Insider security is at the forefront of everyone’s minds in the aftermath of Target’s security breach. While the cause of the breach is still under investigation, numerous theories have been offered such as an insider security violation from one of Target’s vendors. Furthermore, Michael’s and Neiman Marcus have also disclosed they’ve suffered a security breach as well. When trusted corporations are vulnerable to external hacks as well as insider security threats, it’s no wonder businesses are leery of making the switch to a cloud environment. While no system is impervious to attack, there are ways to minimize insider threats.
Improve your interviewing/screening process
Security threats are something businesses face every day. Make sure you are vetting and hiring the right candidates to monitor and uphold your data. It’s impossible to prevent human error entirely, but it is possible to minimize your risk. Have candidates run through a series of situational questions or a mock security breach in order to evaluate how they perform under pressure. Your reputation and security should be in the hands of capable and trusted individuals.
Update password and security settings intermittently
Larger corporations usually have established security policies such as password resets. For example, every 90 days users are required to reset computer or intranet passwords, in order to reduce security breaches. Incorporate similar processes for your cloud security environments. Keep track of when employees enter and leave your employment, and reset passwords immediately. Furthermore, have your employees sign a non-disclosure agreement, in order to protect your client’s sensitive information and your company against litigation.
Limit security information exposure
While this may seem obvious, it’s worth restating. Cloud security passwords, IP addresses or usernames should only be given to those who absolutely need it to perform their role; however, this information should never be limited to only one person within the organization. If there is only one person within the overarching IT department, a manager or supervisor should have access to this information.
Cloud networks may be faster and allow for more data housing, but it doesn’t mean they are impenetrable. Traditional data center security environments provide security cameras, locks and key cards. Meanwhile cloud security primarily falls to extensive firewalls, encryption and monitoring by trusted and competent individuals. In order to mitigate human error, review and evaluate your cloud security settings frequently. Trust no one, be prepared for the worst but have confidence in your team to know how to handle a security breach crisis.