In 2022, more than 422 million records were compromised or lost by organizations in the United States alone. That’s far too many, and it gets worse. According to the 2023 Cost of a Data Breach report from IBM and the Ponemon Institute, the average U.S. cost of each breach was $9.44 million—a very steep price.
Information capture and document management technologies are important tools in the effort to secure sensitive records. Each year that passes, it becomes increasingly important that you and your staff can have effective cybersecurity conversations with customers and prospects. Users need to understand how your technologies can help them prevent intrusions and protect sensitive data.
In order to have effective security conversations, it’s critical for you to have an overall knowledge of the cybersecurity landscape and to understand which security staples products can offer. Let’s take a look at the current state of data security as well as six of the critical tools you bring to the battle.
We’re still losing data
We’ve all seen the headlines proclaiming the latest in an endless series of data breaches and cyberthreats. The technologies you sell (automation and document management) really do harden companies’ boundaries against cyberthreats, but new threats are constantly emerging. The analysis and reports paint a pretty grim picture of the world’s battle for cyber security. Consider the following:
- There were 6.3 million intrusion attempts in 2022, a 19% increase over 2021 (2023 SonicWall Cyberthreat Report).
- 86.2% of organizations were affected by a successful cyberattack in 2021 (CyberEdge Group 2021 Cyberthreat Defense Report).
- 83% of companies reported being subject to their second successful attack in 2022 (Ponemon).
- On average it takes companies 243 days to detect a breach plus an additional 84 days to contain it. That places full mitigation of a Jan 1 attack unattainable until late November, on average (Ponemon).
- Even more telling, almost half of all breaches are noticed first by someone outside the company (Ponemon).
- Despite all our efforts to improve, 66% of companies reported being more concerned about attacks in 2022 than they were in 2021, and an additional 29% feel about the same, leaving only 5% who feel less concerned (SonicWall).
- Last year alone, ransomware attacks rose by 13%, which equals the increase of the previous 5 years combined (Verizon 2023 Data Breach Investigations Report).
- Almost 3 in 4 (73%) of SMBs see the security risk associated with mobile access as significant, and 79% say remote work risks are somewhat or very concerning (Verizon Mobile Security Index).
Surely we can do better!
As a result of this ongoing battle, the global market for cybersecurity technologies will grow from $155.83 billion in 2022 to $376.32 billion by 2029 with a Compound Annual Growth Rate (CAGR) of 13.4%, according to Fortune Business Insights. It’s one of the fastest growing areas in technology.
Security staples already in your product lineup
One of the key drivers of digital document management has always been the opportunity to better secure information, placing businesses like ours in a critical role in the battle for data security. Your customers are counting on you to offer sound security advice and technologies to better protect their information. Though some are tried and true, the following six security staples are essential parts of your product offerings that really do help businesses better control information.
1. Set Strong Passwords
According to Verizon, almost half of data breaches still start with stolen credentials, underscoring the importance of strong passwords. We bandy about the term “strong” like we all agree on exactly what that means, but each of the systems we access set slightly different password standards, making it confusing. How many characters should we use? Exactly what qualifies as a “special” character? Do capital and lowercase letters really matter?
I like the following guidelines presented by Verizon in their 2023 Mobile Security Index
report. They create the acronym LUCID, and it’s a simple way to explain strong passwords to your customers.
Long – “an 8-character password would take about 22 minutes to crack; a 12-character one, 300 years.”
Unique – Don’t reuse passwords … just don’t.
Complex – “Throw a “special character” into that 12-character password and the time to crack leaps to 400,000 years.”
Impersonal -“A password with the same entropy as “Cassie%12032005” would take 5,000,000,000 years to crack, but it would be a lot easier for a hacker that read about your daughter Cassandra’s birthday on Facebook.”
Different – this is the same as unique. It’s repeated because it’s that important!
2. Leverage Multifactor Authentication … Everywhere
Over the last few years, multifactor authentication (MFA) has become essential to protect access to sensitive systems. What is MFA? This technology asks a user to provide multiple verifications of their identity before access is granted. Typically, this requires that a user enter their password plus one or more of the following: PINs generated at random by authenticator apps on a mobile device, PINs sent via text or email, or biometric identification such as facial recognition, fingerprints, or even voice and retina scans.
