Stimulus Australasia

How to respond to Data Threats

If you have an enterprise business, you may be concerned about cybersecurity and your data compliance and management responsibilities. As a Pimcore partner, businesses often ask us how to respond to data threats.

This blog outlines some best practice examples of data security, including data encryption, password standards, and effective authentication processes, across several different software solutions.

 

Data risks and threats

Cybersecurity involves much more than simply stopping hackers from accessing your data. It includes a whole range of tools and practices designed to protect your information systems, network, and devices from a diverse set of digital threats. Modern organisations are responsible for maintaining the availability, integrity, and confidentiality of data records.

 

 

How to manage data security?

Developing a cybersecurity strategy is an unfortunate necessity for enterprise businesses these days. A cybersecurity strategy aims to help you consider and identify any risks or potential weak spots in your information architecture. It will also outline practices and procedures that need to be followed should a breach occur.

 

Your cybersecurity security strategy should include the following:

  • Risk Assessment – to identify any weak spots or vulnerabilities, and help you understand what the impacts of a data breach would be
  • Security Policies – your resources, practices and guidelines across all kinds of topics, from record creation and destruction, to user access and permissions
  • Training and education approach – which includes how you onboard new staff
  • Access control – which outlines the authentication processes and tools you will implement
  • Critical incident response module– that outlines how you will respond should a breach occur, with specific details about who is responsible for detecting, resolving and recovering from security breaches

 

Data encryption and firewalls

Data encryption involves transforming records into unrecognisable data. Encryption is like running your information through a translator, producing entirely scrambled and indecipherable records. Firewalls act as a shield or barrier between your data and marauding data hackers. A firewall monitors and influences network traffic and assesses incoming data to ensure it is safe to be admitted through. Your firewall systems are like the bouncers or security guards you appoint to monitor your front door.

 

Password policies and procedures

Many employees share passwords across work and personal devices and accounts, even when this goes against policy guidelines. As authentication processes are more complex, staff can become frustrated or lazy. This leads to poorer password practices and even the sharing of passwords and credentials to bypass what they perceive to be unwieldy processes.

 

According to Verizon's 2020 Data Breach Investigat eport (DBIR), more than 80% of hacking-related breaches involved the use of lost or stolen credentials. Furthermore, findings from Virginia Tech University outlined that over 70% of users employed a compromised password for other accounts up to a year after it was initially leaked, with 40% reusing passwords that were accessed through a hack over three years ago.

 

Authentication procedures

Another way to ensure data security is to implement contextual authentication factors. Modern workforces are dynamic, highly mobile, and may work on several devices daily. Creating rules with contextual authentication factors will help identify log-on that seem suspicious. Contextual authentication factors work by assessing other data such as last login, device being used, location and time of day. Options for authentication improvements include:

  • Establish a single sign-on (SSO) solution to manage log-on to the multiple apps and tools an employee might use daily
  • Utilising an endpoint device manager to ensure devices are recognised
  • Using device scanners to check for malware
  • Considering new biometric login tools such as fingerprint, retina or facial recognition

 

Cyber threat monitoring software

Some organisations deploy specific cyber threat monitoring and hunting tools. The sole purpose of this software is to detect and respond to cybersecurity threats across an IT network. Cyber threat monitoring and hunting tools typically use advanced machine learning and AI analysis to identify suspicious or unusual activity. Interactions are scanned and compared through pattern matching with other records.

 

A range of cybersecurity threat hunting tools are available on the market. Threat hunting tools also assess breaches and identify any vulnerability and provide recommendations about how you can improve security architecture. Data security tools can help protect a business from unauthorised access to records and files. Several data security tools also offer record backup, should your data become corrupted or lost.

 

Some cyber threat monitoring and hunting tools can even run across disconnected devices and applications. Popular cyber threat tool CrowdStrike Overwatch even presents a real-time threat graph, which helps determine a threat's starting point and the overall risk it poses to the network.

