July 5, 2019
Entrepreneurs, a checklist of your digital risks and how to master them
Do a quick audit of your business by reviewing 13 risks of data loss, misdirection,or theft.
The digital risks to which a company is exposed are numerous and diffuse. For a long time, the right solution was not to digitize anything confidential; then not to share anything digitally. But the first and then the second strategy have become untenable for years. It is no longer possible to conduct a professional activity without resorting to digital technology. So the question becomes: what are the risks associated with my professional sharing with clients and colleagues and how can I best manage them?
Controlling digital risks is complex because you have to arbitrate between two dangers: that of poorly protecting shared data, which is not acceptable; and that of protecting it so that it is inaccessible to your interlocutors and that there is no more sharing, when speed and proximity are essential.
Based on our experience and that of our subscribers, we have defined a typology of the main risks to which a firm is exposed in its digital shares; and how these risks can be eliminated or greatly reduced. This can be a useful checklist for a quick audit of your own structure.
The 13 identified risks can be grouped into three categories:
3 risks result in data loss: you lose access to data that is essential to your business.
5 risks lead to inappropriate dissemination of data: data is accessible to people who should not have had access to it.
Finally 5 risks concern data theft: an aggravating factor of the previous case, since thieves will misuse this information.
This typology is not fixed: inappropriate dissemination can lead to theft, and theft may or may not be accompanied by loss.
LOSS OF DATA
1. Data loss by ransomware:
A virus blocks your computer and all related devices and encrypts all your documents making them inaccessible. This is one of the most important risks since it can completely block your company's activity.
The virus/anti-virus race will continue, with periodic new and increasingly vicious attacks and improvements in anti-virus software. One certainty: no virus has ever entered through a secure extranet (which is the architecture of MyCercle). And if your main correspondents send their documents through this intermediary, the risk of you or one of your colleagues naively opening a false message from one of them (phishing) is very small. However, it will be useless if you continue to open attachments from unknown correspondents, or plug uncontrolled USB sticks into your computer.
2. Loss of data through misuse by you or one of your employees.
An unavoidable risk: everyone mishandles something some day. This risk is greatly limited if your extranet provides for systematic and regular backups, without you having to worry about it.
3. Loss of data due to a computer breakdown in your company:
A server or a computer that breaks down and is irreparable. Technical solutions exist based on regular backups. But these backups are often based on human processes: who never forgets a backup? Having your data at home can therefore be much more dangerous than having them on an extranet, which relies on a hosting professional at whom these backup processes are industrialized.
4. Data theft during their transfer over the internet:
When your company sends them, or when it receives them in collection of customers or partners. The solution is now simple and well known: encrypt the data during their transmission (HTTPS protocol). But we forget that this security is not present in a traditional email exchange. It is of course integrated by a secure extranet.
5. Data theft in your company or service provider:
The problem is not specific to digital, but the digital can take millions of pages with a hard drive. The run burglars / safes will continue. One thing is certain: storing information in encrypted form at a secure host discourages all burglars and the vast majority of hackers.
6. Data theft per theft / loss of one of your terminals during a trip:
Forgotten mobile in a train or USB key lost in a taxi ...The problem is much older than digital, but the digital aggravates it since you you can lose or have hundreds of files stolen in seconds. It is even more recommended today than yesterday to avoid carrying your data with you. An extranet avoids having to do it: you find your files everywhere, on any terminal.
7. Misappropriation of data by one of your collaborators:
This problem is aggravated by the digital: a dishonest or discontented employee can in a few seconds siphon the equivalent of a whole cabinet of documents. You can strongly limit this risk if your extranet, such as MyCercle, allows you to easily fix (and modify) who has access to which folders.
8. Reissue of confidential data by the person authorized to consult them:
This risk exists only in certain very specific situations, such as an acquisition audit. Your MyCercle extranet includes a "data room" option with download lock, dynamic confidential watermark, and all consultation plot. The important point is that the simplicity and low cost of this data room makes it possible to use it even for small operations. Whereas today the reality is that only very large operations benefit from "state of the art"; protection tools. Other operations - the vast majority innumber - are managed by attachments to e-mails or free portals that do not provide security guarantees.
INAPROPRIATE DATA CAPTURE
9. Data capture by your IT service provider.
Large networks or large portals have an ambiguous attitude on the protection of your data, or your metadata (with whom you exchange) especially in their free versions. A secure extranet such as MyCercle guarantees you a total commitment to confidentiality.
10. Third party access to data by injunction of a foreign law, including the U.S. law (the Patriot Act and successor laws).
The risk is now well known. The solution is also known: a provider like MyCercle guarantees you a hosting in France.
11. Access of a third party to the data by error of diffusion (from you or another party to the exchange).
It is a human error, therefore eternal, but which becomes very easy with a tool like digital messaging, which offers you addresses for which you have only typed the first letters, or encourages you to reply to messages for which you have not checked that the list of recipients in copy was always correct.
An extranet such as MyCercle has a homogeneous space approach that minimizes distribution errors in both directions. You and your colleagues control at all times who has access to what in a space. And your guests in that space have no choice, so no errors are possible: their message will automatically (depending on your settings) go only to you or to all participants in the space.
12. Unintentional violation of the General Data Protection Regulation (GDPR) by your company.
You are fully responsible for this and no one can replace it. However, an extranet adapted to the EDPR allows you to strongly limit your risks and to let your interlocutors know about it.
13. Access by a third party to data that should have been deleted.
"The Internet forgets nothing and it is difficult not to leave traces. A secure extranet such as MyCercle guarantees that the data you delete is permanently erased from its systems. And that if you don't renew your subscription, all your information is destroyed within a month.