EFPR Group, LLP

For over 60 years, our knowledgeable and experienced team of CPAs and business consultants have been serving individuals and businesses in Western New York and around the nation.

  • EFPR Group, LLP was founded on the principle of improving the lives of our clients by providing superior guidance, extraordinary service and creative solutions.

    Visit EFPRgroup.com

Should You Trust the Cloud with Your Information?

by Jim Marasco, The Daily Record, October 2014 As private celebrity photos begin to flood the Internet, questions about security and privacy have captured the headlines. How did hackers gain access? Who’s next? Can any of us trust storing information in the cloud?

What is the cloud?

The cloud is simply a grouping of computers on the Internet. It offers companies and individuals an alternative to storing data on external hard drives or servers. In most cases, cloud storage is more convenient and cost-effective than traditional servers and hard drives. You’ll have the ability to access, sync and save data across multiple devices connecting through the Internet.

Choosing a cloud provider

As more consumers use services such as Dropbox, iCloud, Amazon Cloud, Box.net, etc. – are they making themselves more vulnerable? If the cloud is in your future plans, you should consider the following:

  • The cloud company’s reputation and security protocol.
  • Your capacity requirements and the associated cost.
  • Data encryption uploading and downloading from the cloud
  • Data encryption when stored in the cloud.
  • How access to your online folders are shared with other people.
  • Legal rights if the cloud provider is hacked or data is lost.

When considering a cloud solution, keep in mind that data that is protected by law (financial data, medical information, etc.), should not be stored in the cloud unless it is encrypted. You should also ensure that if your cloud storage works through a Web application, look for “https” or the padlock beside the URL in your browser. The extra “s” indicates that the connection is using secure HTTP.

Safeguarding data in the cloud

Once you decided on a cloud provider, keeping your information private and secure should be top priorities. You can protect yourself by adopting some simple safeguards.

  • Pick a strong password utilizing a combination of at least 8 uppercase, lowercase, numerical and special characters.
  • Don’t share your passwords with others. Don’t give them out to anyone, even someone claiming to be from technical support. Hackers have become especially adept at mastering social engineering to obtain access to networks and accounts from the users themselves.
  • Refrain from using the same password for all your accounts and periodically change them. If a site is hacked and your password is stolen, you wouldn’t want them to have access to all your accounts.
  • Safeguard your passwords. Don’t keep them written down where they can be lost or easily obtained by others. If you’re going to keep track of them in a master file, password protect that file and don’t call the file “passwords”! Resist enabling the “save this password” feature on sites.
  • Use two-step authentication. Many services including Apple have this option available if you elect it. Two-step authentication requires two security features to access your account. These can include answering a pre-established security question, entering a password on a recognized device and entering an authorization code from a text or email that is sent to the user before allowing access.
  • Safeguard your device. The greatest risk to data piracy is actually from your devices. Contrary to initial reports and celebrity tweets, most of the recent celebrity hacks are occurring at the device level. If you’re moving pictures, files or other data from your phone, mobile device or computer to the cloud, they also need to be safeguarded. Strong passwords, account locks, up-to-date operating systems and secure network connections provide the greatest protection to your data. For example, if you’re running iOS 7 or higher on your Apple devices, your data is encrypted even if it’s copied off the device (as long as you have a passcode set). Earlier versions may not offer this protection.

Access to your data

Once you’ve chosen a cloud provider who encrypts your data, offers two-step authentication, etc. – are you fully protected? There are always risks that if a cloud provider holds the encryption keys, a rouge employee or the government can decrypt and view your data. According to a Computerworld article, in 2012, Google and Microsoft received nearly 100,000 separate requests for data from the U.S. government. As a result of Freedom of Information Requests made by the American Civil Liberties Union, they learned that the FBI, U.S. Attorney’s Office and the IRS have been accessing people’s email accounts, sometimes prior to a court order. Therefore, be mindful of what you’re saving if your intent is to shield it from the prying eyes of the government.

Is the cloud worth the risk?

If you decide to move to a cloud platform for your business or for personal electronic media storage, evaluate the risk, benefits and alternatives. Recent hacking reports have not only been embarrassing to the victims, but can prove costly to their careers and businesses. Private pictures, videos and critical personal information that could prove disastrous if released to the public might be best saved on an encrypted hard drive stored in a locked spot. They should also be permanently deleted from every device in which they were saved. It’s tough to make anything 100% secure, but by taking the safeguards discussed including researching the platform, provider and locking down your devices and access points, the cloud can offer significant advantages over traditional methods.

James Marasco, CPA, CIA, CFE, is a partner at EFPR Group, Certified Public Accountants and Business Consultants.

Call us today

585.295.0550