According to a report on cloud computing prepared by McAfee, up to 87% of the companies surveyed believe that the use of the cloud has contributed to increased productivity. In turn, more than half of the respondents recorded improved security of data placed in the cloud. The technology is increasingly reliable. However, ensuring full security of information includes additional factors.There is a consensus in the digital world that cloud computing is a secure solution. Experts mention a number of significant advantages of this solution over methods such as hybrid networks and internal servers. These include greater knowledge of people working on cloud services, up-to-date technology and software or lower cost for companies. We write more about the advantages of cloud solutions in the article “Cloud Data Storage and File Security”. However, the degree of data security today depends as much on technology as on whether companies and their employees who use online services will be able to recognize the threat, and whether the creators will take care of the appropriate design of the service.
The UI/UX should support data security
In this context, human error is one of the most serious challenges for the security of sensitive data. In the era of growing importance of UX (user experience), user needs for simplicity and intuitiveness of software must not compromise the technological basis of security of digital solutions. The system must therefore be simple enough for the user not to have problems with its operation, but complex enough to counteract the threats. It should also support the elimination of the most common threats lying on the operational side, in a way encouraging the user to apply good practices and educating him.
Developers indicate two basic features of a secure design: identification and authentication. In practice, this translates into using a login and a password. While passwords are not the most comfortable solution from the user’s perspective, especially on mobile devices, there is a justification for using them, especially in the case of enterprises that have to take care of protecting strategic data while sharing them.
The method we use in the FORDATA system are access links sent to users that enable them to log in to Data Room. As our system does not require installation, we can additionally hide the fact that someone is using it at all, as communication between the Customer Service Team and User is limited to email (and phone). Work in the system is done through the browser. After initial logging in, the user is asked to set his own secure password and is informed about character sequences that he should avoid in order to better secure access. Additionally, it is possible to use two-factor authentication via SMS.
Data room uses less natural resources
First of all, paper. When using VDR, you do not need to make copies of documents available for inspection, or to produce reports, confidentiality agreements, etc. There is just one link under which the user has access to all documents intended for him, while the administrator can handle many transactions simultaneously. It means significant savings of paper or its complete elimination. Ecology in the company is a comprehensive concept. Virtualization assisted by the right approach to the production of energy needed to power electronics results in an environmentally-neutral solution. For example, our company has used, among others, server providers that use produced heat to heat the floor of the building in which it is located. And that’s not all the advantages.
Using passwords is just the beginning
Even if both conditions are met, i.e. if the user is correctly identified (login) and authenticated (password), we cannot speak of full security. Threats go far beyond the login mechanism and the designer’s task is to constantly seek a compromise between user comfort and protection. The ideal situation is one where the user does not have to think about his or her security at all. In practice, when it comes to protecting privacy or company secrets, such a solution does not exist. After all, login data and authenticated sessions must also be protected.
The mechanisms supporting secure logging and protecting the data we use in FORDATA system include, for example, the need to change the password periodically, the impossibility to log in at the same time using the same login or limiting the pool of IP addresses from which it is possible to log in to the system. Each of these protections will more or less restrict the user’s freedom, but the benefits of their use are much greater.
The above list is by no means exhaustive. Depending on our work environment and existing threats, the technology must be constantly adapted. However, using even the most advanced data protection methods may not be enough. Suffice it to say that the most common reason for breaching confidentiality is simple inattention of users. In this context, it is worth focusing on another, particularly important area of security.
The user has a direct impact on data security
It can be stated with a high degree of certainty that the key to data security is the compromise between technology and proper usage practices. However, the growing level of integration of friendly design and security of software and application of good practices exposes companies to the ever increasing danger of phishing, i.e. attempts to defraud electronic data. These, unfortunately, are becoming increasingly creative and sophisticated. Data migrates to increasingly secure clouds, so criminals look for ways to reach them, impersonating, for example, a service provider, a company client, a colleague, sometimes even superiors, and use a million other methods based on psychology and user inexperience. The so-called BEC (business email compromise) attacks involve, among other things, whaling, i.e. personalized attacks on decision-makers in the company, and spear phishing aimed at lower-level employees.
