Have you ever considered the amount of confidential information you give to a company when you get hired, and what could happen if that information is seen by people other than your employers who are qualified to examine it?
Let’s face it: there are more data risks for businesses than we like to think, including risks with employee data. We’ve seen more and more data breaches where hackers have obtained massive amounts of employee data to exploit for their monetary gain. Maryville University points out in detail that the “Top vulnerabilities in 2017 include[d] cloud-based systems, social media, and other web and business applications.”
There are policies and laws with employee data privacy in mind, and privacy requirements are generally abided by. But in the off chance an outsider wants to obtain your information illegally, or simply because it’s not stored securely — it can not only be a problem for your company but can affect you directly.
With innovations to the internet, data storage, and data access methods, cloud computing has become a favored way to handle an astronomical amount of sensitive data. Software integrated with cloud computing is cutting operational costs, the time it takes to access employee records, and — since it’s all on cloud storage, eliminating physical copies and servers — saving space.
And while the cloud allows saving costs, time, and space, one question that comes up when sensitive material is held off-site is: How secure is your data? This post will consider some of the sensitive material a company asks of you as an employee, as well as storing that information on the cloud and the security measures in place to keep your documents protected.
When your company considers you for employment, sensitive information — that, if fallen into the wrong hands, could be detrimental to you — is required for onboarding. Information such as your social security number, banking details, background check reports and more have the potential to be obtained, and the risk of having your identity and money stolen is a possibility. This is just the tip of the iceberg of the substantial amount of personal information your employing company is tasked to successfully keep confidential.
Your health and medical records are also kept and documented during employment. Your employers are not only expected to keep these files safe but must protect this information under various laws. Disabilities, workers’ compensation, medical exams, and drug testing results are all data held and protected. This is not to say that your information can’t be obtained from an unethical person who is actively looking for it, especially on an unsecured network. If this information is accessed illegally, it could be damaging to you.
Another category of information in which you, an employee, would like to keep out of the public eye is workplace investigative findings. Even something as innocent as an annual performance review is filed away permanently. Imagine if you were harassed or discriminated against. No one except the professionals who are qualified to know and the people involved should hear of the incident. However, this information could be obtained, for whatever reason — invading your privacy.
All of the above information is data that is increasingly being stored in the cloud. This data storage, as of recently, is becoming integrated with cloud computing for the enormous benefits of cost and accessibility. But, do the benefits of cost efficiency and availability for your company outweigh the concern for your sensitive data to be potentially accessed by cyber attackers? The answer might lie on how an analysis of how the cloud works and how your company chooses to store its data.
The truth is that the cloud is not just one thing; there are three separate ways of storing your company data when integrating with cloud computing: public, private, and hybrid. There are also many options for you to consider when a company chooses to store data, including yours, in the cloud. There are several ways your company can choose its storage services.
Public cloud computing is used for information that doesn’t necessarily need to be kept secret. Public data storage costs less but is shared throughout a multi-tenant environment, which means your data gets stored among others in the same hardware. It has a pay-as-you-go policy in which companies can easily scale how much storage you want to purchase depending on needs. It costs less, but it is immensely harder to detect exactly where your data is located — which is pertinent information for security purposes.
Private cloud computing is where people with concern about privacy should store sensitive data. Hardware (and therefore data storage) is purchased and owned by an individual or company. Access is only granted to users of that individual or company’s network, making it easier to pinpoint the hardware, and therefore users, when something is wrongfully accessed.
A hybrid of the two can be chosen to pay-for-play, in which an individual or group can share in owning a portion of private hardware. It is still more secure than public cloud computing — however, sharing data storage with multi-tenants brings the ability for them to access information that is not theirs.
Your Sensitive Information on The Cloud
Now that you have an understanding of how a company can choose to store your information in the cloud, an important note needs to be made. When your employing company decides to enlist in cloud services, those services include IT professionals who are trained in precautionary measures to prevent data breaches — or, at the very least, minimize the damage done. Encryption, malware detection, and levels of password protection are all implemented when storing in the cloud. Now ask yourself, are all these things implemented when storing data on your computer at home?
Even if they are, it is probably not to the same degree of protection that an IT professional can maintain. The fact is, that with any sensitive data stored anywhere there is potential for it to be stolen and used against you. Hackers are always looking for a way to obtain information to you, and chances are that if you are a victim of a cyber attack, it will be the result of user error. It is up to you to know the precautionary measures to keep your data safe to prevent user error and therefore, cyber attacks.
Data and network security for your data will be an ongoing battle — whether it’s in your hands, or your employer. You are personally responsible to keep your data safe, but as an employee, some storage methods are out of your control. When you store any data, whether on or off-site, if the right security measures are in place, your information will remain safe. So, it should be stated that if you have concerns about storage on the cloud, the same concerns should be raised about storing your information personally.