While technology can always improve data security, the human element means there are always potential gaps, Mia Papanicolaou said.
Ms. Papanicolaou is the Chief Operating Officer of the Americas for Striata, a company providing strategy, software and professional services enabling digital communication across multiple channels and devices. They specialize in digital message design, generation, delivery and storage.
Key to any company’s data security strategy is the ability to identification of data security gaps, Ms. Papanicolaou explained. Those who think their systems are fool proof better think again.
“There will always be them (data security gaps),” she said. “We often don’t know what we don’t know.”
Technology can address those gaps to a degree, but staff education also has to play a key role. Teach how data breaches occur, and how fraudsters change their approaches as companies catch on to older strategies. An official looking email from a trusted client or superior is seldom questioned but is a common way for hackers to access your system.
“One employee clicks on a link and ransomware runs in a company’s system,” Ms. Papanicolaou said.
Outdated communication philosophies and technology are fertile ground for hackers and fraudsters. In many companies general data access is spread across departments, and as more people gain access risk increases, especially if information security is given different priorities in different departments.
Old technology systems are another concern, Ms. Papanicolaou said.
“Legacy analog systems were never designed for the connected world.”
Many aren’t even designed to be connected across different departments of the same company.
Can people simply log into their bank? Sure they can Ms. Papanicolaou said. Many companies, banks and other financial institutions have their documents available online that clients can access through an emailed link.
The problem is there is no way to be sure that email is actually from your bank. You could be giving your login details to a scammer.
“What is an authentic email and what is fake?” Ms. Papanicolaou asked.
Striata addresses that by securing a client’s entire network. When sending emails, include information that verifies you know who they are, like when your bank sends you a message with everything but the last four digits of your account crossed out. Have password protected sites and educate clients to look at the url to see if the message originates from a suspect site.
Recent high profile data breaches illustrate different ways hackers try and access information, Ms. Papanicolaou said. In the case of JPMorgan Chase a staff member’s login information was stolen but noting was stolen beyond personal information, which will be circulated to other fraudsters.
“There will always be technology that will plug away at where human errors and gaps lie,” Ms. Papanicolaou said. “Gaining access in ways we had not thought of.”
Data security involves more than technology, Ms. Papanicolaou said. Corporate cultures should be examined for flaws which leave the company vulnerable to attack. Vigilance against phishing scams, constant analysis of processes to identify risk before breaches occur, and regular reviews of third party relationships.
Striata provides several layers of data protection, Ms. Papanicolaou said. They help companies safely store documents and make them securely available online, complete with encryption and document and password protection, beyond the layer of technology around them. Secure the document in storage and then secure the technology around that storage.
Make it hard for criminal elements to steal your data and they will move on in search of easier marks.
“The technology is obviously important as we evolve and how we as consumers interact with technology,” Ms. Papanicolaou admitted. “We need to keep up with security as behavior changes.
“We are managing both people and technology, so we cannot forget about the people.”