Going through the digital transformation is a big step for any company that has been running on paper, filing cabinets, and telephones. If you’ve recently been through this experience or are planning your digital transformation right now, you know that transferring from paper to a DMS may be a big task, but it’s also only the beginning. The more you move your business to an online and software-controlled environment, the more you actually become a part of the digital business world. From document automation to social media marketing, your options and opportunities are endless as the digital world expands before you.
However, joining the digital world is not all automation software, online customers, and new business partners. Like any public environment, there are also risks. Just like carrying cash and wearing flashy jewellery can make you more of a target for pickpockets, doing business in the digital world can make you a target for hackers. This is why a good half of all business IT is related to cybersecurity, the art of protecting your data, programs, and network from hackers and their malicious software known as ‘malware’.
Hackers are Everywhere
No, we’re not being dramatic for effect. Hackers and the self-perpetuating harmful programs they release onto the internet are everywhere, often disguised as other things, and they are more than capable of damaging or completely ruining a business. While we’re not here to tell ghost stories, it’s important to understand the risks of insufficient cybersecurity. If your network is compromised by a virus or malware, one of four things can happen:
- The virus can delete (worm) or encrypt (ransomware) all your files, rendering them useless.
- The virus can hide, take root, and use your resources as part of a bot-net or email spamming sub-network
- The virus can junk up your computer with adware spam, rendering the machine useless.
- The virus can steal company secrets, customer personal data, and credit card numbers for fraud and possibly get you sued for data breach.
All four of these options can occur on one infected computer or the virus can take some time to spread to the entire network before triggering. While every option is bad, the worst for most companies are file destruction and data theft with bot-netting coming in as a distant third because it can get your IP address blacklisted. But the real problem is that hackers are getting tenacious and, believe it or not, much more vicious than they were back in the 90s when the hacker culture first formed.
The most important thing to understand about hackers is that they are subtle, determined, and they don’t care who they hurt. Hackers have ransomware’d hospitals where deaths could have occurred in order to get a guaranteed payout, they have destroyed careers of targeted employees with phishing tactics, and they have ruined companies by stealing thousands of customer credit cards at once. Hackers are everywhere and they are out to hurt businesses, sometimes for cash, but often just because they can.
Basic Cybersecurity vs Business Cybersecurity
No doubt you’ve heard about the hackers and you’ve heard about the importance of keeping your freshly digitised data and documents safe, but do you know how to secure your company? If you don’t have an experienced IT team or an outsourced IT service yet who are on the ball and cranking up your cybersecurity measures, it’s time to get started.
Standard cybersecurity, the kind that most people have on their home computers, consists of a firewall and anti-virus software. What these do are primarily to make it much harder for unwanted programs and users to access or infiltrate your network. The firewall tends to close ports, block downloads, and question software permissions while the anti-virus scans your computer regularly for known virus-type programs and lets you know if it finds something that should probably be removed.
However, this is only the basics. While firewall and anti-virus programmers are doing their best to keep up with the hackers and block all avenues of attack, hackers are also doing their best to stay ahead of the basic security measures and are constantly inventing new tactics. In order to prepare your business for not just the known attacks, but literally any kind of digital hack, you need business-level security which is a combination of tools and techniques put together by thousands of security admins across the world and shared when it works.
PCI-DSS Compliance for Payment Card Security
One of the most important parts of modern business cybersecurity is protection of payment card information. Dealing with credit cards, both in-person and through eCommerce, is a complicated issue involving card reading, payment processing, and often card number storage for convenient return business. While companies are responsible for keeping payment card data safe to protect customers from fraud, hackers have figured out how to steal numbers at every step in the process. They’ll skim it off your card reader, they’ll look at the data packets sent to your point of service device or catch the numbers as they’re sent to your payment processor. Or, if that doesn’t work, they’ll try to hack your database and steal a bunch of numbers at once.
Needless to say, the payment card industry was not thrilled by the thousands of stolen card numbers, especially in the recent hack of over 100 American hotels. This led to the PCI-DSS or Payment Card Industry Data Security Standard. If you follow these guidelines, your payment processing is guaranteed to be as safe as today’s technology can make it.