 

How to keep customer data safe

If you are generating a lot of customer records and transactional data, you must keep this information safe. Good practice around storing customer data means you should:

  • Understand and be transparent about where customer data is stored and held
  • Be familiar with the rules around timeframes for data retention
  • Put restrictions in place to determine who has access to customer data
  • Regularly run backups on customer data files
  • Encrypt data that is being transferred to other repositories

 

Data compliance in CMS systems

Content Management Systems (CMS) are tools that enable users with limited technical knowledge to create, build, and manage a website. Typically, a CMS uses a Graphic User Interface (GUI) to make it easy and intuitive to manage and update a website.

 

The most common CMS platforms today are WordPress, Joomla, and Drupal. According to a w3techs survey, these three platforms combine to support over 75% of all CMS-powered websites currently on the internet.

 

Unfortunately, CMS systems have several vulnerabilities, which make them quite prone to breaches and hacks. One way around this is to create role-based authentication practices within the CMS. Not everyone in your organisation needs access to every piece of data. Staff in stock control or warehousing may not need access to transaction data and financial information. Role-based authentication means that each person can have access only to the systems they need.

 

How ERPs can help manage data risks

According to Asana's Anatomy of Work Index 2021 report which interviewed 13,123 knowledge workers in eight countries, employees navigate through an average of 13 apps 30 times per day.

 

Because they consolidate data from multiple systems and tools, ERPs can help reduce risks associated with multiple logins and user account credentials. While multifactor authentication, described earlier, does help, using a single system for reporting reduces the number of services required to be open, accessed, and running at any particular time.

 

Other ways in which ERPs can help manage data risks include:

  • Data encryption
  • Assigned user roles and permissions
  • Regular backups to prevent data loss
  • Internal review and monitoring
  • Regular System updates, patch repairs and bug fixes

 

How Pimcore handles data

Pimcore can extend the security monitoring and management offered by your ERP. Pimcore MDM provides specific features and capabilities that support different aspects of data stewardship.

 

Pimcore enables you to establish centralised management, compliance, and transparency of master data across all of your records and files. Central record governance with Pimcore means that you can define, authorise and reuse master data for consistency right around your data network.

 

Pimcore's data model is delivered across your model using existing business logic and configuration to ensure data validation. Pimcore can also:

  • Analyse the quality of data processes, and monitor data quality, integrity and completeness
  • Provide master data records to all output channels, including web and social media
  • Display a centralised view of data
  • Provide a reliable way to update all instances of a record, means changes are made in relevant systems when a master record is updated
  • Provide pre-configured data to help you manage record metadata fields like colours, URLs, geodata, countries and languages, numbers, or SKUs

 

Data security in Pimcore

Pimcore establishes a multi-layer security model that ensures that Pimcore-based solutions are safe. Data compliance is achieved through:

  • Advanced user right and access models
  • Authentication tools that are multifactor (2FA) and in line with SSO industry standards
  • The prohibiting of unauthorised access
  • Stores data securely through stringent file accessibility
  • Reliable data integration through the transport of data through other systems, complete with a full-featured REST Webservice API and a Data Hub GraphQL API

 

Pimcore can be used to generate security strategy reports, providing a clear view of the security landscape. Access to pre-emptive security information enables you to anticipate threats with actionable intelligence.

 

 


Related Questions

What are the main cyber security concerns for 2024?

Unfortunately, new cybersecurity threats are always on the horizon. Here is our list of the main cybersecurity trends and concerns we will see during the rest of 2024.

  • 5G – new 5G hardware is becoming more prevalent. Hackers are developing new ways of accessing 5G routers, devices and mobiles
  • One-time password vulnerabilities – many services offer one-time password protection through multifactor authentication; however, hackers are using shared, leaked or reused tokens to bypass multifactor authentication
  • Use of AI and machine learning – creating more convincing and harder to detect phishing emails
  • Increased mobile phone vulnerabilities – phishing attempts are increasingly being distributed by mobile phones, known as SMS-based phishing "smishing"
  • Mobile phone malware – another hacking tool that is also becoming increasingly problematic

 

Are you concerned about data security, safety, privacy, and retention in your business or workplace? If so, contact Stimulus. As product partners, we help businesses from all industries use Pimcore to manage product records and customer data effectively.

More related articles

View all articles