Data leaks and ransomware attacks
Take a look at the data leak at RDC, which offers ICT services to garages. The private addresses, license plates and telephone numbers of possibly millions of Dutch people ended up in the hands of hackers and were offered for sale, including my data. Another big news item was Facebook's data breach, which became public over the Easter weekend (data of more than 530 million Facebook users).
Or imagine having bought a ticket for the zoo online via Ticketcounter. Your name and bank account number are known everywhere because of a data breach. Another news update was about ransomware attacks in which data is encrypted so that you can no longer access your data. For example, the transport company that distributes cheese for Albert Heijn (a Dutch supermarket chain), or the municipality of Hof van Twente. This really is a nightmare for affected companies and institutions.
The importance of security
The increasing complexity of systems and the ongoing professionalization of cybercrime mean that companies are constantly being challenged to keep the security of their IT systems up to date. Large companies often have specialized security departments with Certified Information Systems Security Professionals (CISSP) and positions as IT Security officers. On the other hand, they often have to keep an overview of dozens to hundreds of applications. At SME companies, it is not always separate functions but roles that belong to existing functions, but the number of applications is also considerably lower. It is a constant balancing act between the risk and investments in time and money to mitigate these risks.
Pincvision's security policy
At Pincvision, from my position as CIO, I have the final responsibility for our security policy. Within Pincvision we spend a serious amount of time and money on securing our systems. For example our annual Interim Test of Controls where an external auditor checks the measures regarding our automated systems. Periodically, we have our external portals penetration tested by a specialized company with ethical hacker testing to see if they can gain unauthorized access to customer data.
Employees' behavior determines the success of your security
But the most important factor for good security continues to be our employees. Despite all technical measures, the behavior of employees often determines the success of security. Despite our spam filters, they still sometimes get phishing mail in their inbox.
At Pincvision we train our people on this subject, both when they start working and during our quarterly updates. For our password policy we also make use of external tooling that provides insight into the quality of the passwords, warns for reuse and indicates whether their email address is included in known data breaches. This year an extensive phishing awareness training is on the agenda to keep reminding our colleagues of the dangers around phishing and other forms of cybercrime. Despite all the technical investments, our colleagues are the 'last line of defense' against cybercrime! How have you arranged this within your organization?
Read previous blogs written by Pincvision's Board of Directors
Blog #1: Regulatory Technology: the view of our CCO on RegTech
Blog #2: How Pincvision evolved itself into a RegTech Company
Blog #3: From entrepreneurial dream to RegTech company
Blog #4: Pincvision and the impact of COVID-19 crisis
Blog #5: Pincvision's Digital Workplace
Blog #6: Sustainable entrepreneurship - check!
Blog #7: International trade continues also in times of crisis
Blog #8: Digital Dexterity in the Digital Workplace
Blog #9: The Compliance Efficiency Paradox
Blog #10: Pandemic-proof because of engagement with customers
Blog #11: Working and thinking from a 'Composable Business' perspective
Blog #12: Marketing humbug in the Supply Chain
Blog #13: New Pincvision office in the United Kingdom
Blog #14: Employees' behavior determines the success of your security
CIO (Chief Information Officer)