Cyber-crime attacks are growing in number, severity, and economic impact. Nightmare situations involving attacks on institutions like power grids or the SWIFT e-banking network are becoming real, on top of the many highly-publicized data thefts from groups like Yahoo. Worst of all, there’s virtually nothing the police and governmental authorities can do to stop these threats. The global, decentralized nature of cyber-criminals makes them extremely difficult to catch, particularly those working out of developing-world nations with limited policing resources.
When managing an indirect sales ecosystem, it’s virtually inevitable to rely on remote computer services to manage your sales network and keep everyone informed and connected. While platforms like PRM can help centralize your files, communications, and customer data, no single platform by itself can guarantee security. In this blog, we list six security must-haves for your indirect sales ecosystem and include more details about our recent SOC 2 Type 1 security certification.
1. Access And Password Management. The most common vector of cyber-attack is NOT your servers, your cloud partners, or any other piece of technology. It’s your employees, and your partners’ employees. According to estimates, a combination of direct human error and\or theft of vulnerable devices are at the root of roughly half of all cyber-crime.
You need strong access management policies in place that ensure employees only have access to the data they need, and nothing else. This should be combined with strong training on security issues such as how to recognize and avoid social engineering attacks. Employees should know how to create strong passwords that cannot be easily-cracked. Poor password policies are the #1 source of security problems.
2. Local Network Security. Your next-most-vulnerable vector of attack is going to be your local network. If you’re running off older hardware, it honestly may be time to think about upgrades. The latest generation of networking gear from enterprise-level vendors includes robust in-hardware security systems which can take a lot of burden off your administrators.
Never neglect your anti-virus and anti-malware systems. Viruses and malware which make it onto a network can cause significant havoc, while often being extremely hard to detect without professional help.
3. Network Visibility and Oversight. Going along with #2, it’s also important to have a network setup that allows your admins easy oversight into what’s happening on the network. This is another reason that upgrades are a good idea. Modern network software with graphical user interfaces (as opposed to the old Linux-style command line interfaces) are extremely good at creating dashboards with vital usage information prominently displayed.
The easier it is for your and your partners’ IT managers to see what’s happening on the network, the better the chances are that they’ll spot small anomalies before they become big problems.
4. Device-Level Security. If you allow usage of personal smartphones and tablets, they can be a major security concern. This method is convenient, but hard to lock down – particularly now that mobile malware is becoming a growing problem. Part of this can be solved with proper access policies, and informing employees about the security risks that come from personal device usage. At the bare minimum, ensure everyone understands that work data should never be put onto a personal device.
Encourage employees to use devices that utilize biometrics – like fingerprint scanners – for protection. They’re far harder to crack than passcodes if the device is ever stolen.
5. Encrypted Data in Cloud Systems. If you’re using cloud-based data storage, do not rely solely on your cloud provider for security. The best approach here for sensitive and\or mission-critical data is double-encryption. That is, encrypt each file individually and also upload them to drives which are themselves encrypted. While nothing is truly impossible to crack, such double-encryption policies are about as safe as you can get.
6. Updating And Auditing Policies. Finally, don’t forget that security systems need constant attention. Never allow your network OS, anti-virus, and anti-malware systems to fall out of date. Have a set schedule for updating them. Likewise, run regular security audits to ensure proper compliance and oversight. These won’t just help keep you safe, they’ll also give your own partners more reason to trust you with their own data.
Here, at LogicBay, we are committed to helping keep you and your partners safe with a PRM platform that’s backed by superior security. This week, we announced completion of the Service Organization Control (SOC) 2 Type 1 audit. The completion of this audit confirms that we successfully met security standards and possesses sufficient safeguards and strategies that acceptably protect client data in their cloud infrastructure. Feel free to contact us to discuss our security measures if you have any questions or concerns!