Data security should be a priority for all companies. Here, we explore practical ways businesses can ensure their data is secure. Read on to learn how security and crime have changed over time and how to increase your data security in today’s data-centred landscape.
We review the importance of secure passwords, multifactor authentication, anti-malware, and more. We also discuss the security measures we have in place that clients can rely on when using our data extraction OCR software to streamline their operations.
Crime These Days is Largely Committed Online
The need for security has been around as long as thieves and opportunists have existed. However, just as security has advanced and grown smarter over time, so have the mediums criminals use to steal.
Today, cyber security is a new kettle of fish that people must consider seriously. While burglary, car theft, and the like are still prevalent in modern society, the consequences of having your physical goods stolen are less severe than the ramifications of cybercrime.
One of the most significant differences between physical thefts and cyberattacks is that crimes like burglary require the criminal to be physically present when committing the crime. When it comes to cybercrime, the perpetrators are almost entirely isolated and hidden. This advantage makes them much bolder. It makes the risks they face much less as well. Due to this, crimes are increasingly committed online because of the ease and anonymity involved.
However, while no one hears about bank robberies and heists anymore, neither do we hear about the ransomware attacks on businesses occurring yearly. A recent survey released in February 2021 revealed that, on average, 37% of organisations participating in the survey worldwide were victims of ransomware attacks over the last 12 months.
What is ransomware? It’s in the name. When cybercriminals penetrate your network, they encrypt the files and data so they are inaccessible without a decryption key. They essentially kidnap your data, and you must pay the cybercriminals a ransom for the decryption key to get access to your files and data again. In many instances, cybercriminals may take a ransom payment but still not decrypt your data, making it a risky prospect to consider paying the ransom.
Cybercrime Is Endemic Within Society
While we don’t hear about cybercrime much, it is endemic. There’s no telling how many hundreds or thousands of businesses go through this every year because many companies experience this and say nothing. Unfortunately, rather than admit they have been breached, businesses often hesitate to report it, choosing instead to hide it and protect their reputation.
Consequently, many companies pay to get their data back from cybercriminals or avoid leaking private and confidential data online. This has, in turn, pushed the insurance cost up, driven by the frequency and severity of continued ransomware and other types of cybercrime claims. For example, in many countries, cyber insurance premiums have been increasing from 20% upwards, and cyber insurance remains one of the insurance industry’s most volatile insurance types.
What Do Businesses Have to Lose?
While there is always a risk that someone may break into your premises and steal your laptop or other physical goods, the cost is minute compared to the potential impact of cyber theft.
For example, if your company handles an abundance of client data, there’s a risk of that data leaking. That cost to a company is much higher than any material theft. Burglars could take every computer and every TV out of your office, but that would be nothing compared to the financial risk of your customers’ data leaking or vanishing.
Cybercrime is at the forefront of crime these days; however, because it is not discussed, most people do not realise its impact. While we still hear about burglaries, cybercrime seems to go under the radar. That is partly due to the anonymity of the perpetrators. For example, cybercriminals attacking a business could be based anywhere in the world. They are so far removed from the crime scene that taking lawful action against them is extremely difficult. In many cases, they operate from locations where legal action against them may be impossible, e.g., they may be from countries such as North Korea or Russia. In many instances, cybercriminals are affiliated with or even sponsored by their respective governments, which will shield them from justice.
What Can Businesses Do to Protect Against Cyberattacks?
1. Cyber Training
One of the primary things businesses should do to ensure data security is conduct cyber training for all employees, especially those handling data and accessing computer systems.
Ensuring that employees are informed and armed to protect themselves and the company against cyberattacks is crucial as cybercriminals are constantly probing to find a weak spot in your security. They may send an employee an email, pretending to be the boss, prompting the employee to open an attachment (a technique often known as ‘whaling’). Alternatively, they may request information such as card details or bank details.
Xtracta has experienced this historically, especially when bringing new junior employees onboard. Our employees have received emails from impersonators claiming to be Xtracta’s CEO but with altered details (e.g., a slightly changed email address). These emails have included requests for employees to buy $700’ worth of Google Play cards or Apple cards and send through the codes.
