It's hardly a secret that cyberattacks are on the rise. Unfortunately, small businesses in particular are increasingly becoming targets.
In fact, up to half of all small companies have already been attacked, with an average cost of about $9,000 per incident, according to the National Small Business Association.
One solution could be turning to the cloud to store your data. Generally speaking, that means using a service offered by companies such as Amazon or Google, or from dedicated storage providers like Box and Dropbox. While housing your business's valuable digital assets on someone else's servers may give you pause, you can be sure your cloud provider's bread and butter is around making sure it remains secure.
You, on the other hand, still have to make sure you secure access when you log on, which is the weak link in the chain, according to Patrick Heim, Dropbox's head of trust and security. Fortunately, there are numerous precautions you can take, and with pretty minimal cost.
Here are five things Heim recommends.
1. Do your due diligence. Once you've decided you want to move to the cloud, there are numerous providers. Choose one that has a certification from a trusted outside group. The International Organization for Standardization has something called ISO 27001. The Cloud Security Alliance's Security, Trust & Assurance Registry (STAR) is another. And the American Institute for Certified Public Accountants has service organization control reports, or SOCs, that will vouch for compliance.
2. Change up your passwords. Many small businesses use the same passwords for multiple sites. The problem is that if hackers gain access to one, they can guess your logins for others. So change it up. You may want to get a password managing application such as 1Password or LastPass to help randomly generate and remember passwords for all of your sites.
3. Consider a single sign-on tool. Once workers are inside your network, products from companies such as Okta, Centrify, and Ping will generate a secure token that your company's cloud, as well as websites and applications used by employees, will recognize before granting access.
4. Enable two-factor authentication. This is an added layer of security that essentially asks users for more information if they happen to be logging in to the cloud from a device they don't typically use. A two-factor authentication service will send a code to a user's smartphone, which they must enter to gain access. There are also dedicated security keys, which use a standard called U2F, that randomly generate secure login codes.
5. Don't entrust cloud security management to one person. That's particularly true in small companies, which tend to have high turnover, Heim says. Make sure there's a back-up person in place. And when one of those people leaves, make sure you shut down their access to your network and cloud data.
"Where you see the most [hacker] activity and the majority of the risk around the cloud is not with cloud providers," Heim says, but with small businesses that don't take the right precautions.