DM1907

More documents

Recommendations

Info

Dm STRATEGY: SECURITY Once more unto the breach? Jonathan Richardson, managing director of Russell Richardson, describes some of the security issues and potential solutions around paper and digital files As technology advances, implementing a thorough online security system has never been so important. Despite efforts to make devices and software safer, there was a reported 125% increase in cases of identity theft between 2007 and 2017, the majority of which occurred online. Cybercriminals are using inventive methods to hack into people's computers and steal valuable information. In 2017, hackers stole a piece of software developed by the US National Security Agency for exploiting vulnerable Windows systems and corrupted more than 230,000 computers with a ransomware known as WannaCry. Victims were forced to pay the attackers $300 in Bitcoin to get the files back. If this wasn't paid after three days, the amount doubled and after a week, the hackers permanently deleted the files. The incident also hit a number of high-profile corporations across the globe. It cost the NHS a reported £92 million in lost output from disrupted services and additional IT support, affecting around one-third of hospital trusts and 8% of GP practices. Companies that lose such important information - whether digitally or on paper - can be at risk of breaching GDPR, the European Union data protection regulations implemented in 2018. It's crucial to educate employees about the risks of losing sensitive business data, as well as ways to identify threats and protect information. SECURITY FIRST Businesses that store documents in digital formats or online in the cloud could be exposed to cyber-attacks if their devices or software are outdated. Software needs to be updated regularly, otherwise it could become incompatible with file formats and render important documents inaccessible. This could result in extra costs for businesses if important files need to be converted to a usable format. "Not having up-to-date and patched software is a big problem," said Duncan Sutcliffe, director of Sutcliffe & Co Insurance Brokers. "When your computer suggests you install an update it's usually because the software company has found a problem which allows criminals to operate and the update will 'patch' this hole. Older systems like Windows XP are no longer supported so no longer get patches." Digital files should be passwordprotected and made only accessible to the necessary employees, who should receive proper data security training. Zain Ul-Haq, head of cyber-security at Cyfor, comments: "Countermeasures don't just stop at the technical. Companies can prevent or mitigate inappropriate behaviour by staff by carrying out a reasoned risk assessment. We are still seeing businesses lack proper systems for handling and destroying data, use untested and inappropriate backup processes, grant administrator rights to all users, share passwords, and allow employees to connect personal devices to company networks. Gone are the days when companies could pass the headaches of cybersecurity to the IT department. It's absolutely a business risk which one department or person can't handle alone - it's a team sport." Despite the growing popularity of paperless offices, many businesses still rely on paper records. Industries such as law, finance, and real estate still depend on physical documents in their day-to-day operations. Even with a stringent storage system in place, these documents are still at risk of theft when kept in the workplace. Businesses can use an off-site archiving facility to store documents they are legally obliged to retain for a certain period of time - such as financial records - but don't require frequent access to. Off-site archiving services monitor all records continuously by CCTV and restrict access to securitychecked staff only. For a full audit trail, a scanning system logs any documents that staff move or retrieve. It's essential that companies organise and keep wage and salary records in a secure location for the retention period of six years, before disposing of them properly. 30 @DMMagAndAwards July/August 2019 www.document-manager.com
