Even the most secure safe in the world only works if you close the door properly and remember the right combination. This picture can easily be transferred to IT security, because the sticking point here is often the human being. Cooperation between users is required in order to fully exploit the potential of tools and processes to defend against attacks on company data.
Last year almost all knowledge workers worked from the home office, which posed completely new challenges for SMEs in terms of IT security. Digitization switched to the fast lane overnight. That has moved us forward, but has also taken its toll. The topic of security is more topical than ever!
Not so long ago, for example, the networks of the Funke Group, the Madsack Group and Radio Energy fell victim to cyber attacks. The meat manufacturer JBS paid cyber criminals who paralyzed the company’s IT using ransomware € 11 million in cryptocurrency. Carbon Black reports that 94 percent of companies worldwide have been affected by a data breach in the past 12 months.
The fact that, according to PCI Pal Global Research, 41 percent of consumers claim that they would never return to a provider after a one-off violation shows all the more the importance of ensuring that companies do everything in their power to ensure Avoid safety concerns. Protection against virtual attacks is and will therefore remain one of the highest priorities for IT decision-makers.
EXTRA: Cyber security: How to ward off DDoS attacks
Better protect data and processes from risks
Although small and medium-sized companies have mastered the rapid transition to the home office, IT security must under no circumstances be disregarded. Because even decentralized endpoints and IT resources must be reliably protected. In contrast to large companies or IT-native companies, SMEs themselves have less technical know-how and fewer financial resources to fall back on. In addition, they cannot launch a huge arsenal against cyber attacks or have their own IT security architecture put through its paces using a penetration test.
Nevertheless, data security must be guaranteed. Managed security, i.e. outsourcing IT security tasks to professionals, is an inexpensive and worthwhile alternative for SMEs. Despite all firewalls, VPNs and zero trust guidelines, people themselves remain an unpredictable gateway and thus a security risk. This risk can be reduced with intuitive tools that can be easily integrated into existing processes and an accompanying safety culture.
IT security: strong walls, weak gates?
One of the tools that carry security in the genetic code are cloud-based password managers, which store access data and passwords securely across all devices. The only password you need to remember is the master password. Most password managers even offer help in terms of rememberability with secure emergency backups. Reminder functions help to change the passwords regularly.
The new standard also means that security tools are now two-pronged. This applies to consumers and business alike to a different extent, for example in terms of storage capacity or the use of features that are available.
In combination, two-factor authentication offers a second level of security. This can be assigned via the password or the PIN. There are many forms of authentication here, including:
- Authentication apps
- Push notifications
- Software token
- voice-based authentication
- and much more.
In most cases, however, the extra layer of security is a code that you will receive via text message.
My recommendation: motivate your employees to also use a password manager for using private accounts. You can also pay the annual costs. A manageable amount, but especially in the home office, it warrants an extra helping of IT security. Especially in the home office, where employees may use company devices for private purposes.
You don’t let everyone into your house, do you?
The control and management of access rights to folders and files has to be done thanks to rights management tools such as:
- Access Rights Manager
- Dropbox admin console
not an opaque thicket in which only IT system administrators can find their way. On the contrary: They make identity and access management much easier and make the security aspect accessible to everyone.
What the tools have in common is that you can exercise control and traceability over file and document access. You can also assign employees specific roles, such as:
- the mere right to pure observation
- to edit
- also for download
Owners of a shared folder are able to prevent users from inviting others to a folder.
Detailed audit logs can be used to understand how data is shared with individuals inside and outside the company. Comprehensive filters and search functions enable targeted investigations into data usage. In this way you tighten the safety net and make tracking and traceability much easier.
My tip: From a cultural point of view, you can set very clear rules of the game and classify data types according to confidentiality. If employees find a security breach or vulnerability, you should positively encourage them to report it. In this way, they can identify themselves as the guards of the company. At Dropbox, for example, the team that reported the most phishing mails to IT security receives an award once a year. Get creative too and defuse the threatening or annoying nature of the topic of security. So you get everyone on board.
Safely signed from the employment contract to the certificate
It is reminiscent of a detective film in which a suspect’s garbage can is searched for important information – but industrial espionage is actually not a Hollywood fairy tale, it is a serious threat to companies. Especially in the home office, where no (GDPR-compliant) shredder is available, thoughtless paperwork with signatures on paper that should be processed by the post office can become a dangerous gateway for espionage attacks.
The qualified electronic signature (QES) is a small tool with a great positive influence on the speed of processes, which at the same time guarantees new standards in terms of security and traceability and creates trustworthy legally binding effect. Only state-certified qualified trust service providers (VDAs) are allowed to carry out such a QES.
Years ago, the legal basis was created with eIDAS and UETA. Completely different from the fax – signatures transmitted by fax were never legally valid – these are also GDPR-compliant. By means of time stamps, QES offers all contractual partners transparent insight into and information about the change history at any time.
Many companies already use QES completely for all signature-relevant business processes from A for employment contract to Z for certification. The signature procedure is done with a few clicks – signature, copy and filing can be done within a few minutes. One can easily imagine how much loss of time and inconvenience companies are saved by the smart and secure signature workflows.
Electronic signatures for more IT security
Thanks to IDnow’s personal identity verification and digital certification by the Trusted Service Provider (TSP) on the European Trusted List (EUTL) Namirial, tools today offer the highest standard of legally binding electronic signatures with QES. So nothing stands in the way of a virtual visit to the notary or the fully virtualized process relating to the digital land register.
A good example is provided by the Hamburg provider for digital real estate investment Exporo, which has relied on a smart workplace from the start and now with around 200 employees on digital workflows. Internally, for example in onboarding processes, or externally – for example when exchanging data with customers and external stakeholders – short communication channels are the top priority. It is evident that eSignatures are indispensable in the time-critical real estate investment business, which is why Exporo is digitizing its signature-bound document process using the eSignature solution HelloSign, which is part of Dropbox.
Low-threshold access to the highest security level
Nowadays we need secure security tools that can be seamlessly integrated into the existing framework. In order to be able to really strengthen the natural defenses of a company, these tools must be easily used and accepted by employees and customers. Because the ease of use of the tools not only increases acceptance, but also provides a good starting point for further promoting security-specific awareness among employees.
When companies close the vault’s door to their data treasure with the help of intuitive tools, employees are no longer a security risk, but part of the solution and make a valuable contribution to its protection. In this way, they actively help to ensure that the entrance gate reliably keeps people tight.
EXTRA: Cyber Security Awareness: 5 tips on how to make your employees aware