Businesses increasingly feel the effects of a data breach. The results range from compromise of client or customer data to third-party control over the entire business operation. The direct costs can be significant and when legal liabilities and the cost of cleanup, lost productivity and the effects of stolen data are added up, they can threaten the viability of small businesses and seriously harm big ones.
Security measures not only shield you from financial risks but also from the business impact and reputational harm caused by a breach. We present 5 actions you should take to provide legal and practical safety for your business and its customers.
Detection of suspicious files
Pay Attention!
First things first. You need to know what’s happening and what the risks are that can hit your business. The two main risks to look at here are Ransomware and Phishing.
Ransomware is malicious software that encrypts your data, hiding it from you – and then demands payment for access. Massive attacks like the 2017 global Wannacry outbreak cost companies and governments hundreds of millions in damage, from dysfunctional systems to recovery costs. There are solutions, and Nextcloud actually provides no less than two powerful tools to detect and recover from ransomware attacks, with the latter developed by researchers from the university of Konstanz in Germany. Learn more here.
Phishing is a trick used by scammers to try and get information from you – often used to impersonate you to steal from your contacts or simply to steal directly from you. Check carefully who you receive mail from and don’t open attachments or even the email from unknown contacts. Note that faking an account from an official looking account is not hard, be it from Google, Yahoo, Paypal or a business you work with! Train your employees to ask a colleague for input if they’re suspicious about an email.
Consider blocking attachments and require documents to be exclusively exchanged over your Nextcloud server. Sent Customers and partners an upload link: no more anonymous, unexpected attachments! The Nextcloud Outlook Add-in makes it a breeze to sent a public upload link to a customer and even notifies your users when the recipient has uploaded files.
Password Policy settings in Nextcloud
Security Policy
We already mentioned training employees. This goes beyond people: make sure you use two-factor authentication, have a strong company firewall and anti-virus software (Nextcloud offers built in virus scanner support). Take care to configure systems properly: computers should ask for a password to be entered after a period of inactivity, for example.
Passwords are a special thing. We’ve learned, over time, that the typical policy of picking ‘complicated’ passwords that are regularly changed does not work. People are not good at remembering random strings of characters while computers are quite good at hacking them, especially if people, on each change, just add a number at the end. P@$sW0rD16 is a far less strong password than it is hard to remember. Passphrases are the future – including the famous CorrectHorseBatteryStaple from XKCD.
Encryption is important in two ways. First, it does of course make it significantly harder to steal data. And second, it goes a long way in showing your business has done its best to secure data, decreasing liability in case something goes wrong.
There are encryption solutions for laptops and mobile devices as well as a number of layers of encryption employed by Nextcloud to secure data transfer and storage, learn more in this blog.
Backups
With Ransomware such a big threat, having good backups is crucial. While Nextcloud has versioning built in and ways to use that to recover from ransomware attacks, this is no substitute for good backups. Regularly backup your business data so you’re well positioned in case of an attack!
Retention
Nearly the opposite of backup, retention policy is usually very low priority in businesses. But there are legal reasons why some data should stay around for a certain period, while other data, like customer information or credit card data, should be deleted as soon as possible to avoid it becoming a target for hacking. Keep an eye on your retention policy! If data is stored on Nextcloud, its built in tagging and retention features can help you ensure data stays as long as is needed – and not longer.
Conclusion
Even after all these precautions, there is a chance of a security breach. Be sure to have a plan for dealing with one. The GDPR requires you to inform your users, for one, and many countries have laws that require you to inform a government agency. You’ll need to involve a lawyer to review risks, and having a plan that’s got legal review can even help you reduce liability.
The risk a data leak poses for businesses is significant, and having proper precautions and a plan makes all the difference. Think about it!
Using a File Sync and Share solution, or as they’re called these days, Content Collaboration Platform like Nextcloud means you immediately cover several of these point, but there’s data beyond what is in your private cloud.
Nextcloud Hub 9 vous permet de rester connecté. Découvrez de nouvelles fonctionnalités de fédération, l'automatisation des flux de travail, une refonte du design et bien plus encore dans votre plateforme de collaboration open-source préférée !
Nous vous présentons une mise à jour majeure de l'assistant Nextcloud IA, ainsi que de nouvelles informations sur notre collaboration avec plusieurs grands fournisseurs d'hébergement tels que IONOS et OVHcloud pour vous proposer des options d'IA en tant que service !
Bechtle et Nextcloud ont annoncé aujourd'hui une plateforme de collaboration entièrement administrée pour le secteur public, qui ne nécessite pas d'appel d'offres et peut être déployée immédiatement.
Découvrez comment passer de ownCloud à Nextcloud. Notre outil d'aide à la migration fournit des informations sur le processus de migration et vous aide à effectuer la transition en douceur.
Au cours de la dernière année, l'IA est devenue un sujet à la mode. Il y a de l'engouement, mais aussi du fondement. Il y a du positif et du négatif. Nous voulons vous offrir le positif, pas le négatif, et ignorer le battage médiatique ! […]
Le 3 décembre prochain, nous vous invitons au Nextcloud Enterprise Day Paris, l’événement phare de Nextcloud dédié aux professionnels. La journée commencera avec une keynote de notre PDG et fondateur Frank Karlitschek, un moment fort où il partagera notre vision de l’avenir de la collaboration en ligne, suivie d'une annonce majeure concernant Nextcloud Talk !
Nextcloud has been recognized with the World Summit Award Germany that selects and promotes local digital innovation improving society, aiming to contribute to the United Nations' agenda of sustainable development goals.
Maintenance updates 28.0.12, 29.0.9 and 30.0.2 for Nextcloud Hub 7, 8 and 9 respectively are here! Read an update summary and access full changelog on the website.
Nous enregistrons certains cookies pour compter les visiteurs et faciliter l'utilisation du site. Ces données ne quittent pas notre serveur et ne sont pas destinées à vous suivre personnellement ! Consultez notre politique de confidentialité pour plus d'informations Personnaliser
Les cookies utilisés pour enregistrer les données saisies dans les formulaires, telles que le nom, l'adresse électronique, le numéro de téléphone et la langue préférée.
nc_form_fields
Mémorise les données saisies dans les formulaires pour une prochaine visite (nom, adresse électronique, numéro de téléphone et langue préférée).
Les cookies statistiques collectent des informations de manière anonyme et nous aident à comprendre comment nos visiteurs utilisent notre site web. Nous utilisons la solution open source de mesure de statistiques web Matomo
Matomo
_pk_ses*: Compte la première visite de l'utilisateur
_pk_id*: Aide à ne pas compter deux fois les visites.
mtm_cookie_consent: Se souvient que l'utilisateur a donné son accord pour le stockage et l'utilisation de cookies.
_pk_ses*: 30 minutes
_pk_id*: 28 jours
mtm_cookie_consent: 30 jours