Cloud Backups for Data Recovery
So you’ve recently digitised and now all or almost all of your data is stored in nicely ordered business management software like a DMS, CMS, EMS and so on. However, there are two ways to handle your business software and data and a very important distinction between them. The old way is to keep everything on your local network, installed and stored on local servers and workstations. This is incredibly reliable and gives you a great deal of control over your digital environment, but it’s also unfortunately insecure in one key way. Anything bad that happens to your local network or the building itself will take out your entire business worth of data. This is true of both file-destroying viruses like ransomware and natural disasters like hurricanes or earthquakes.
Instead, do your best to work with as many cloud-based business software solutions as possible and for everything that is stored locally, make backups and store them on the cloud. A cloud-based DMS, for instance, is already safe because all your files are stored on several servers around the world and with cloud-stored backups of everything local, you can technically ‘restore’ your office from any location because your backups will be accessible from anywhere and safe from local threats.
Network Monitoring for Anomaly Detection
Firewalls and anti-virus software can keep out most of the standard threats but some hackers and their programs are incredibly sneaky. If one slips in through a successful phishing expedition, a malicious website link, or even straight-up cracking into your network, well-designed malware can theoretically hide on your network for months syphoning data, stealing resources, building a botnet, and sending information back to the origin hacker. If the program is built to hide itself, disguise its processes, and only use resources when everyone has gone home it can be incredibly hard to catch. Unless you have network monitoring.
Network monitoring is a sort of catch-all for any anomalies in your network because what it does is simply watch and analyse absolutely everything. Network monitoring can technically see details ranging from workstation hardware temperatures to the individual packets coming and going between workstations, your internal network, and the internet. Using this tool, you can detect the signs of hidden viruses using network resources and sending packets that no employee would send.
Encrypt Everything for Breach Protection
When talking about PCI compliance, we mentioned that hackers have found a way to breach business cybersecurity at almost every level in order to payment data, but we didn’t cover how to cope with this outside of protecting your payment card processing. Hackers also use the multi-level approach to steal user passwords sent in plain text by unsecured mobile apps, to crack into hotel and restaurant networks through their guest wifi, and of course, they’re always looking to steal a database full of names, phone numbers, and birthdays for a little opportunistic identity theft.
The answer? Encryption. Encrypt everything from the moment you come into possession of the information. Encrypt passwords when they’re entered into the text box, encrypt customer information the moment they hit ‘submit’, and encrypt absolutely everything you already have in digital storage. This turns your precious data into “fairy gold”. That is, even if a hacker steals an entire database of information you don’t want them to have, they can’t read it! Without your encryption key, they could have terabytes of data that theoretically holds trade secrets or customer personal information and it will be nothing but gibberish characters to them. Like the fairy gold, it turns to nothing but leaves and dirt in their hands.
Employee Cybersecurity Training
Our final point on how to update not just your file management to the digital world, but your entire approach to doing business is about your staff. When you’re protecting customer and company data, remember that hackers are people who are more than capable of tricking your employees into all sorts of data mishandling by pretending to be a customer, coworker, or boss. Phishing emails with malware links are a common approach, as are whaling emails posing as the employee’s boss that can cause employees to email ‘back’ private information. Hackers have also taken the place of common con artists with tricks like pretending to be a customer they’re not in order to trick an employee into showing them (sometimes in person) that customer’s private account information.
In other words, cybersecurity is not just a concern for the IT department, it’s for everyone and your employees need to be prepared. Make sure everyone from the teenage interns to the CEO has been briefed on cybersecurity practices and how not to get phished, whaled, or conned.
Going through the digital transformation is an incredible leap for any business, whether you’re an ambitious startup, a well-established small business joining the digital world, or a large old firm updating to meet modern business standards. Just remember that as exciting as the transformation and all that new-found streamlining and automation can be, that cybersecurity should not be under-prioritised. For more news, information, and advice on business tech and digital transformation, download our guide here: