Expertise | Press release
Date : 26/04/2018
Understanding the risks of your digital transformation
Technology, data protection, cybersecurity, GDPR: How to get the proper support in your digital transformation? Our CEO Edith Magyarics proposes you an answer to this question through this article written for Paperjam.
Digital transformation is nowadays more a necessity than a real choice for companies. Made inevitable by a radical change in the way we consume, work and communicate, it has also encouraged the emergence of new risk factors for the safety of goods and people. Companies are particularly exposed to these new risks. The numerous cyber attacks recorded daily throughout the world attest to this. We can cite the "WannaCry" ransomware, which in 2017 paralysed the British healthcare system and many large European companies including the French car manufacturer Renault. These cyber attacks represent a considerable cost. In 2017, 978 million people worldwide were victims of cybercriminal behaviour. The total damage is said to amount to 146.3 billion euros.1 In such a context and taking into account the GDPR which enters into force on 25 May of this year, it is essential to strengthen the IT security of companies.
The first step towards strengthening computer security: a good knowledge of the company and the IT risks related to its activity and those of its customers.
It may seem obvious, but unfortunately this principle is still too often neglected. To assess the extent of the risks to which the company is exposed, an in-depth audit of its IT system and data processing procedures is required. The good news is that this work is also a prerequisite for compliance with the GDPR. Thus, it is first of all necessary to identify and map the data flows circulating within the organisation. This initial analysis makes it possible to identify the gaps and put in place an action plan to close them and, at the same time, comply with the GDPR.
The second step: proper anticipation of the risks associated with digital transformation.
Knowing your organisation and its internal flaws is of paramount importance, but it is at least as important, if not more so, to know the risks associated with the adoption of new technologies before their deployment. This analysis phase will allow upstream security parameters to be taken into account and integrated into the methodology from the design stage of a project.
While cloud services and the development of mobility, particularly through the Internet of Things, are appealing because of the flexibility they offer, these same services are giving rise to new forms of security threats. It is therefore important to study them in order to anticipate risks and protect against them. In the case of adopting an outsourced cloud service, for example, there should be no hesitation in auditing a service provider or even demanding certification. At Victor Buck Services, we understood very early on the importance of offering security guarantees to our clients, so we mobilised significant resources and dedicated teams to obtain and maintain our certifications (PSF, ISO27001, PSDC-DC*). These are a guarantee for clients that their service provider applies procedures that comply with the highest national and/or international security standards of their profession.
The third step: mobilise the necessary human and material resources
Cyber attacks are often based on human factors, which is why it is crucial to involve all personnel in the company's security policy. To do this, it is important to communicate with employees and train them in basic IT security practices. A rigorous identification and validation protocol must also be put in place to avoid "fake president fraud"2 attacks and to invest in IT infrastructures that meet the organisation's security needs. In the case of Victor Buck Services, we chose Tier IV data centres to store our clients' data, the highest security standard currently available. But away from technology, it is also necessary to invest in change management and not hesitate to take advantage of the expertise of external parties to fill any skills gaps.
In summary, when it comes to digital transformation, "there's no point in running, you have to start right". To get the right support in your digital transformation, above all you need good knowledge of the needs and the risks which it induces in terms of security. Once this "introspection" is finished, the company will be in a position to select the technologies and service providers that will enable it to carry out its digital transformation project under the best conditions.
Victor Buck Services can help you in your journey towards GDPR compliance. Watch the video below to know how.
Click here to read the original french version of this article.
- Pavel Golovkin/AP/Sipa
- Attack consisting of convincing an employee to make a transfer by posing as one of the company's directors.
*Victor Buck Services is no longer listed as a PSDC provider as of 7th April 2022.