Businesses increasingly feel the effects of a data breach. The results range from compromise of client or customer data to third-party control over the entire business operation. The direct costs can be significant and when legal liabilities and the cost of cleanup, lost productivity and the effects of stolen data are added up, they can threaten the viability of small businesses and seriously harm big ones.
Security measures not only shield you from financial risks but also from the business impact and reputational harm caused by a breach. We present 5 actions you should take to provide legal and practical safety for your business and its customers.
Detection of suspicious files
First things first. You need to know what’s happening and what the risks are that can hit your business. The two main risks to look at here are Ransomware and Phishing.
Ransomware is malicious software that encrypts your data, hiding it from you – and then demands payment for access. Massive attacks like the 2017 global Wannacry outbreak cost companies and governments hundreds of millions in damage, from dysfunctional systems to recovery costs. There are solutions, and Nextcloud actually provides no less than two powerful tools to detect and recover from ransomware attacks, with the latter developed by researchers from the university of Konstanz in Germany. Learn more here.
Phishing is a trick used by scammers to try and get information from you – often used to impersonate you to steal from your contacts or simply to steal directly from you. Check carefully who you receive mail from and don’t open attachments or even the email from unknown contacts. Note that faking an account from an official looking account is not hard, be it from Google, Yahoo, Paypal or a business you work with! Train your employees to ask a colleague for input if they’re suspicious about an email.
Consider blocking attachments and require documents to be exclusively exchanged over your Nextcloud server. Sent Customers and partners an upload link: no more anonymous, unexpected attachments! The Nextcloud Outlook Add-in makes it a breeze to sent a public upload link to a customer and even notifies your users when the recipient has uploaded files.
Password Policy settings in Nextcloud
We already mentioned training employees. This goes beyond people: make sure you use two-factor authentication, have a strong company firewall and anti-virus software (Nextcloud offers built in virus scanner support). Take care to configure systems properly: computers should ask for a password to be entered after a period of inactivity, for example.
Passwords are a special thing. We’ve learned, over time, that the typical policy of picking ‘complicated’ passwords that are regularly changed does not work. People are not good at remembering random strings of characters while computers are quite good at hacking them, especially if people, on each change, just add a number at the end. P@$sW0rD16 is a far less strong password than it is hard to remember. Passphrases are the future – including the famous CorrectHorseBatteryStaple from XKCD.
Nextcloud can not only enforce a password policy but even automatically check against the list of breached passwords by security researcher Troy Hunt.
Encryption in Nextcloud
Encryption is important in two ways. First, it does of course make it significantly harder to steal data. And second, it goes a long way in showing your business has done its best to secure data, decreasing liability in case something goes wrong.
There are encryption solutions for laptops and mobile devices as well as a number of layers of encryption employed by Nextcloud to secure data transfer and storage, learn more in this blog.
With Ransomware such a big threat, having good backups is crucial. While Nextcloud has versioning built in and ways to use that to recover from ransomware attacks, this is no substitute for good backups. Regularly backup your business data so you’re well positioned in case of an attack!
Nearly the opposite of backup, retention policy is usually very low priority in businesses. But there are legal reasons why some data should stay around for a certain period, while other data, like customer information or credit card data, should be deleted as soon as possible to avoid it becoming a target for hacking. Keep an eye on your retention policy! If data is stored on Nextcloud, its built in tagging and retention features can help you ensure data stays as long as is needed – and not longer.
Even after all these precautions, there is a chance of a security breach. Be sure to have a plan for dealing with one. The GDPR requires you to inform your users, for one, and many countries have laws that require you to inform a government agency. You’ll need to involve a lawyer to review risks, and having a plan that’s got legal review can even help you reduce liability.
The risk a data leak poses for businesses is significant, and having proper precautions and a plan makes all the difference. Think about it!
Using a File Sync and Share solution, or as they’re called these days, Content Collaboration Platform like Nextcloud means you immediately cover several of these point, but there’s data beyond what is in your private cloud.
Nextcloud has been recognized with the World Summit Award Germany that selects and promotes local digital innovation improving society, aiming to contribute to the United Nations' agenda of sustainable development goals.
Read More
Nextcloud has been awarded Platinum at the IT Awards 2024. Today, we celebrate this win together!
Read More
The first ethical, open-source AI assistant that can get a multitude of tasks done for you without compromising your data.
Read More
Nextcloud Hub 9 lets you stay connected. Discover new federation features, workflow automation, big design overhaul and much much more in your favourite open-source collaboration platform!
Read More
DIE ZEIT, a prominent German outlet, interviewed Nextcloud’s founder Frank Karlitschek for an article on Microsoft’s anti-competitive behaviour on the European office software market. Read for a recap of the article and the key takeaways.
Read More
MagentaCLOUD’s migration to Nextcloud in 2021 resulted in a fully equipped Online Storage with an integrated online office suite that further improves the user experience, flexibility and security for customers.
Read More
We bring you a major update to the Nextcloud AI Assistant, plus the news we work with several big hosting providers like IONOS and OVHcloud to bring AI-as-a-Service options to you!
Read More
Bechtle and Nextcloud announce today a complete managed collaboration platform for the public sector that requires no tender and can be deployed immediately.
Read More
Discover how to make the switch from ownCloud to Nextcloud. Our quick guide provides insights into the migration process, helping you make the transition smoothly.
Read More
Today, US-based file sync & share vendor Kiteworks announced their acquisition of ownCloud and Dracoon. Kiteworks points out that their customers now have access to their file-sharing application. It is to be expected they will not maintain 3 similar products, but customers will have to migrate to the US firms’ platform or look for another […]
Read More
Nextcloud founder and CEO Frank Karlitschek earns the honorary SFS Award at the 20th annual SFSCON taking place in South Tyrol, Italy.
Read More
As part of Schleswig-Holstein's state digitization strategy, the state chancellery has announced they will work with Nextcloud to develop AI for working with government documents. This comes just after we announced the first private AI assistant last weekend with Hub 6. The German state already uses Nextcloud and their AI strategy aligns with our work on ethical, local AI technologies.
Read More
Over the last year, AI has become a popular topic. Some is hype, some is substance. Some is good, some is bad. We want to give you the good, not the bad, and ignore the hype! AI has a ton of opportunity – but also risk. So we put you in control – off by […]
Read More
On December 3rd, we invite you to the Nextcloud Enterprise Day Paris, Nextcloud's flagship event for professionals. The day will kick off with a keynote by our CEO and founder, Frank Karlitschek—a highlight where he will share our vision for the future of online collaboration, followed by a major announcement about Nextcloud Talk!
Read More
Maintenance updates 28.0.12, 29.0.9 and 30.0.2 for Nextcloud Hub 7, 8 and 9 respectively are here! Read an update summary and access full changelog on the website.
Read More