Verizon recommends turning on two-factor verification wherever possible, because it mitigates the risk associated with stolen credentials. Even if a password is hacked, the bad actor must also be able to compromise an additional layer of identity in order to gain access.
3. Eliminate Paper Documents
Despite decades of effort to convert paper records to digital files, most offices still hold printed information of some kind. Whether it’s older, archived records that have not yet been converted (sometimes called a “backfile”) or newly printed copies of documents, paper presents a significant security risk. It is so significant, in fact, that the U.S. Department of Health and Human Services and the U.S. Department of Education list the conversion of paper records to digital among their most important security priorities for 2023. In the Ponemon report, companies with no digital transformation initiatives had the highest cost of a breach at $5.01 million.
If you don’t currently provide scanning services to your customers, consider adding them. Alternatively, partner with a company that does. The elimination of paper wherever possible is a critical step to improving information security across all business types and sizes.
4. Encryption is Still the Way to Go
Encryption makes data unreadable in the event it is lost or stolen, so it’s an important part of every cyberdefense plan. Extensive use of encryption is one of the top five factors reducing the cost of a breach; it saves organizations $252,000 on average. Many, if not all, ECM products offer basic encryption in their standard security package. Always turn it on. The best products include data encryption both when information is at rest within the system itself and during transmission when records may be shared. Both protections are critical to keep customer data safe.
5. Implement Automatic Records Retention
Stale data (meaning it hasn’t been touched in more than 90 days) accounts for 70% of all sensitive data being stored by businesses. “If this data is kept beyond a predetermined retention period, it exposes an organization to increased risk and liability,” say the Ponemon analysts. Many ECM systems are equipped with records retention capabilities that can make retention and destruction automatic. Work carefully with your customers to understand relevant laws and regulations that set retention timelines for the data they keep, and configure their ECM to support automatic compliance with these initiatives.
6. Consider Cyber Insurance
Admittedly, cyber insurance isn’t a typical offering for many ECM resellers. My question for you is: Should it be? Given the astonishing number of records getting lost, and the likelihood that an organization will be victim to multiple attacks, insurance demonstrates the commitment and investment an organization makes in keeping private information private. And many of the costs associated with an attack are related to notifying compromised parties, providing them protections, and associated court costs, most of which are covered under cyber insurance policies.
Since most of us aren’t cyber insurance experts, let’s take a quick look at the nature of this type of insurance and the market need it can address. According to insurance provider Nationwide, cyber insurance “generally covers your business’ liability for a data breach involving sensitive customer information.” The U.S. Government Accountability Office (GAO) offers the following additional details:
Policies should cover: data breaches, cyberattacks on your data held by third parties, terrorist acts, direct cyberattacks, and attacks that occur anywhere in the world.
The insurance provider should also: defend you in a lawsuit, provide coverage in excess of other insurance payments/coverages, and have a 24x7x365 hotline to call.
This type of coverage is available from large providers like Nationwide, Traveler’s, and AIG as well as smaller firms that specialize in cyber insurance for businesses. While it won’t be a fit for all of you, many information management sellers find it helpful to have a cyber insurance representative available to partner with them on sales opportunities that originated from an incident at the prospect’s company or that feature security among their chief reasons for pursuing new information management initiatives.
You stand at the front lines in the battle for data security, so it’s critical that you understand how the technologies you sell can help protect your customers from cyberattacks. I recommend spending time training sales and professional services personnel in exactly how the ECM products you carry can be set up to leverage these capabilities to best protect your customers from bad actors who seek illicit access to information. Build your reputation as a document management provider who understands and cares about joining forces with your customers to strengthen their cybersecurity. As you do so, you further differentiate yourself from other suppliers and gain a critical competitive advantage in the wrestle for new sales in today’s difficult economy.
Christina Robbins is Vice President of Communication Strategy and Marketing at Digitech Systems LLC, one of the most trusted choices for intelligent information management and business process automation worldwide. Celebrated by industry analysts and insiders as the best enterprise content management and workflow solutions on the market, Digitech Systems has an unsurpassed legacy of accelerating business performance by streamlining digital processes for organizations of any size. For more information visit www.digitechsystems.com.