Businesses increasingly feel the effects of a data breach. The results range from compromise of client or customer data to third-party control over the entire business operation. The direct costs can be significant and when legal liabilities and the cost of cleanup, lost productivity and the effects of stolen data are added up, they can threaten the viability of small businesses and seriously harm big ones.
Security measures not only shield you from financial risks but also from the business impact and reputational harm caused by a breach. We present 5 actions you should take to provide legal and practical safety for your business and its customers.
Detection of suspicious files
First things first. You need to know what’s happening and what the risks are that can hit your business. The two main risks to look at here are Ransomware and Phishing.
Ransomware is malicious software that encrypts your data, hiding it from you – and then demands payment for access. Massive attacks like the 2017 global Wannacry outbreak cost companies and governments hundreds of millions in damage, from dysfunctional systems to recovery costs. There are solutions, and Nextcloud actually provides no less than two powerful tools to detect and recover from ransomware attacks, with the latter developed by researchers from the university of Konstanz in Germany. Learn more here.
Phishing is a trick used by scammers to try and get information from you – often used to impersonate you to steal from your contacts or simply to steal directly from you. Check carefully who you receive mail from and don’t open attachments or even the email from unknown contacts. Note that faking an account from an official looking account is not hard, be it from Google, Yahoo, Paypal or a business you work with! Train your employees to ask a colleague for input if they’re suspicious about an email.
Consider blocking attachments and require documents to be exclusively exchanged over your Nextcloud server. Sent Customers and partners an upload link: no more anonymous, unexpected attachments! The Nextcloud Outlook Add-in makes it a breeze to sent a public upload link to a customer and even notifies your users when the recipient has uploaded files.
Password Policy settings in Nextcloud
We already mentioned training employees. This goes beyond people: make sure you use two-factor authentication, have a strong company firewall and anti-virus software (Nextcloud offers built in virus scanner support). Take care to configure systems properly: computers should ask for a password to be entered after a period of inactivity, for example.
Passwords are a special thing. We’ve learned, over time, that the typical policy of picking ‘complicated’ passwords that are regularly changed does not work. People are not good at remembering random strings of characters while computers are quite good at hacking them, especially if people, on each change, just add a number at the end. P@$sW0rD16 is a far less strong password than it is hard to remember. Passphrases are the future – including the famous CorrectHorseBatteryStaple from XKCD.
Nextcloud can not only enforce a password policy but even automatically check against the list of breached passwords by security researcher Troy Hunt.
Encryption in Nextcloud
Encryption is important in two ways. First, it does of course make it significantly harder to steal data. And second, it goes a long way in showing your business has done its best to secure data, decreasing liability in case something goes wrong.
There are encryption solutions for laptops and mobile devices as well as a number of layers of encryption employed by Nextcloud to secure data transfer and storage, learn more in this blog.
With Ransomware such a big threat, having good backups is crucial. While Nextcloud has versioning built in and ways to use that to recover from ransomware attacks, this is no substitute for good backups. Regularly backup your business data so you’re well positioned in case of an attack!
Nearly the opposite of backup, retention policy is usually very low priority in businesses. But there are legal reasons why some data should stay around for a certain period, while other data, like customer information or credit card data, should be deleted as soon as possible to avoid it becoming a target for hacking. Keep an eye on your retention policy! If data is stored on Nextcloud, its built in tagging and retention features can help you ensure data stays as long as is needed – and not longer.
Even after all these precautions, there is a chance of a security breach. Be sure to have a plan for dealing with one. The GDPR requires you to inform your users, for one, and many countries have laws that require you to inform a government agency. You’ll need to involve a lawyer to review risks, and having a plan that’s got legal review can even help you reduce liability.
The risk a data leak poses for businesses is significant, and having proper precautions and a plan makes all the difference. Think about it!
Using a File Sync and Share solution, or as they’re called these days, Content Collaboration Platform like Nextcloud means you immediately cover several of these point, but there’s data beyond what is in your private cloud.
“Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat […]
Read More
“When we have welcoming communities of contributors, open source software gets better and more useful to everyone.” Limor Fried, Electrical Engineer, Inventor and Founder of open-source hardware company Adafruit We believe in this ideal and love to work with our community. We are always looking to involve more people in Nextcloud, bringing in their ideas, […]
Read More
Do you want to learn more about the leading Content Collaboration Platform? Nextcloud is an on-premises, integrated collaboration platform that can work for your organization or business in all sectors from Government, education, healthcare, and many other. Meet Nextcloud at exciting upcoming trade shows from Zukunftskongress and DMEA in Berlin to EdTech Congress Barcelona in […]
Read More
Over the last years Nextcloud Talk has developed in a fantastic productivity tool, enabling teams across the globe to communicate and collaborate in chat rooms, video meetings and webinars.
Read More
Hot on the heels of Nextcloud Hub 4, our desktop client now enables users who are running the latest Nextcloud to take advantage of its improved End-to-end encryption features!
Read More
After a complaint filed by Nextcloud on behalf of a coalition of dozens of European cloud tech providers in November 2021, the German Bundeskartellamt (federal antitrust authorities) has now begun an official investigation into Microsoft to assess if the company has a dominant position in the market.
Read More
Nextcloud users know the importance of integrating different systems and tools to create a seamless workflow. Nextcloud Enterprise allows you to integrate with Microsoft environments for file storage, user directory, Outlook, Sharepoint, Windows Desktop, MS Office online server, and Teams. And now, we are excited to announce a new addition to our lineup: the Nextcloud […]
Read More“Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat […]
Read More
To aid government and business organizations migrating away from Microsoft 365, the Nextcloud Office team is looking for participants for UX studies. In particular, heavy users of Microsoft Office are encouraged to participate and provide their input so the team can identify and address the key blockers for migration. Aim of the study Nextcloud is […]
Read More
