#SecurityandStorage Archives

As Clive Humby famously said, ‘Data is the new oil.’ It’s a commodity so valuable that cybercriminals go to great lengths to get their hands on it. And when they do, they use it for extortion and to sell to other criminals on the dark web. If that isn’t worrying enough, the means by which they try to acquire it can also cause havoc. They will infect entire systems with malware, take systems completely offline with ransomware and use sophisticated techniques to steal login credentials or brute force their way in. Today, it’s every firm’s business to keep their data secure. Here are some of the ways to strengthen yours.

The impact of a data breach

Data breaches can put companies out of business. 60% of those that suffer a cyberattack go under within six months. For the rest, there are significant repercussions. According to IBM’s 2020 Cost of a Data Breach Report, incidents involving data security, such as malware, phishing and device theft, cost UK companies almost £3 billion to recover from. It’s a prolonged process, too. The average company took around nine months to discover and recover from an attack. On top of all this, of course, are lost income, reputational damage and the potential of large fines from the ICO.

1. Use tech and training to prevent phishing

Phishing attacks, usually sent via email, are one of the main ways that cybercriminals will try to steal login credentials or infect a system with malware. Making sure that you have a robust spam filtering tool, such as SpamExperts or Mimecast, will help filter out the vast majority of phishing and malware containing emails.

Of those that manage to get through, statistics show that around a third are opened and clicked on by recipients. This is often because cybercriminals go to great lengths to make these emails look genuine. The key to reducing such incidents lies in training staff to spot the tell-tale signs of phishing emails: poor English, lack of addressee name, email address not matching up with the name of the sender, dodgy-looking logos, etc. Employees also need to know how to deal with these emails: not to open them or any attachments or click on any links, how to report them and safely delete them.

2. Two-factor authentication

Two-factor authentication (2FA) adds another layer of security to the login process, usually asking employees to input a six or seven-digit security code sent to their phone. The advantage of implementing 2FA is that even if a cybercriminal gets hold of the username and password, they won’t have access to the additional code unless they also have the employee’s mobile phone. What’s more, as security codes are only valid for a few minutes, it doesn’t give criminals the time needed to crack them.

3. Virtual Private Networks

A virtual private network (VPN) provides employees with a secure environment in which to work. It does this by securing the connection to the network and encrypting data sent over it. It is particularly vital for those working over wi-fi networks, especially the significant number of employees now working remotely.

4. Automated software updates

Vulnerabilities in outdated applications are one of the biggest threats to data security and are actively targeted by cybercriminals. Updating applications as soon as a patch is released is essential to minimising the risk of a data breach. Unfortunately, too many businesses have paid the price of being slow to update their software.

There are several ways to automate updates. With a managed hosting solution, for example, your provider will automate the patching of your operating system, while you can use tools like Patchman to carry out patching on CMS websites like WordPress. Auto-updates can also be implemented using cPanel and Plesk and from within the admin panel of some website platforms.

Another way to keep applications up to date is to use Software-as-a-Service (SaaS) solutions, such as Microsoft 365, instead of having standalone software installed on the network. Here, the provider will update the software automatically for you whenever they release a new version.

5. Encryption

If your data is encrypted, no-one can access it even if it is stolen. Encryption makes it useless to any cybercriminals and ensures that your important information and customer data isn’t used illegally. You can encrypt data in multiple situations. For example, your host can encrypt data stored on your servers, SSL certificates encrypt data transferred between your customers’ browsers and your website and email SSL certificates will encrypt your emails and attachments while verifying the authenticity of your email address to the recipient.

6. Remote backups

If in attempting to steal your data a cybercriminal deletes, corrupts or encrypts it with ransomware, the effects can be devastating. However, it’s not just cybercrime that can result in data loss, so too can hardware failure, human error and various other problems. The solution to not losing your data permanently and getting your systems back up and running quickly is to have an effective backup solution in place.

While there are many ways to do this, one of the most effective is to use the services of your hosting provider. At Anteelo, our backups can be scheduled and automated to take place at the frequencies you need, are stored remotely from your server, encrypted for security and integrity checked so you know they will be uncorrupted if you need to use them.

7. Secure hosting

A good web hosting provider will help keep your server and the data stored on it secure by using advanced security tools. At Anteelo, for example, we use powerful next-gen firewalls with intrusion detection and prevention tools to stop hackers and malware from getting access to your server.

Conclusion

Data is increasingly sought-after by cybercriminals and their modes of operation are getting more sophisticated. Companies need to put cybersecurity at the top of their priorities to prevent attacks that could potentially put them out of business. Hopefully, the measures mentioned here will help you increase the security of your firm’s data.

Technology as an enabler for innovation and process improvement has become the catchword for most companies. Whether it’s artificial intelligence and machine learning, gaining insights from data through better analytics capabilities, or the ability to transfer data and knowledge to the cloud, life sciences companies are looking to achieve greater efficiencies and business effectiveness.

