Malware phishing attacks and data breaches have unfortunately become the new norm in today’s digital world. Cyber criminals are increasingly targeting Internet users of all shapes and sizes to gain access to sensitive data or online accounts, with the recent WannaCry attack only one of the plethora of incidents that businesses have to deal with. According to official government figures, half of UK businesses were hit by cyber-attacks in 2016 alone.
Cyber-attacks can be expensive, not only in the cost of cleaning up, but the scars of those experiences often take a while to heal. No organisation is immune to these attacks either, but there are a few measures that can be taken to minimise the risk to customers and the business as a whole. This is where due diligence comes in. Businesses must make sure they are thorough in their evaluation of cloud services providers to ensure they have the necessary protocols and capabilities to guard against cyber-attacks adequately.
As businesses increasingly leverage third-party digital services, they need to be sure that the vendors they partner with have their best interests at heart. But who’s keeping vendors honest? Business can no longer assume that vendors are on the same page when it comes to cyber security. The stakes are too high for that. Whether you are reviewing an existing relationship with a vendor or assessing a potential new customer, here are a few key questions businesses need to ask to make sure they are keeping their data and customer data safe and secure at all times.
Which cloud security standards do you adhere to follow?
As a result of recent high-profile hacks, the need for strong security controls and processes has risen on the list of business priorities. Businesses are particularly concerned about whether or not vendors can meet necessary security requirements to keep document-based transactions safe and secure.
For regulated industries, there is a need to go above and beyond commonly used security protocols. The ultimate goal is to protect data so that businesses can remain compliant with standards imposed by stakeholders. There is a range of security protocols, including SOC 2, HIPAA and FedRAMP that offer robust standards and processes. With these standards, auditors keep vendors honest by making sure they attest to and implement security best practices – day in and day out – without exception.
[easy-tweet tweet=”Finding a dependable and security-conscious vendor that offers flexibility is essential.” hashtags=”Security, Vendor”]
How flexible are your deployment options?
The cloud is getting increasingly popular with businesses but trusting another company with documents and data is never easy. Finding a dependable and security-conscious vendor that also offers flexibility is essential. Vendors must be able to give their customers choice on how and where they deploy the solution (i.e., in a public cloud, private cloud or on-premises behind a company’s firewall). Businesses must also be able to make necessary changes with minimal inconvenience because it is the ability to make these types of on-the-fly changes that ensure that they can keep moving and eliminate (or at least minimise) security risks without impacting customers, partners and employees.
Can you white-label the experience?
When a vendor’s logo and brand is prominent as part of the user experience, it can create confusion and a disjointed experience. Also, if the vendor is breached, even though it doesn’t necessarily have anything to do with the business, it’s not inconceivable for it to have a spill-over effect that impacts the business by association. One good piece of advice is for businesses to fully white-label the experience – removing all traces of the vendor’s brand. For example with e-signatures, businesses should consider white-labelling everything from the web and mobile screens to email notifications that are sent to signers. This will make your business, and your customers less vulnerable to attacks in the event your vendor’s service is breached, and it will also and it will also make it easier for customers to detect suspicious emails.
How do I know I can trust you?
Trust and security are at the heart of digital transformation, and it must remain the top priority in the world of digital transactions. As mentioned earlier, no one is immune from cyber-attacks, but by investing in the right human and technology resources, building trust and confidence will be much easier.
The concept of a digital trust chain that links technologies together to provide a secure transaction from end-to-end needs to be at the heart of any digital business. This chain should include everything from authentication to identity access management and other security components needed to safeguard the process, including the data and documents underlying the transaction.
It is essential for businesses to thoroughly research vendors to understand their product capabilities, cloud security practices, certifications, track record and the frequency of their security audits before putting their money on the table. It might sound like a lot of work, but this approach could expose past shortcomings, incidents of data loss/leakage or other risks that could potentially harm your business and customers.
Rahim is the Director of Product Marketing for eSignLive. An experienced product marketing professional with more than 10 years in the software industry, Rahim is the outbound voice for eSignLive’s e-signature solution and is responsible for driving product awareness, gathering customer requirements and defining positioning in the core markets that eSignLive serves.