In order to prevent such attacks, companies should use online services offering anti-phishing protection and introduce the already mentioned standard operating procedures into their activities, while paying close attention to every email and every link we click. The year 2020 is to be marked by an increased phishing threat. The third pillar of security that we are discussing is building awareness of this threat – at every level of the company. The Internet will not be free of cybercrime threats for a long time to come, and perhaps it will never be totally safe. Therefore, secure and even the best-planned technology will not fully protect us if we are not able to counteract the threats ourselves.
Did you like the article?
How many heads, so many ideas. That's why each of us contributes to making the content on our blog attractive and valuable for you. Discover a source of knowledge and inspiration for your business with Fordata.
Do you want to exchange knowledge or ask a question?
Write to me : #FORDATAteam page opens in new window
01 . Cloud data encryption - what to know before choosing a provider?
Technically and practically speaking, all popular cloud-based tools are securely encrypted. In fact, this means that we do not have to worry about the problem of data encryption…
02 . Can Microsoft One Drive or Google Drive replace VDR?
Can Microsoft’s and Google’s Drive replace VDR? Popular storage clouds are convenient but can they provide the same level of security?
03 . Cybersecurity - what should companies pay attention to?
Entrepreneurs today look at remote work without fear, although many could not imagine effective work outside the office earlier this year. The pandemic proved that…
04 . Flexible office - how to respond to new needs?
Companies have returned to offices with new needs. Entrepreneurs are starting to look for flexible rental models thanks…
05 . Are your email attachments safe?
The modern office cannot function without email. According to the Radicati group, a statistical employee receives 121 messages per…
06 . How to black out text in a PDF document correctly?
Document redaction has many faces – it may turn out that overwriting of the text in our document, which at first glance looks…
07 . Rules of Safety Policy in FORDATA VDR
The FORDATA team is aware that even well-secured infrastructure has no chance against any infection resulting from human error.
08 . Dropbox security - what should your business know?
Dropbox makes collaboration and sharing of documents easier but is the platform secure enough for our company to process confidential information with it? What to…
09 . Fake software aggregators – how to identify them?
Fake software aggregators and Virtual Data Room industry. See how developers try to deceive their customers with fake software comparison websites.
10 . Cloud Data Storage And File Security
The internet has become a common thing in companies’ lives. The enormity of dedicated services, fast transfers and increasing mobility…
11 . FORDATA wins the 2019 Premium Usability and Rising Star Award
FORDATA has earned the prestigious 2019 Premium Usability and Rising Star Award from FinancesOnline, a popular B2B software…
12 . Due Diligence audit using Virtual Data Room - security in your company
The process of sharing confidential information can be greatly improved by using Virtual Data Room. Preparing for an audit?
13 . What is electronic data repository?
What is electronic data repository and why to use it? Maybe you already do? Read about the features and advatnages of a good online repository.
14 . Safe alternative to Dropbox in Due Diligence
Why should I pay for VDR when I can use Dropbox?’ – our clients ask this question sometimes. Yet the answer is not that straight…
15 . FORDATA recognized with 2 IT Security Software Awards!
FORDATA got Two Awards through a renowned organization FinancesOnline, a fastest growing independent review platform.
16 . Virtual Data Room: Everything you need to know
What is a virtual data room? What benefits can we achieve by using the system in merger and acquisition transactions?
17 . GPG standard - a word on encrypting confidential data
Some users want it 101% safe. If the files we share via cloud services really need that extra layer of protection, encrypting them with a GPG standard might be a good idea.
18 . How can we help you with Due Diligence?
Time plays a major role in M&A transactions. Even the smallest improvement that saves time needed to prepare and perform Due Diligence…
19 . VDR in due diligence process
M&As are a permanent element of the economic world. Their goal is to achieve strategic and financial benefits by expanding markets, diversifying products and production processes.