Whether you’re a business with sensitive data that requires organization or an individual with an affinity for personal programs, avoiding the cloud seems nearly impossible these days. But using cloud security—a remote, web-based data storage system—comes with just as many risks as it does benefits.

“You see it on the news every day: Constant attacks on people’s networks and information systems,” says Lonny Anderson, chief information officer of the National Security Agency (NSA). After all, the number one question their team gets about the system centers on whether the cloud is even safe.

Thus, taking a few simple steps can help minimize potential hacking, phishing and the like within the model.

1. Mesh your needs with your cloud provider’s

Optiv's VP of Cloud Security, J.D. Sherry says that “typically, adopting cloud computing platforms is seen as a way to increase the overall productivity of an organization, whil also reducing expenses. However, many often struggle with factoring in enough planning time to mitigate potential resource gaps and a possible increase in risk posture, due to moving workloads to a third-party provider.”

Neal Ziring, technical director of information assurance for the NSA, points out that making one’s security needs clear at the onset of a cloud computing contract is essential. Knowing who’s responsible for what, especially in the event of a hack, is equally important.

Breaking things down into two buckets—what you expect the cloud provider to do and what you still expect to do for yourself, and putting that in writing—may be the simplest way to go about dividing responsibility.

2. Being organized

“In a cloud environment, being explicit about the rules of data can also help ensure safety,” said David Hurry, a cloud strategist for the NSA. Tagging data that places it in a certain rack offers one way to keep information organized.

Adopting a cloud security model can change the way businesses operate. Namely, recognizing that in a cloud system, organizing items not only based on their physical nature but also on their function is crucial.

3. Review your contract closely

What information gets logged and what doesn’t? How long is information retained? Who gets to share and see what data, including passwords? What protection is in place, and how is the person controlling those data being monitored? That’s just a handful of questions that should be answered in a cloud security contract. “Having a crisis control plan of sorts for when a data breach may occur, and ensuring that notifications are made in a preset manner, is another area to consider," Anderson said.

4. Take hands-on steps to protect yourself

“For individual cloud users, most critical is practicing good security hygiene on the systems under your control and the cloud services you employ,” Ziring says. Using cloud service for storing data for what it’s intended is an easy way to do so.

Hurry added that encryption is only part of the larger security model that individuals and companies can use. “IT [encryption] alone won’t be sufficient,” he adds. “It offers strength, but it’s how you use it and where you put it and manage it that matters.”