Cybersecurity - what should companies pay attention to?

Entrepreneurs today look at remote work without fear, although many could not imagine effective work outside the office earlier this year. The pandemic proved that the home office trend not only keeps productivity, but also means savings on renting an office, lower bills and greater organizational flexibility. However, this is followed by new cybersecurity challenges that companies do not always remember. How to answer them?

Along with all the baggage of positive experiences and a change in thinking towards mobility, remote work also necessitated verification of information protection methods. After all, combining stationary work with work from home (the hybrid model) means an increased risk of breach of confidentiality. We use many internet access points, share more information electronically, and online contact with clients and colleagues is much more frequent. It is not surprising then that the number of cyber threats has increased globally.

According to the UN Under-Secretary-General and High Representative for Disarmament Affairs, Izumi Nakamitsu, as reported by ABC News, the number of malicious attacks using e-mail increased by 600% during the pandemic in May. It is the most popular method of phishing data and Internet theft today. However, even despite such a large scale of this phenomenon, companies can still counteract the threat using basic methods of protection. These concern not only external threats, but, what is equally important, human error, which is very easy to occur. How can we make sure that business information in our corporate environment is really secure?

Cybersecurity is an extremely broad concept. We are talking about technology, software and good practices of their use. Fatty volumes have been written about each of these topics. However, they have a common denominator, which is simply information. How we want to deal with information determines the use of one solution or another. We do not have to be experts in the field of IT to keep confidential information safe, both external and internal.

At FORDATA, we follow specific information security indicators. It is with their help that we can define what information a person can process and how. They include:

Confidentiality – it determines the importance of each document, for example, documents that can be accessed by all employees, documents that require protection against unauthorized access, to which only a selected group of employees has access, as well as extremely important documents that require special protection access to which is closely supervised. Confidentiality can be protected, for example, by using appropriate markings of documents or by encrypting documents and files, for example by using the GPG standard, which we wrote about in the article “GPG standard – a word on encrypting cofidential data”. We will always be able to determine who should have access to a given file and by what channel it can be accessed. This will protect us from information chaos and prevent data from falling into the wrong hands.

Integrity – it ensures that information cannot be changed or destroyed in an unauthorized way and contrary to the company’s internal regulations. It also specifies the extent to which unauthorized modification of a given document will result in losses for the company and possible legal liability.Ensuring integrity will allow, for example, to decide whether the information can be made available in the form of an editable file, PDF or otherwise, so that it cannot be modified by unauthorized persons but who have the right to view the document.

Availability – by this we mean ensuring that information will be available to an authorized person when needed. If your company uses email to store and share documents, you should make sure that it can also be accessed safely outside the office. It is also a good idea to determine whether the information should be password protected and to define a password policy in your enterprise.

Information is therefore in the first place and its importance determines what technologies and procedures we will use for its safe storage, sharing and processing. The aforementioned e-mail or the company’s FTP server are not always suitable for meeting the conditions of confidentiality or data integrity. Usually, we will not be able to undo sending a wrongly addressed e-mail, and the FTP server will not always be available remotely.

As a tool dedicated to the safe and controlled sharing of confidential documents, FORDATA Virtual Data Room system will more effectively meet the assumptions of all three information security indicators. Thanks to it, we are able to create a central document repository that will replace the server, and will be available from anywhere, and at the same time fully protected; on the other hand, a confidential document, even if it reaches the wrong addressee, can be withdrawn at any time or identify whose account the document was opened from. In addition, we can check whether the file has been viewed, downloaded or printed.

In our range of specialist features you will find lock-screen print, the inability to select and copy text, granting access for specific groups of users, a communication module, reducing the pool of IP addresses, and many more. Read about the benefits of working with a Virtual Data Room in the article “Flexible office – how to respond to new needs?”

Virtual Data Room is a tool protected at the level of electronic banking. Thus, with its use, the possibility of hacking is also minimized. If we want our office to gain full control over confidential documents, it is worth adopting it in our daily work – it will be equally effective regardless of the work model we use in our company.