How easy is it for cyber criminals to access your charity’s cloud accounts and steal your confidential information or even your charity’s funds?
It’s an important question to ask, because charities are increasingly turning to the cloud for vital software services such as constituent relationship management (CRM), fundraising, service management, and even online retailing.
The answer is that it is very hard for cyber criminals to gain access to these services – but only if you take the right security precautions. That’s because most reputable cloud service providers have stringent security measures in place to protect your charity’s data.
The principal weak spot is you, the cloud service user, and most cyber criminals that break in to cloud services are able to do so because the cloud service user, rather than the cloud service provider, has failed to keep their cloud accounts secure.
The top cloud security tips
Here are the most important things that you should ensure that your charity’s staff can do to keep your charity’s cloud accounts secure:
Use a strong password
Three quarters of all cloud breaches are caused by service users choosing weak passwords, which cyber criminals can easily guess. That’s why you should use a password made up of at least 13, and preferably more, upper and lower case letters, numbers, and special characters such as ! or &.
For maximum security, choose a password made up of random characters rather than a combinations of words. These random passwords are almost impossible to remember, so use a password manager to store them rather than writing them down.
Use Two Factor Authentication (2FA)
When you activate 2FA for a cloud account, you need to provide your password and also something else such as a fingerprint or a code which is sent by text message to your phone, before you can log in.
This makes your cloud account far more secure, because in order to break in a cyber criminal would have to guess your password and get access to your second factor (such as your fingerprint or your phone).
Use endpoint protection software
Malware called keylogging software, which can infect your computer as a result of a phishing attack, is capable of recording your password when you type it on your keyboard and then sending it to cyber criminals.
The best way to protect against keyloggers and other malware is to ensure that any computer that you use to access a cloud service is protected with up-to-date endpoint protection software.
Turn on account alerts
Many cloud services offer the option of providing alerts whenever anyone logs in to a cloud service, or when they log in from an unrecognised computer or from a new location of IP address.
These alerts can be very valuable to help you monitor your charity’s cloud account usage and to spot when unusual activity is taking place in the account.