Fortunately, new staff without cyber training don’t have access to customer data. However, it shows how crucial it is to have thorough cyber training in the workplace. Since then, we’ve changed our procedures to ensure that cyber training is a mandatory part of the onboarding procedure. New employees must undergo this training to ensure they are aware of the risks and not exposed by attempted break-ins from cybercriminals.
2. Updating and Patching Systems
Besides comprehensive training procedures, companies should ensure that all their systems are patched and up to date. There are many weaknesses found in software and even in hardware. If you don’t protect your systems, then cybercriminals can utilise those weaknesses to achieve their access.
Businesses must protect themselves against all malware, including zero-day threats. Zero-day is a concept referring to unknown weaknesses in software that leave companies vulnerable to cyberattacks. These weaknesses are valuable for cyber criminals because they are not known about and thus left unpatched.
However, even when companies find these issues in their software, often they are left unpatched for months. Companies must always stay on top of patching and be very astute and diligent because cybercriminals are constantly scanning the internet to find these weaknesses.
3. Cloud Services
Businesses should take advantage of cloud software, including services like file version control. For example, an online software like Box or Dropbox offers a revision history of files. Therefore, even if a company’s files were to be encrypted by ransomware, the cloud storage provider wouldn’t be breached; only the company’s immediate files would be encrypted (with older versions protected by the procedures of the online software). This means the company can still access data and files stored with their provider.
Another benefit of using cloud services from a major provider such as Google or Microsoft Online is that they should have comprehensive malware, spyware, and virus scanning. For example, if you’re using a service like Gmail, any emails that may contain phishing codes should be securely detected and flagged even before emails get to you.
4. Password Authentication
In terms of authentication, passwords are essential to consider. One of the most significant risks is when people use the same password on multiple sites. For example, if attackers breach a site that follows password best practices, they shouldn’t be able to decrypt the passwords because of a process called hashing. However, many sites do not utilise this technique, and even if they do, cyber criminals who have gained access to the site may modify its code to record passwords being used in real-time.
Ultimately, it’s just a good idea not to use the same password on any different site or have similarities between passwords. We strongly suggest people use password managers, which allow users to have extremely complicated passwords unique to each site. Password managers make it easy for people to manage all the different sites they use. So, it’s critical to use this type of service.
5. Multifactor Authentication
Multifactor authentication is another good defensive measure. Your data is protected even if you have shared passwords between different websites and an attacker tries to get through using your details. While they may have the correct password, they won’t have access to the other authentication tool. For example, popular options these days include:
- A one-time password that asks for a code sent to your phone
- Applications that call your phone
- Dongles that require users to enter a passcode to gain a one-time access code
All these are examples of multifactor authentication, ensuring that your data remains safe behind an additional layer of security even if your password is breached.
6. Full-device Encryption
Also consider full-device encryption on your laptops, mobile devices, or even on your desktops. For example, if you accidentally leave your laptop at a hotel or a cafe and someone takes it, all your data will be protected if you have full device encryption. However, if you don’t have full-device encryption, it’s effortless for anyone to read your clients’ files or confidential company data. So, for mobile devices, you must use encryption.
Xtracta Ensures Your Data is Completely Protected
At Xtracta, we do a range of things to ensure that our data and our client’s data are secure, including:
- Full encryption measures for data transmission using well-recognised encryption standards.
- A very comprehensive authorisation system. We can determine what data different users have access to, ensuring they cannot break out of their box to access other data beyond their remit.
- Having full-disk encryption on all our mobile devices and hardware storing client data.
- All data is stored securely in data centres with extremely comprehensive physical security, reducing the chance of physical theft of data storage devices (such as hard drives or SSDs) holding client data.
- We do security training with our team and have comprehensive policies in place around security.
- We keep up to date on the latest security updates and know the risks.
- We work periodically with infosec providers (experts in information security) who audit our systems through penetration tests. They also do code reviews to ensure our codes and procedures are secure.
Get in touch with the team at Xtracta for secure streamlined data extraction
Xtracta’s specialised approach to intelligent document processing (IDP) allows companies to maximise workflow efficiency and accuracy. Furthermore, the processes we have in place ensure that your data is fully protected and stored securely in the cloud. If you’re looking for ways to streamline your operations while keeping your data safe, get in touch with the team at Xtracta today. We’ll be happy to elaborate on our receipt, contract, and invoice OCR software and the possibilities of Xtracta for your organisation.