With cyber security hitting the headlines almost daily, many organisations are rightly concerned about the vulnerability of their data and are devoting serious time and resources to protecting this vital business asset.
Traditional security methods have focused on improving the boundary defences of the organisation; aiming to prevent undesirable penetration of the network and to protect against viruses. Unfortunately this is no longer sufficient and those businesses that continue to only concentrate on this method of protection are likely to lose both staff and customers.
Why do I think this?
We now live and work in a highly connected world. The only guaranteed way of preventing undesirable access to your network is by cutting yourself off from the outside world completely. In fact, I was talking to an IT Manager of a medium sized business a couple of months ago and he had just returned from a cyber security conference. Having learnt about the risks, when he got back to the office he immediately wanted to pull out all the network cables – some ignorance can be bliss.
Being unconnected is not an option
Disconnecting your business from the internet is just not a practical option; at the very least we need to be able to communicate using email. Email is also the source of many virus and ransom ware attacks. These forms of malware often enter the organisation through phishing emails, and the more sophisticated ‘spear phishing’ and ‘whaling’ types of social engineering.
If you decide to adopt this ‘battening down the hatches’ approach, by locking your network down, disallowing remote access and remote working, having strict internet filters, and only allowing absolutely essential traffic through your firewall you are at risk of losing staff; we are all working in a competitive market place where good staff, particularly young professionals, will vote with their feet and move to organisations that provide a more flexible environment. I’ve explored this previously in my post about the New Professional.
This approach also means you are unlikely to be able to interact effectively with your clients so are also at risk of losing them to competitors who have adopted a more forward thinking digital strategy.
So, what are the options?
There is no silver bullet or single solution that will adequately secure you so a portfolio of measures is required, covering technical solutions, business processes, training and culture.
Your technical solutions should include the next generation of anti-virus solutions that utilise artificial intelligence to learn the behaviour of your network and prevent any unfamiliar processes from executing before they can do any damage. This is a significant advancement over traditional methods that rely on knowing the signature of the virus/malware before they can be detected. I am not a technical specialist so I will not attempt to explore these solutions in any detail.
Secure Web Portal
The other important measure you can take is to deploy a secure web portal, which provides internet based access to key data, separated from both the external internet and your internal systems.
Your business data is one of your most important assets. However, it is often stored on staff laptops, memory sticks and hand held devices so people can access it quickly when they’re not in the office. If these devices fail or are lost the chances are your business data may be lost forever. Data loss events can be serious and time consuming to resolve.
In my experience using a secure web portal to make your data available to those who need it, which includes both remote staff and customers, is safer and more efficient because:
- Your data is not stored remotely
- Rigorous controls monitor system access
- Users all have access to “one version of the truth”
- Users are always accessing a copy of the core data not the live production data
- You only make available the data you want your remote staff and customers to access
Client portals can have many different features and provide facilities such as document management and sharing, secure messaging, report generation and access to static and transactional data. What we are seeing is an increasing trend for organisations to want to use the portal as a means of interacting with the clients in a more active way, for example to initiate a process in the portal which continues in the back office systems or vice versa. Also with the advent of the GDPR* organisations are increasingly concerned about the location of their client data and the dangers of using email for client communication. These issues can all be handled by a secure web portal.
We are currently working with a number of small and medium sized businesses to help them develop their digital strategy, enabling them to remain secure whilst embracing technology to drive customer value and improve efficiency.
Contact us if you would like to discuss how we can help with your requirements and challenges.
Note: Solitaire Consulting has recently partnered with Vega Solutions Limited, a well established UK FinTech company, who develop a secure web portal known as Sirius. I am working with Vega to develop a web portal tailored for the wealth management industry. We have already had conversations with several trust and corporate services providers and a consistent theme is the recognition that they need to deploy technical solutions to enable customers to have online and mobile access to their data, but are naturally concerned about the risks of doing this. Sirius provides a potential solution to meet this requirement and remains independent of other core back office systems.