Indeed, that was the theme of my presentation at the AWS re:Invent conference: the ability to innovate faster to bring new therapies to market, and how this is enabled by an as-a-service digital platform. For example, one company that had an increase in global activity needed help to accommodate the growth without compromising its operating standards. Rapid migration to an as-a-service digital platform led to a 23 percent reduction in its on-premises system.

This was my first re:Invent, and it was a real eye opener to attend such a large conference. The week-long AWS re:Invent conference, which took place in November 2018, brought together nearly 55,000 people in several venues in Las Vegas to share the latest developments, trends, and experiences of Amazon Web Services (AWS), its partners and clients.

The conference is intended to be educational, giving attendees insights into technology breakthroughs and developments, and how these are being put into use. Many different industries take part, including life sciences and healthcare, which is where my expertise lies.

This slickly organized, high-energy conference offered a massive amount of information shared across numerous sessions, but with a number of overarching themes. These included artificial intelligence, machine learning and analytics; serverless environments; and security, to mention just a few. The main objective of the meeting was to help companies get the right tool for the job and to highlight several new features.

During the week, AWS also rolled out new functionalities designed to help organizations manage their technology, information and businesses more seamlessly in an increasingly data-rich world. For the life sciences and healthcare industry — providers, payers and life sciences companies — a priority is being able to gain insights based on actual data so as to make decisions quickly.

That has been difficult to do in the past because data has existed in silos across the organization. But when you start to connect all the data, it’s clear that a massive amount of knowledge can be leveraged. And that’s critical in an age where precision medicine and specialist drugs have replaced blockbusters.

A growing number of life sciences companies recognize that to connect all this data — across the organization, with partner, and with clients — they need to move to the cloud. As such, cloud, and in particular major services such as AWS, are becoming more mainstream. There’s a growing need for platforms that allow companies to move to cloud services efficiently and effectively without disrupting the business, but at the same time make use of the deeper functionality a cloud service can provide.

Putting tools in the hands of users

One such functionality that AWS launched this year is Amazon Textract, which automatically extracts text and data from documents and forms. Companies can use that information in a variety of ways, such as doing smart searches or maintaining compliance in document archives. Because many documents have data in them that can’t easily be extracted without manual intervention, many companies don’t bother, given the massive amount of work that would involve. Amazon Textract goes beyond simple optical character recognition (OCR) to also identify the contents of fields in forms and information stored in tables.

Another key capability with advanced cloud platforms is the ability to carry out advanced analytics using machine learning. While many large pharma companies have probably been doing this for a while, the resources needed to invest in that level of analytics has been beyond the scope of most smaller companies. However, leveraging an observational platform and using AWS to provide that as a service puts these capabilities within the reach of life sciences companies of all sizes.

Having access to large amounts of data and advanced analytics enabled by machine learning allows companies to gain better insights across a wide network. For example, sponsors working with multiple contract research organizations want a single view of the performance at the various sites and by the different contract research organizations (CRO). At the moment, that can be disjointed, but by leveraging a portal through an observational platform, it’s possible to see how sites and CROs are performing: Are they hitting the cohort requirements set? Are they on track to meet objectives? Or, is there an issue that needs to be managed?

Security was another important theme at the conference and one that raised many questions. Most companies know theoretically that cloud is secure, but they’re less certain whether what they have in place gives them the right level of security for their business. That can differ depending on what you put in the cloud. In life sciences, if you are putting research and development systems into the cloud, it’s vital that your IT is secure. But with the right combination of cloud capabilities and security functionality, companies can get a more secure site there than they would on-premises.

The conference highlighted multiple new functions and services that help enterprises gain better value from moving to the cloud. These include AWS Control Tower, which allows you to automate the setup of a well-architected, multi-account AWS environment across an organization. Storage was also on the agenda, with discussions about getting the right options for the business. Historically, companies bought storage and kept it on-site. But these storage solutions are expensive to replace, and it’s questionable whether they are the best way forward for companies. During the re:Invent conference, AWS launched its new Glacier Deep Dive storage facility, which allows companies to store seldom-used data much more cost effectively than legacy tape systems, at just $1.01/TB per month. Consider the large amount of historical data that a legacy product will have. In all likelihood, that data won’t be needed very often, but for companies selling or acquiring a product or company, it may be important to have access to that data.

One of the interesting things I took from the week away, apart from a Fitbit that nearly exploded with the number of steps I took in a day, was how the focus on cloud has shifted. Now the discussion has turned to: “How do I get more from the cloud, and who can help me get there faster?” rather than: “Is the cloud the right thing for my business?” Conversations held when standing in queues waiting to get into events or onto shuttle buses were largely about what each organization is doing and what the next step in its digital journey would be. This was echoed in the Anteelo booth, where many people wanted more information on how to accelerate their journey. One of the greatest concerns was the lack of internal expertise many companies have, which is why having a partner allows them to get real value and innovation into the business faster.

Tag: #SecurityandStorage

Steps to Improving Data Security

The impact of a data breach