe.
Image via Flickr by Visual Content