Sony. Equifax. Yahoo. HBO. Target. The Democratic National Committee. Each of these entities suffered major losses (financial and otherwise) as a result of computer hacking. And there’s every reason to believe nefarious players will continue to worm their way into networks to steal or compromise critical data. This is why a multi-layered security effort is as important as ever — to ensure valuable information is protected from those who want to commandeer it for their own benefit.
But what is multi-layered security? And how does it protect your data?
Multi-layered security is pretty much like it sounds. It’s multiple levels of protection so that if one barrier is breached, there are more behind it to stop people from getting access to your information. Think of it like this. If you live in an apartment building, there’s probably security door you have to pass through on the way in. Then there might be a doorman or a keycard for the elevator. Then your door has a deadbolt as well as another lock on the doorknob. And finally, you might even have an alarm or a smart home device, like a motion-activated camera. If at any point, a person doesn’t have a key, they’re stopped in their tracks. And with the alarm or the video camera, the system will immediately issue an alert should there be a break in. All these steps are designed to protect your valuables and deter villains from attacking your home. A multi-layered security system is a digital version of this for your network and the files it houses.
The data you store on your computer or network is valuable to you and your business. But if it falls into the hands of a hacker, it could compromise a transaction, your intellectual property or bring your entire business to a halt. A network breach in 2011 compromised customer data for 77 million Sony PlayStation accounts, resulting in the PlayStation Network being shut down for more than three weeks. Others break into systems and try to extort money from their victims. This was precisely the case with HBO, where hackers implied they wanted a $6 million ransom. And of course there’s Equifax. The break in resulted in the stock losing around one-third of its value – about $4 billion in market capitalization - in just one week.
You might think that simply protecting your information from the outside is enough. But that’s not the case. A 2015 study from Verizon said that about half of all security incidents came from inside the company walls. In fact, according to the report, 20 percent of all compromised data is related to employees stealing information, misusing it, selling it or engaging in similar activities. For example, in 2014, a Tufts Health Plan employee stole data (including names, Social Security numbers and dates of birth) for nearly 9,000 customers. And there are countless of other cases just like this. When sharing confidential and highly-sensitive information during M&A due diligence you are at an even greater risk of a potential data breach.
So what can you do to keep your data secure?
You need to have a strategy and then implement a plan that protects data at all its potential touch points. While a critical first step, it’s not just a matter of ensuring that your firewall is secure. You also have to ensure your vendor’s platforms are built with bank-grade security. To return to the earlier analogy about the apartment building, that’s similar to only having a front door key. It’s a main line of defense, but it’s not enough.
When implementing your own security and evaluating external applications, like virtual data rooms, file-sharing platforms, and CRM solutions for your business, you need to consider the following items:
- What kind of encryption do you have?: You want a high-level like TLS 1.2 AES 256-bit encryption for internet browsing and data transmission key encryption at 1024 bits.
- Logins and Passwords: Passwords are a key element of defense. But it’s important to use them in a way that tracks when people log in to files and what documents they view. Also, logins should be encrypted, have minimum lengths and required resets.
- Infrastructure protection: When it comes to servers, make sure you know who has access and how they can enter those facilities. Things like security badges and multi-point authorization can keep controls tight.
- Logs and Event Tracking: This allows you to monitor who is accessing various files and when. This information is key should that information ever be compromised.
- Data availability and redundancy: In the event something happens to your data at one location, you need to make sure you have it fully backed up elsewhere.
SmartRoom is a secure virtual data room that was designed to offer precisely these features because we’re laser focused on helping organizations protect their information. We also make sure that our data centers are SAS 70 Type II compliant, meaning that an outside auditor can come in and assess their effectiveness.
Hackers seeking targets is just an unfortunate reality in today’s internet-connected world. But there’s something your business can do to guard itself against being its next victim. And that’s ensuring both your internal systems and vendor application’s like your virtual data room are built with multiple layers of security.
Read our security documentation for more information on how SmartRoom’s multi-layered security system can protect your data.