STRATEGY: SECURITY Dm "DESPITE THE GROWING POPULARITY OF PAPERLESS OFFICES, MANY BUSINESSES STILL RELY ON PAPER RECORDS. INDUSTRIES SUCH AS LAW, FINANCE, AND REAL ESTATE STILL DEPEND ON PHYSICAL DOCUMENTS IN THEIR DAY-TO-DAY OPERATIONS. EVEN WITH A STRINGENT STORAGE SYSTEM IN PLACE, THESE DOCUMENTS ARE STILL AT RISK OF THEFT WHEN KEPT IN THE WORKPLACE." THE RISK TO SMALL BUSINESS Hackers don't just go after big corporations. Research suggests small and medium-sized enterprises (SMEs) are even more vulnerable to cyberattacks. A study in 2016 by the Federation of Small Businesses found that around two-thirds of SMEs have been targeted by cybercriminals. According to a survey conducted by professional indemnity insurance brokers PolicyBee, one-third of small businesses believe a cyber-attack is a matter of 'when' not 'if', but 43% of SMEs have no plan in place to deal with cybercrime. "A single SME might not make a criminal rich but they are easier to attack because they spend less money on security and training," said Duncan Sutcliffe, director of Sutcliffe & Co Insurance Brokers. "Criminals will prefer to target numerous easy SMEs rather than one difficult large organisation." SMEs are particularly exposed to 'phishing' attacks - where hackers send emails posing as trustworthy sources and ask for sensitive information - and the 'hack attack'. This is when a hacker exploits an unpatched software vulnerability to access a company's network and steal its data. Further, almost a quarter of SMEs still manage their finances solely on paper. No amount of staff training and workplace policies can predict a simple mishap such as accidentally shredding or misplacing a document. "Old-fashioned security like locked cabinets, locked doors, locked windows, intruder alarms and procedures for transporting documents safely are the best ways to ensure paper documents don't get into the wrong hands," says Sutcliffe. However, for SMEs with limited budgets, this may prove to be an expensive investment. Choices will have to be made to get the best and most economical option for document safety. If businesses don't have the budget or time to set up an online security system to avoid the risks of online fraud, they may need to consider keeping only paper versions of files in a safe space, until their situation changes. STAY ONE STEP AHEAD It's important for businesses to be vigilant and keep up with the latest cybercrime techniques. An example is 'drive-by' downloading. This occurs when someone is tricked into downloading malware onto their device, granting hackers access to their data. "It's impossible to be 100% safe but you can mitigate most common threats by taking some simple technical measures. Every small improvement you make reduces the risks to your business," said Duncan Sutcliffe. The National Cyber Security Centre recommends a number of technical measures for cyber-security. These include: Securing internet connection by installing a firewall Choosing appropriate security settings on devices and software, such as passwords and 'two-factor' authentication to certain accounts Monitoring who has access to data and services, such as administrative accounts and extra permissions Installing software to protect against malware such as viruses and ransomware Updating devices, operating systems, apps and software, also known as 'patching' But information isn't just stolen online. Paper documents are just as attractive to thieves when they haven't been correctly shredded or destroyed. "There's an expression called 'dumpster diving', which is where criminals go through bins to find valuable information," added Duncan Sutcliffe. Going paperless can free up a lot of space in the office. But it can also put businesses in a more vulnerable position when it comes to data theft and fraud if the necessary security measures and staff training aren't taken seriously. Using an off-site archiving facility to store important legal and financial documents can clear space as well as protect a business from malicious attacks. More info: www.russellrichardson.co.uk www.document-manager.com July/August 2019 @DMMagAndAwards 31
Page 1: DOCUMENT M A N A G E R Dm www.docum
Page 4 and 5: Dm CONTENTS 2 0 1 9 JULY/AUGUST 10
Page 6 and 7: Dm MANAGEMENT: INTELLIGENT AUTOMATI
Page 8 and 9: Dm CASE STUDY: COMMUNISIS Weapon of
Page 10 and 11: Dm EVENT: DM AWARDS 2019 Time to ge
Page 12 and 13: Dm ANALYSIS: DIGITISATION TRENDS Ro
Page 14 and 15: Dm CASE STUDY: BLUEBIRD CARE Sharin
Page 16: Dm RESEARCH: DARK DATA In the dark
Page 19 and 20: ROUNDTABLE: GDPR Dm "ONE YEAR ON AN
Page 21 and 22: ROUNDTABLE: GDPR Dm "BEFORE MAY 201
Page 24 and 25: Dm TECHNOLOGY FOCUS: PAPER HANDLING
Page 26: Dm TECHNOLOGY FOCUS: PAPER HANDLING
Page 29: TECHNOLOGY FOCUS: MICROFILM Dm "DOC
Page 33 and 34: OPINION: RPA Dm "THERE WERE ONCE FE
Page 36: Turn your paper documents into a di

DM1907

Create successful ePaper yourself

Delete template?

Save as template?