Protecting Your Data in Digital Transformation
5 Tips to Keep Your Business Safe
Final post in our four-part series on what you need to know to stay relevant and competitive in the digital age
From increased efficiencies to improved customer experience, there are many benefits to digital transformation. So far in our series, we’ve discussed developing a strategy, performing assessments, understanding IT platforms, and using software development to take manual processes digital.
Wrapping up our series, this article will give you five tips to help you protect your data and your digital transformation investment. As organizations become increasingly digitally driven, being confident in data security is more critical now than ever before.
Is your data safe?
As organizations continue to embrace digital transformation, larger amounts of data is being created, stored and transmitted. From today until 2025, it’s predicted that the collective sum of the world’s data will grow at a compounded annual growth rate of 61% (Network World).
At the same time, 94% of enterprises are now storing data in multiple locations (Thales Data Threat Report), making it more difficult to manage. In order to protect your data, it’s important to know where each piece of data sits and who can access it.
Planning for how you will protect your data is a key part of digital transformation. Failing to account for security measures may put your business at risk for data leaks and cyber-attacks.
Tip 1: Make your data accessible by roles
Granting access to all applications to all employees is usually not necessary. Doing so may open up the potential for data to be shared in a way that you don’t want it to.
What should your customers see versus what should your employees see? Further segmenting it, do you have data that is specific to your executive, sales, accounting, marketing and human resources teams?
For example, let’s say that your company has built a dashboard to visualize your sales performance data. There would be information that your sales team would need access to like number of meetings, deals won, and prospective deals. But, there could be additional data that your company uses that would only be appropriate for the executive or accounting team to see. How you want your data to be accessed and by whom is critical to address up front to keep your data secure. It will also save you time and money over trying to make those changes later on.
Tip 2: Use single sign-on to manage application access
Another way to manage access to data is by using a single sign-on solution. Single sign-on allows a user to log in to multiple independent software systems with a single username and password. The service authenticates the user so that the person only logs into the predetermined applications to which they have been given rights. By having fewer credentials, you are increasing your data security as there is less to attempt to hack. Plus, you are better able to manage the off-boarding process when employees leave the company, further protecting your data.
From the user’s standpoint, it improves the experience as it saves time from having to log into many systems throughout the day and the annoyance of remembering multiple passwords. Also, since there are fewer passwords to contend with, it reduces downtime from forgetting and resetting passwords.
Tip 3: Have controls in place
As you automate your processes through digital transformation, you need to be thinking about out how someone might try to cause harm through a malicious attack.
How will you authenticate requests? How will you identify and prevent phishing attacks? Having controls in place is critical to preventing a negative event from happening.
As an email user, you have likely received emails known as phishing emails. 76% of businesses reported being a victim of a phishing attack in the last year (Wombat Security State of the Phish). They often look like they are coming from someone you know (usually an executive at the company) and are asking you to take some type of action with a sense of urgency (e.g., send banking information, or other sensitive information). Upon closer look, you can see that the email address is slightly different and that what is being asked of you is not something that that person would normally ask. This is a spear phishing email and one way a hacker might try to access your data.
A control you might have in place for these situations and requests affecting your HR and payroll system is a waiting period for changes. Let’s say a spear phishing email is asking your accounting staff to change an employee’s banking details for their paycheck. And, not recognizing that it’s a phishing email, accounting makes the changes. Having a four-week waiting period for this type of change to be implemented would be a successful control to have in place. Hackers usually don’t keep bank accounts open for long in order to cover their tracks. Since the change was made in the payroll system, the money would be transferred to the fraudulent account. However, the account would likely no longer be around a month later, thus preventing the money from getting into the wrong hands.
Tip 4: Know where your source code is
Through digital transformation, you will have spent considerable time and money creating an application. You may have worked with an in-house software developer or hired an outside vendor to perform the work. Either way, you will want to know who has access to the source code, where it is stored and who it belongs to. If the in-house developer leaves the company, will someone else be able to access the code? Ensure the developer has documented details that someone else can take and use, so that you are free to make changes in the future.
Tip 5: Train your team on security
Negligence and lack of protocols account for the majority of data breaches. One of the best ways to limit malicious attacks is by keeping your team up-to-date on the latest security threats. Training should cover protocols such as not sharing your password and knowing how to spot a phishing email. There are also security awareness and phishing tools available that will send test messages to the team to make sure they are correctly identifying the types of emails that should be avoided.
In our example above, security training could have helped to detect the email as fraudulent prior to the banking information being changed. In fact, 30% of phishing messages get opened and 12% of those users click on the malicious attachment or link; however, rates are as low as 5% when employees are trained to spot phishing attempts. (Verizon Data Breach Investigations Report)
Contact us for more information on protecting your data during digital transformation.
For more security tips, watch for our next blog series where we will discuss even more ways to protect your business.