According to a recent study by security firm McAfee and the Centre for Strategic and International Studies (CSIC), The Economic Impact of Cyber Crime and Cyber Espionage[i] the USA, the world's largest economy, loses about £65bn from cybercrimes every year including loss of key business data and intellectual property. The report also states that cybercrime costs the global economy $500bn annually and is a main contributor for dragging down economic growth across the world.
Recent research published in the UK by Ernst & Young[ii], stated that cyber-attacks are the number one threat for UK businesses. The company surveyed 1,900 senior executives and revealed 96% of UK businesses fear their security functions are not strong enough. Furthermore, 66% of senior executives feel there has been an increase this year in security incidents and only 4% of UK businesses feel they are fully equipped to deal with cyber threats.
Businesses around the world are struggling to cope with the threat of cybercrime, due to limited IT and financial resources and lack of effective security strategies. Indeed the Ernst & Young survey highlighted that 69% of businesses say they face budget constraints and lack skilled resources to deal effectively with cybercrime. Whilst it is impossible to prevent cybercrime, there are ways to minimise the risks.
One solution being adopted by many companies is ‘cloud computing’. Moving into the cloud and using a reputable provider can help address security fears and ensure that a business is afforded greater protection than if they continue with their server based in-house technology.
With cloud computing the user’s physical device - whether it is a desktop PC, laptop, tablet or smart phone - loses its importance. Data can’t be stored on any device, so if it becomes corrupted in any way, it can be completely erased and reinstalled in minutes without any data being lost. Equally, software and other applications cannot be installed by users without permission as the system is locked down. This prevents anyone from erroneously downloading destructive software or installing applications which could lead to information being leaked. It also minimises the risks of data loss if there are disgruntled employees or incidences of cyber leaks that can occur with insider knowledge.
When a company adopts cloud computing, its data and IT is managed by professional cloud computing providers who will secure it in a reputable UK data centre behind corporate grade firewalls. They will ensure audit trails are provided and perform regular data and security backups using the latest anti-virus and spam filters – all measures that will help to protect the businesses from attacks.
There are other benefits too, including cost savings, reduced administrative and personnel overheads and a more efficient setup. Opting for a managed cloud computing service completely removes the need for a business to perform any software installation and updates, which can lead to downtime, as this is all taken care of by the cloud computing provider.
However, outsourcing confidential data to a third party is perceived to be a big step, particularly when IT has always been managed in house.
Here are my tips on things to look for when moving to cloud computing to ensure your data is protected and secure.
· Work with an accredited and trusted cloud computing service provider with a good reputation. Check they have relevant accreditations such as ISO 9001 and ISO 27001 and can provide references. Accreditations are important as it shows the provider can demonstrate the highest levels of security.
· Opt for a privately managed cloud computing service, such as a Desktop as a Service (DaaS), where all data is professionally managed and stored in a secure UK datacentre behind corporate grade firewalls.
· Make sure you differentiate between public cloud services like Gmail, Icloud and Dropbox, and privately managed services. While such public cloud services are popular with many users, some customers may require more from their cloud service provider, such as knowing where exactly their data is actually stored.
· Companies using public cloud services often won’t know where their data is held and so will be moving from their secure desktop environment to a potentially less secure one. The Information Commissioner’s Office[iii] stresses that companies are responsible for where their data are held, even when using third party vendors. Organisations must know where their data are held and to take responsibility for its security.
· Fully understand how cloud computing works and the value it could bring to your business so you can weigh up the benefits and costs.
Perhaps you can never truly be sure that you can prevent a cyber-attack however, putting your IT into the hands of trusted professionals who manage it and keep it safe can reduce the risks.