Siobhan Leathley| Stuff
Small business owners using cloud technology may be unwittingly exposing their data to unnecessary risk, says IT specialist.
Technology company Optimizer HQ, chief executive Manas Kumar said many cloud-technology users still had the ‘desktop based mindset’, so continued to store important information here.
Forgetting that cloud technology helpdesk staff could directly access this data during service calls.
Depending on the service provider and the information stored, helpdesk staff could potentially view all customer, financial and other data in real time when they were contacted with a query.
“We may go to great lengths to password protect our cloud data from being hacked, and yet there are situations when we expose too much of our sensitive information to people we have never met”, Kumar said.
NetSafe Cyber Security project manager Chris Hails said it was easy to sign up with a provider, and not consider the necessary risks and precautions that need to be taken.
However, he said owners must remember that they are obligated to protect any stored customer data under the Privacy Act.
Therefore they were expected to complete the necessary due diligence when storing important information with a third party.
“It’s their responsibility to protect their customer information,” he said.
The Privacy Commission spokeswoman, Annabel Fordham, said owners needed to check how much information their service provider’s staff could remotely access.
“Your cloud services solution may not involve the provider accessing your information at all. And some access to information will be relatively innocuous – such as shifting files around to optimise performance.”
But owners still needed to ask, she said.
“If your cloud provider’s helpdesk accesses your PC remotely, you should treat the call as you would when physically taking the computer into a repair shop – don’t leave documents containing personal information open for people to see when they log in.”