If you thought storing your small business’s data on the clouds ensured not only nearly constant access to it from anywhere in the world while also promising complete confidentiality, think again. As long as there are cyber-hackers capable of encroaching private information, there are risks associated with storing your company’s proprietary data on the clouds. Fortunately, however, steps can be taken to decrease the likelihood that your company’s cloud data will be hacked. “From a legal standpoint, we are starting to see cloud storage companies that are beginning to appreciate the need for elevated security, says Eric Griffin, a solo practitioner and former general counsel in Dallas.
Considerations when considering cloud storage
Paul Unger, a Columbus attorney and partner in Affinity Consulting Group, says there are several matters anyone considering storing confidential data in the clouds should know. According to Unger, measures must be taken to ensure a standard of care has been undertaken so data stored in the clouds is protected from hacking. Those steps include:
- Backing up data prior to cloud storage to restore data that has been lost, corrupted, or accidentally deleted;
- Installing a firewall to limit access to the business’s network;
- Limiting information provided to others to what is required, needed, or requested;
- Avoiding inadvertent disclosure of information;
- Verifying the identity of individuals to whom the small business provides confidential information;
- Refusing to disclose confidential information to unauthorized individuals (including family members and friends) without prior authorization;
- Protecting electronic records containing confidential data, including backups, by encrypting the confidential data;
- Implementing electronic audit trail procedures to monitor who is accessing the data; and
- Creating plans to address security breaches, including the identification of persons to be notified about any known or suspected security breach involving confidential data.
It is safe to store client data in the cloud, “depending on whose cloud,” says Unger. In fact, most reputable vendors offer more data security than what most law offices, legal departments and businesses do within their ranks, he says.
Another piece of advice is not to rely on the cloud service provider’s encryption keys. Instead, create and maintain your own encryption keys. In that scenario, a business owner can encrypt a customer’s file before sending it to the clouds, thus preventing a vendor from decrypting them.
Securing client data, whether stored on the cloud or in a file cabinet, is imperative and an intrinsic cost of doing business. “As more sensitive data shifts into the cloud, whether potentially inappropriate selfies of something more business-like, such as customer data, maintaining security becomes even more critical,” says Boris Gorin, vice president of security engineering at FireLayers,
He calls iCloud breaches, including the unauthorized posting of naked photos of actress Jennifer Lawrence on the Internet a “good lesson as to what not to do – not the part about placing sensitive data in the cloud, but about ensuring appropriate security measures are being put in place.”
Tami Kamin Meyer is an Ohio attorney and writer who tweets as @girlwithapen.
