July 5, 2019
Entrepreneurs, a checklist of your digital risks and how to master them
Do a quick audit of your business by reviewing 13 risks of data loss, misdirection,or theft.
The digital risks a company faces are numerous and diffuse. For a long time the right solution was to digitize nothing confidential; then to share nothing numerically. But the first and second strategies have become untenable for years. It is no longer possible to conduct a professional activity without recourse to digital. From then on, the question becomes: what are the risks related to my professional sharing with clients and colleagues and how to master them at best?
Controlling digital risks is complex because one must arbitrate between two dangers: that of badly protecting the shared data, which is not acceptable; and that of protecting them so well that they are inaccessible to your interlocutors and that sharing I no more possible, when speed and proximity are essential.
Based on our experience and that of our subscribers, we have defined a typology of the main risks to which a firm is exposed in its digital shares; and how these risks can be eliminated or greatly reduced. It can be a useful checklist for a quick audit of your own structure.
The 13 identified risks can be grouped into three categories:
- 3 risks result in data loss: you lose access to data that is essential for your business.
- 6 risks lead to the inappropriate diffusion of data: data is accessible to people who should not have access to it.
- Finally, 4 risks concern data theft: an aggravating factor of the previous case, since thieves will misuse this information.
This typology is not fixed: inappropriate diffusion can lead to theft, and it may or may not be accompanied by a loss.
LOSS OF DATA
1. Loss of data by ransomware: A virus blocks your computer and all related devices and encrypts all your documents making them inaccessible. This is one of the biggest risks as it cancompletely block your business activity.
The race virus / anti-virus will continue, with periodically new more and more vicious attacks, and an improvement of anti-virus software. One certainty: no virus is ever entered through a secure extranet (which is the MyCercle architecture). And if your main correspondents send their documents through this intermediary, the risk that you or one of your colleagues naively open a
false message from one of them (phishing) is very small. However, it will be useless if you continue to open attachments from unknown correspondents, or connect uncontrolled USB sticks to your computer.
2. Loss of data by improper handling of you or one of your colleagues. An impossible risk to avoid: everyone does a bad job one day.
This risk is severely limited if your extranet provides systematic and regular backups without your having to worry about it.
3. Data loss due to your company's computer failure: a server or computer that fails and is irreparable.
Technical solutions exist based on regular backups. But these backups are often based on human processes: who never forgets a backup? Having your data at home can be much more dangerou than having them on an extranet, which relies on a hosting professional for whom these backup processes are industrialized.
4. Data theft during their transfer over the internet: when your company sends them, or when it receives them in collection of customers or partners.
The solution is now simple and well known: encrypt the data during their transmission (HTTPS protocol). But we forget that this security is not present in a traditional email exchange. It is of course integrated by a secure extranet.
5. Data theft in your company or service provider. The problem is not specific to digital, but the
digital can take millions of pages with a hard drive.
The run burglars / safes will continue. One thing is certain: storing information in encrypted form at a secure host discourages all burglars and the vast majority of hackers.
6. Flight data per flight / loss of one of your terminals during a trip: forgotten mobile in a train or USB key lost in a taxi ...
The problem is much older than digital, but the digital aggravates it since you you can lose or have hundreds of files stolen in seconds
It is even more recommended today than yesterday to avoid carrying your data with you. An extranet avoids having to do it: you find your files everywhere, on any terminal.
7. Misappropriation of data by one of your collaborators.
This problem is aggravated by the digital: a dishonest or discontented employee can in a few seconds siphon the equivalent of a whole cabinet of documents. You can strongly limit this risk if your extranet, such as MyCercle, allows you to easily fix (and modify) who has access to which folders.
8. Reissue of confidential data by the person authorized to consult them.
This risk exists only in certain very specific situations, such as an acquisition audit. Your MyCercle extranet includes a "data room" option with download lock, dynamic confidential watermark, and all consultation plot. The important point is that the simplicity and low cost of this data room makes it possible to use it even for small operations. Whereas today the reality is that only very large operations benefit from "state of the art"; protection tools. Other operations - the vast majority innumber - are managed by attachments to e-mails or free portals that do not provide security guarantees.
INAPPROPRIATE CAPTURES OF DATA
9. Data capture by your IT provider. Large networks or large portals have an ambiguous attitude on the protection of your data, or your metadata (with whom you exchange) especially in their free versions. A secure extranet like MyCercle guarantees a total confidentiality commitment.
10. Third party access to data by injunction of a foreign law including the American law (the Patriot Act and the laws which took its continuation).The risk is now well known. The solution is also known: a provider like MyCercle guarantees you secure hosting in Europe.
11. Third-party access to data by diffusion error (from you or another party to the exchange). This is a human error, so eternal, but becomes very easy with a tool like digital mail box, which offers addresses where we only typed the first letters, or encourages to respond to messages without checking that the list of recipients in copy is still correct.
An extranet like MyCercle has a homogeneous space approach that minimizes the diffusion errors, in both directions. You and your co workers always know who has access to what in a space. And your guests in this space have no choice, so no error is possible: their message will automatically be sent (depending on your setting) to you alone or to all participants in the space.
12. Involuntary breach by your company of the European Data Protection Regulation (GDPR).
Your responsibility is complete in this area and no one can substitute for it. But an extranet adapted to the RGPD allows you to strongly limit your risks and let it know to your interlocutors.
13. Third-party access to data that should have been deleted.
"Internet does not forget anything"; and it is difficult to leave no trace. A secure extranet like MyCercle guarantees that the data you erase is permanently erased from its systems. And if you do not renew your subscription, all your information is destroyed within a month.