The more people work away from offices, the more complex security requirements for businesses become. Cyber protection and document security are the responsibility of individuals, but mostly this falls on the business. By implementing the right technology, your data can be secure. Read more to find out how you can ensure information security for your business.
What is information technology security?
"Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It's also known as information technology security or electronic information security." - Kaspersky
While most of us are aware of viruses that can attack our computers, the threats your technology systems and devices face go far beyond this. You may realise when you are on the internet that you are authenticating yourself with security checks like recaptchas and accepting cookies, but do you know what they do?
There is an ever-present threat of data loss, leakage, corruption, manipulation, and theft. With more businesses being online and more knowledge workers, data is increasingly at the core of day-to-day business operations, and companies are generating staggering volumes of it. This has given rise to information governance technology since much of this data is highly sensitive, and may contain personally-identifiable information about customers and employees.
Cybercriminals know this too, and this is why they are using automation to create and iterate new cyberthreats constantly. They’re even using personal information from corporate websites and social media networks, using phishing scams and new ways to infiltrate your life every day. So it's clear that protecting business-critical data is a mammoth task, but also critically important.
Security while working from home
More than any other time in history, people are working from home. If not handled correctly, this poses a risk to businesses. Some security measures that are in place at your workplace, may not be in place on your home network. Some of these may include web filtering, firewalls and data encryption. If working from home is part of your company's current and future plans, your IT team will have to update your company’s policies if they haven't done so already. Some restrictions may apply, and they would have some tips on how to securely work remotely. Here are some as provided by CERT NZ:
- Only use WiFi you trust.
- Make sure your screens aren't visible to others you don't know.
- Use a virtual private network (VPN) when connecting to your work’s network.
- Use a device provided to you from your organisation rather than a personal one, if possible.
- Enable two-factor authentication whenever possible.
- Use business communication tools with end-to-end encryption.
- Be extra cautious about suspicious emails.
- Use a long password or passphrase, that you haven’t used elsewhere, to access any system.
- Update your operating system and check that the software or apps that you’re using are up-to-date as well.
- Make sure you have antivirus installed and are running regular scans.
Tough security with PIQNIC
Working from home presents every company with a challenge. Each new technology that is implemented needs to be carefully considered. The interaction between these apps and software platforms, the way employees will be using them and house rules need to be evaluated. Then the rollout of these technologies can begin. The reality is that some companies didn't think about these security considerations beforehand, and now are scrambling to get a plan in place.
PIQNIC developed from years of experience in information governance, which has resulted in an intelligent platform that has a focus on document security, amongst others. Protecting your data and information is really important to us. That is why PIQNIC has multiple levels of strong security and data protection. With our robust platform security, admins totally control what levels they apply to data and users. Plus PIQNIC helps you transition from your current document management system to our platform. Here is what PIQNIC offers you:
-
Network access and infrastructure security
PIQNIC is protected by multiple levels of network security controlling access to the platform. Document and database storage is fully separated from the platform’s presentation tier which prevents direct access to the PIQNIC repository. Access to the service is audited by our security infrastructure team on a regular basis and basic auditing of activity is provided within the platform. Advanced auditing functionality for administrators is planned in future releases.
-
Durability
PIQNIC provides year-around 99.99% availability, and durability of 99.999999999% of data by taking advantage of duplicated storage technology. PIQNIC takes extra measures to protect data against loss by replicating the encrypted content to other data centres that are completely separate in all critical aspects: telecommunication links, power supply, physical location, etc. PIQNIC storage is designed to sustain concurrent loss of data in two facilities.
-
Data encryption in motion and at rest
All data uploaded to and from PIQNIC as well as all the communication between PIQNIC servers and users is encrypted. This provides secured access from unsecured wireless connections or other public internet access points.
-
Data privacy and compliance
PIQNIC is hosted in the AWS cloud and leverages compliance certifications that apply to the infrastructure used. See a list of compliances here: https://aws.amazon.com/complia... AWS is used for data storage to ensure compliance of personal data protection directives. - Independent validation to the SOC2 and ISEA 3000 Type II standards - SSL encryption (256-bit) prevents interception of data while in transit - Content encrypted at rest to protect from unauthorized access on the server.
-
Robust Authentication & Authorization
PIQNIC is segmented into domains to allow for a logical separation of documents and other artefacts between customer organizations. All users must authenticate themselves using a strong password and some types of users are required to go through 2 step authentication. Once they are authenticated, they are authorized to access a specific organizational domain which gives them access to document management and collaboration tools available to that organization. The level of access is determined through their group membership so their activity is always confined to the appropriate part of the PIQNIC platform.
-
Securing information with ease
Information in PIQNIC is secured using granular permissions and role-based security to ensure authenticated users only access the data they’re authorized to. Powerful and flexible security should not require complexity and specialist knowledge to administer it. That's why PIQNIC security model is smart and has been designed to be simple and intuitive both to implement and manage. At its core, it is built around the ability to control and restrict the scope of document searches executed by users. This model allows the implementation of complex security requirements while reducing administrative overheads required for the maintenance of a finely tuned security model for organizations of different sizes and requirements.
-
Secure collaboration with control
PIQNIC's multi-layered security settings make it easy to customize the platform to exactly match how you work with teams, internally or externally. Our security model clearly differentiates between users who belong to your organization and those who don’t. At the top level, administrators control content access for internal users, who in turn initiate collaboration tasks and decide what is shared (from the information they have access to) and who is invited. External users that may be invited to a collaboration session, therefore, have access to the content moderated by both administrators and internal task owners.
-
Auditing and notifications
Through a smart built-in events framework, PIQNIC listens and registers various types of events such as user activity, document lifecycle events and collaborative tasks, and uses this information to populate audit logs of collaboration tasks and documents making full audit trails of all managed information instantly available. At a user request, some of these events can be relayed to users through instant notifications. Users and administrators are in full control of all important aspects of notification settings - events monitored, notification frequency, notification channel, etc.
What's your experience of working in this area? Let us know in the comments below: