How to protect your data in the cloud
In the train on his way to visit a client, the managing director of an SME goes through his presentation one more time. He makes some last-minute changes, saves the document in a web-based filing system and sends a copy to his colleague. This is an everyday scenario for many Swiss business owners, because thanks to online-based services, otherwise known as cloud services, the office has gone mobile. But what is the price of this newfound flexibility? Aren’t we essentially just serving up our business data on a silver platter for governments and criminal organisations?
To protect your data and that of your customers from prying third parties, we’ve put together a checklist with the most important points that you should take into consideration as an SME.
Select your provider carefully
If you store your data in an external data centre, you’re reliant on an external provider. As a company, this means you hand over a certain amount of control to a third party. That’s why it’s important to take your time when looking for a suitable provider – do not be tempted for cost reasons to choose a dubious solution. After all, you get what you pay for.
Network stability and reliability
Cloud services rely on the availability of the data network. Providers can minimise the risk of technical failure by using redundant internet connections, for example.
To protect the internet connections from cyber attacks, data should be transferred using encrypted pathways. If employees need to access the local network when working externally, this should take place via a virtual private network (VPN).
Fire safety measures and emergency power generators make it possible for data centres to continue operating even in emergency situations. Ideally, the data should be stored in several locations simultaneously (otherwise known as data redundancy).
Compliance with laws and regulations
As a general rule, third parties may process the data only in the same way as you might do, as long as no legal or contractual confidentiality obligations require a different approach. The applicable data protection regulations must be adhered to, particularly in relation to personal data. The manner in which providers are allowed to process such data should always be defined in the contract – regardless of whether the provider is based in Switzerland or abroad.
Benefits of Swiss locations
Swiss law by international comparison is very strict, which has proven a real advantage for local providers. With a Swiss provider, a contact person is never far away and you’ll benefit from someone who speaks your language. Talking directly to the provider is the best way to determine whether it is trustworthy, whether it understands your company’s needs and is prepared to offer a customised solution.
Educating your employees
Shared standards, instructions or training days for your employees are relatively easy to organise and are an effective way of making staff aware of potential problems. Small informative measures can really pay off, such as a notice on how to create a secure password.