Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×

The hacker’s playground

Jonathan Morgan, CEO, Object Matrix, and Michael Nixon, marketing and engagement manager, Fortium, discuss how Covid-19 has stripped companies of the luxury of taking a measured approach to adopting remote workflows.

Pirates and hackers thrive amidst times of confusion and chaos – which I think is fair to say, has been the world’s default state over the past 9 months. Stripped of the luxury of taking a measured approach to adopting remote workflows, many companies have neglected security considerations. This quick-fix thinking has come up short and subsequently, pirates and hackers are having a field day. 

A look at the figures

Data breaches are up 273 per cent; ransomware is up 90 per cent; and destructive attacks where data is destroyed is up by 102 per cent. In April, some 450 active World Health Organisation email addresses and passwords were leaked online – which led to WHO migrating to a more secure authentication system. 

There are procedures which can be implemented to ease this uncertainty. Whilst these are frightening figures, thorough consideration into data security can prevent disaster.

The Right Tools for the Job

Sound simple? It is. Yet, a recent report stated that misconfigured Cloud servers was amongst the biggest cause of data breaches. When considering remote workflows, there is no one size fits all solution. Companies need to consider their specific and individual needs before implementing a Cloud-based infrastructure. 

There are numerous different types of Clouds, perhaps the most effective for security is the Multi Cloud. This configuration allows for a combination of several Cloud services in order to provide higher protection against data loss and offer higher levels of security. This is all done by lessening the dependency on any one external organisation.

When using multi Cloud models, companies can tailor their remote workflows to their needs. For example, if a company has localised content, and that content needs to be translated into a set number of languages, it is likely that the content will be sent across to numerous third parties before roll-out.

This company needs protection every step of the way; is there a specific solution available for this workflow? Encrypting files so they are only accessed by authorised users is a start. This can be done at-rest as a minimum, but files can also be encrypted in-use too. Can the company use an access control list per file? Can we audit what an end user is actually doing with the encrypted files? All these features give the company in question more control over their sensitive media and data files. In tandem, they can drastically reduce both internal and external security threats. 

Covering the basics 

Another tip that can be implemented by a mere change of mindset is to cover basic security. This can be as simple as ensuring that no one person, or one machine, has access to all the backup files in your corporation. By splitting the access powers up amongst individuals, companies can ensure that no one person has too much power.

It’s also worth noting on the topic of basics that you shouldn’t use or access any files, folders or USBs you do not recognise. Whilst a part of everyday office life, these instruments are also used by hackers to spread viruses and malware onto computers. This is also a case of ensuring that everyone working for you, internally or externally, follows these basic guidelines. It is possible to use software that notifies a chosen administrator if a USB is being used. Companies may wish to block USBs all together if they like, or the software can merely keep track of what is being saved where.

Fighting data with data… analytics 

On the topic of analysing data, audit and trace systems offer an overview for administrators to digest activity amongst their archives through an easy to use control interface. 

Such software allows administrators to monitor by who, and when, content is accessed. It also displays what is done to the content in question, clearly illustrating whether something has been deleted, removed, copied, added, and so on. If any behaviour is out of line, administrators will be able to track who has made the changes and launch an investigation. Just as easily, administrators will be able to revoke access, ensuring that no content gets leaked that shouldn’t.

Having a proper audit process in place gives you much better control when sharing your content with external stakeholders, editors, and reviewers. 

Digital content governance

Clearly, if organisations wish to profit from their content or build a successful community, they need their hands on their data 24/7 to use, re-use, re-shape and re-use. Digital Content Governance platforms enable that, but they also focus on the whole package required to protect, curate, share, distribute and audit digital content. 

Digital preservation processes ensure your content is protected at ingest and ensures it remains protected throughout its lifetime. However, this requires regular integrity checking of data which can be a costly exercise with legacy technology. How many media companies regularly follow good LTO management practice?

Making sure that business rules are enforced, such as access rules and retention periods ensures that content does not get accidentally deleted. Automation and integration are also key to removing manual steps that introduce opportunities for error.

DCG platforms handle all aspects of good digital perseveration practice from continuous content protection and multiple copy protection (on and off-site) business rules support. 

Update your passwords… all 30 of them

Our final tip is a simple one; make your passwords strong. 80 per cent of security breaches are due to weak or stolen passwords. We know that organisations use a plethora of systems, and that remembering 30 very unique and puzzling passwords isn’t easy. That is why software has been created which stores these unique passwords in one place. Password managers work on a zero-knowledge basis, so they are kept secure. They allow administrators to grant access to select passwords, managing who is allowed access in a secure environment. This ensures that employees cannot go rogue and leak information, but also allows you to use incredibly complex, randomly generated passwords that no hacker can guess.

Every industry has been forced to react to the challenges posed by the global pandemic quickly – however, failure to react in a composed and measured way will only result in further chaos for companies. The tools to guard content are readily available, companies only need to take the time to research and find them. With cyber-attacks rife it is more important than ever to take measures to secure your content.