Cloud Hosting

TONY MAGHIRANG

Cybersecurity threats are growing in number and sophistication, but recent reports indicate that more than half of organizations worldwide do not give due priority to cybersecurity. This is especially troubling in Southeast Asia, where cybersecurity preparedness levels are scattered along the spectrum, from underdeveloped to advanced.

Gibu Mathew, vice president and general manager, Asia Pacific, Zoho Corp., recommended some basic steps that information technology (IT) departments could take to proactively ensure the safety of the network and the valuable data it contains.

Mathew said as a first step, enterprises should select cloud and application vendors who follow data security best practices. It is just as important to choose software and platform providers who offer a comprehensive set of practices, technologies, and policies in data security. Service providers with security certifications such as ISO/IEC 27001 and SOC 2, provisions for redundancy and business continuity, network security, and protection measures for data center should be at the top of the list of prospective vendors.

The Zoho executive also suggested that companies should provide cybersecurity training to employees. He underscored that the latest Global Encryption Trends study found that employee mistakes are considered a greater threat to data security than external hackers and malicious insiders. The need to train employees in the appropriate ways to handle company information couldnt be overemphasized in light of the fact that many organizations employ more remote workers than ever. As experts have noted, training and educating employees act as the first line of defense that help reinforce the organizations cybersecurity initiatives. Simple tips, such as resetting the passwords of all other online accounts when prompted to change it on one site and using unique passwords for each site, could go a long way in preventing security breaches.

Another useful advice is for IT departments to constantly ensure the security and privacy of information in the cloud. Cloud storage should have a more controllable data boundary layer to help maintain the privacy and security of confidential files. One security measure is for IT departments to have an online file management software that allows IT staff to restrict documents from being shared outside of the organization, as well as specify users who can access sensitive information based on their IP addresses or cause a file shared to the public to expire after 30 days. This level of control makes it unnecessary for an employee to download any document to a local device, especially confidential files and those pertaining to highly sensitive aspects of the business.

Mathew further advised that strengthening company passwords and employee credentials must be a standard best practice within the enterprise. IT staff should make sure employees regularly change the passwords they use for cloud business products even if its not mandated by the software service itself. Documents shared outside of the organization must also be password protected and equipped with an expiration date to invalidate the password after a set period of time.

There must also be a protocol to control and manage passwords across the organization, Mathew added. Designating or even employing an online password manager could be an effective means to manage all of the organizations passwords. Business requirements often demand selective sharing of passwords with others, which could pose a risk if employees with access to privileged information leave these passwords on sticky notes or on personal email. IT departments should also clearly define password ownership internally and enlist the help of software solutions to create audit trails when a shared password is used. Furthermore, alerts should be sent to the owner of the password or to the IT department leader when the passwords to sensitive resources are accessed. At any point, IT administrators should have a clear picture of who is accessing which passwords.

While cyberthreats would remain a part of corporate life, the foregoing security protection steps offered by Zoho Corp. Gibu Mathew would prepare and arm companies against the daily barrage of breach attempts. At the same time, IT administrators and teams could be proactive in protecting valuable and sensitive company data through online, cloud-based solutions that help manage enterprise passwords, monitor employee activity and secure documents shared with other employees and external partners.

Original post:
Preparing IT teams against growing online security threats The Manila Times - The Manila Times