It has never been easier to share and collaborate with co-workers on data than now. Saying that, let’s be sure we protect our sensitive company information against the threats that cloud-based computing accelerates.
Historically, you may have had an internal policy that lays out the standards for protecting data on your laptop or when using USB keys. And, you might have had to use encryption to protect that data or just restrict the usage either partially or entirely. Unfortunately, these measures offer little protection.
Every day, people are copying sensitive data to work from home or to share with a third party without realizing the risks. Your password policies, your firewalls, anti-virus, none of that protects you against a bad password on someone’s cloud storage account that syncs to a laptop that is infected with a virus. This kind of activity heightens the risk of a data breach and if a breach happens, you may not even know how or when it happened.
On average, companies take 197 days to identify, and 69 days to contain a breach.
Fortunately, there are measures you can put in place to prevent a data breach.
Three priority steps to prevent data breaches:
- Start with a data protection policy that clearly explains the risk. Most technology problems don’t start as technology problems, they start as expectation problems. So, start by explaining to your employees why they should adhere to data protection best practices.
- Ensure your company invests in a secure platform, like Microsoft 365.
- Implement advanced security tools, such as Microsoft Cloud App Security.
Cloud App Security
With Microsoft 365, you can enable Cloud App Security, which will allow you to use sensitivity labels. For instance, HR data can be labelled as sensitive so it cannot be emailed out. It can’t be copied to another platform, or even a USB key. This will prevent people from using a bunch of different cloud apps (shadow IT) with varying levels of security that could create unnecessary cyber risks.
If you have any questions about cloud security, please do not hesitate to reach out to us.