Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 1 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Document Management + Email Management + Transaction Management = Mitigating the Impact of Security Breaches

by The Gurus
November 24, 2016
in This Week's Gurus
Share on FacebookShare on Twitter

Organisations today are expending (and rightly so) a great deal of money, time and effort on deploying a variety of technologies to prevent security breaches. They must however, also make similar attempts in mitigating the impact of malicious attacks in the event of a security incident, which most security professionals believe to be a matter of time – if it hasn’t already happened.
Due to the ubiquity and pervasiveness of email, it is most definitely the ‘Achilles heel’ of most organisations. Today, 91% of attacks start with an email. This is no surprise, given that phishing, ransomware and whaling all are email scams. To protect data, integrating email security with email, document and digital transaction management is the ‘low hanging fruit’ – it must be a key consideration as part of the overall security strategy of any organisation. This will add another level of safeguard to data by strongly ring-fencing it to prevent hacker access to business-critical information.
Such an integrated approach – i.e. email security + email and document management + transaction management – will streamline the processes and technology to create a strong security foundation in the organisation. Here are some ideas:

  • Email security systems are the first line of defence. They automate processes to detect suspicious URLs, identify keywords and match known sources of scams and threats to a blacklist. The problem however, is that organisations simply aren’t able to keep pace with the rapid improvement in the means of attack of cyber criminals and so despite the heightened alertness of professionals, often it is difficult to detect a malicious email. According to experts, today there are over 120 families of ransomware Hence, email security systems also establish best practices around people and processes so that in the event of a human error, the technology steps in to protect the data and the organisation.
  • Set up stringently ‘controlled locations’ in the document management system for sensitive information, protected with features such as multi-factor authentication, and encryption at rest and in motion. Should a cyber-criminal in one way or another, gain access to the organisation’s network, access to data will be restricted to authorised users in this secure environment.
  • Place further limits on confidential information in the document management system and minimise the use of standard file shares that rely on potentially flimsy passwords for security. In the document management system, apply rigorous access policies at file, sub-folder, document and email levels. This will ensure that only approved individuals can access data, regardless of where in the folder structure the information resides. For example, an employee could be granted access to a single file in a folder, barring visibility of all the other pieces of information. Additionally, consider applying automatic ‘inheritance’ to folders. So, any document added to a particular folder would mechanically inherit the security profile of that dossier.
  • Limit or even replace the use of email as a default collaboration tool and restrict unprotected consumer file sharing services (e.g. Dropbox); with similar, easy to use, auditable tools from within the document management system.
  • Enforce corporate data retention and destruction policies. This will grow in importance once the General Data Protection Regulation (GDPR) comes into full force in May 2018. Undertaking records management will help organisations know exactly what data they hold, in what format and where. Should there be a security breach, the organisation will be able to quickly inform the affected parties and the regulators, as demanded by the regulation. Crucially, it will ensure that the organisation doesn’t unnecessarily hold information it doesn’t need, which in the event of a hack could end up in the hands of criminals.
  • Utilise analytics to monitor atypical activity. In doing so, build up an accurate picture of user behavioural patterns to actively detect untoward activity by analysing their usage habits such as how many emails they typically send, what types of documents do they work on, who they correspond with, which folders they are authorised to access and so on. This is critical to the ability to proactively identify malicious activity.
  • Manage the lifecycle of business transactions through digital signatures, which are becoming increasingly important in today’s digital environment. They are legally admissible globally and are more secure than wet ink signatures. The technology is developed on industry security certification standards, such as ISO 270001, to ensure privacy of data by fully encrypting documents. It also offers authentication options and provides audit trails to support compliance.

A layered approach to security is essential today. From a data standpoint, such an approach will institute multiple barriers to ensure that even if a breach is successful, the damage to the organisation and its customers is minimal. The data will be extremely difficult to access.
 

About the Author

Roy is the Founder and CEO of Ascertus Limited. Roy has over 25 years’ experience of implementing and supporting software technologies within the U.K., European, and North American legal markets.  In 1992, Roy co-founded a software distribution company responsible for introducing the first legal document management systems into the UK marketplace. He has also held senior management positions at PC DOCS Group, CompInfo and Hummingbird. Roy was one of the UK’s first advocates of PC network based document management, imaging, and workflow systems and has spent the last 18 years advising many corporate in-house legal departments about their use of technology to improve productivity, reduce costs, and mitigate risk.  Today he is well recognised as an authority in the document lifecycle and work product management space. Follow him on Twitter @royruss and LinkedIn.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

How Do You Protect Your Perimeter When You’ve Blown it to Pieces?

Next Post

New research shows Tesla cars can be stolen by hacking the app

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information