Scared about security? Not anymore

There are threats everywhere – from our business data to the security of our personal information. Frankly, it’s daunting.

So, instead of being defenseless, I decided to arm myself against potential attacks and make the most of Hyland’s Security Week 2017, our third annual internal, company-wide event. Beginning October 9, all eyes turned to security as the entire company took time to brush up on the basics – and not-so-basics – of keeping our information safe.

I had three major takeaways:

1. Enable two-factor authentication

Two-factor authentication (2FA) – a method that requires a second form of identification – has tremendous value for individuals and organizations looking to enhance security. It’s typically facilitated with:

  • Knowledge: Something only the user knows, such as username and password
  • Possession: Something only the user possesses, such as a mobile phone

Thanks to this additional identity variable, the security model becomes stronger, making it more difficult for hackers to impersonate the user. For example, even if they guess your username or password, chances are they don’t have access to your mobile phone.

You can lock down your Facebook, Google, Apple ID, Microsoft, Twitter and other accounts with two-factor authentication. That means when you log in, you’ll also need to enter a special code that the site sends to your phone. Although an extra step, 2FA can make the difference in ensuring your account is secure.

Likewise, our enterprise information platform integrates with external security systems, offering a similar type of authentication, which we call the Hyland Identity Provider Service (IdP). IdP handles multiple authentication methods, facilitates single sign-on (SSO) for many OnBase clients and supports two-factor authentication through external providers.

This means an organization can choose a third-party identity provider (supporting SAML or CAS protocol) such as Azure, Okta or Duo and use it with OnBase. Easy to implement. Twice as secure.

2. Protect information at every data state

I’m a big fan of the rule of three, so the idea that organizations need to secure data “in transit, in use and at rest” really resonated. When it comes to information security, “in transit” is not enough. Critical business data needs to be secured end-to-end, in all three states: during transfer, at the time of user access and while in the system.

With OnBase, we safeguard data as it’s moving using transport layer security (TLS) – meaning data communication is protected as it transfers from client to server. Once in OnBase, we prevent access from unauthorized users based on their permissions – you can even hide or mask a keyword value from those without the correct privileges.

Lastly, we can encrypt keywords in the database and document files in the disk groups, securing data even from unnecessary IT access. If someone peeks directly into the database, regardless of their intention, they won’t get data of any value. It’s all a jumbled mess, unreadable and unusable until decrypted by a user with the appropriate rights.

When it comes to encryption, consider this: You lock the doors and windows to your house, you might even have a home security system, but that doesn’t mean you’d leave your valuables or important papers just lying out on the kitchen table. No way! Usually, you’ll take extra precautions by locking them a safety deposit box or safe.

OnBase is kind of the same way; it secures the system perimeter and the content inside.

3. Be “all in” on your commitment to security

We all want to keep our personal information safe. Two-factor authentication, private browsing and complex passwords are ways to prevent hackers from compromising our identities.

But in business, we have a responsibility to keep information safe. At Hyland, we have a team of professionals committed to keeping the OnBase software platform secure, and dozens more just as passionate about the topic! Over the course of the week, I was impressed by both their knowledge and creativity.

Throughout the week, Hylanders spotted the security team mascot “Securi-T Rex” around campus, including the lunch line. The theme of Security Week was the big screen, including classics like “Finding Dory’s Password: Gone Phishing.” We even painted the infamous onsite Hyland spirit rock with a nod to Security Week and a friendly reminder to attend one of the dozens of classes and labs offered.

The week was fun, focused and informative, with several members of our application security team speaking on topics such as cryptography, hacking and ransomware. I learned how to spot a phishing email. I also discovered that those little locks I’ve been putting on my luggage are absolutely worthless. We had a chance to pick them ourselves and they popped right open!

By the end of the week, my fears were gone. I learned some new tricks to keep my personal information safe, and was impressed when the Hyland security team reminded me that they work very closely R&D to ensure that we develop OnBase with security in mind and test the strength of the product at every development phase.

It’s a good thing our security team is they’re clever, resourceful and thorough. After all they are hackers – just the good kind.

To learn more about a secure, protected environment for your organization’s critical information, check out this list of questions to ask potential vendors, and fear no more.

Colleen Alber

Colleen Alber

Colleen Alber is a dynamic, energetic software product evangelist who inspires others with purpose and passion for technology, yoga and life.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may also like...