DIGITAL RISKS ARE RISKS
In many ways, digital identity is a strength for the company: it is a testament to a well-established brand image and a recognizable name, whether selling products / services or trading documents. But, lacking control, this intangible identity can quickly turn into a weakness, and weaken what the organization has taken years to forge - the foundation of trust on which its sustainability is based. Theft of data, modification or alteration of documents, theft of sensitive information or trade secrets, manipulation or theft of identity. The risks posed by the digitization of identity on the company are numerous and must be taken into account serious.
What Are They? How to Protect Yourself from This?
Digital corporate identity: a definition
In what is digital identity? Digital
identity is defined as "the collection of traces (...) that we leave
behind us, consciously or unconsciously, as we navigate the network and the
reflection of this set of traces, as it appears to be “remixed” by search engines”.
To this, we must add another dimension linked to the dematerialization of
exchanges: digital identity designates the identity assumed, online, by the
issuer of a document or a decision order. It works the same for natural and
legal persons. For example, a HRD who signs a hiring contract and sends it by
email to the recruited person uses his digital identity - except that, in a
company, each employee is responsible for the integrity of the identity of the
employee whole structure.
The Different Layers of Digital Identity
The digital identity is made up
of a succession of three informative layers:
The 1st layer is the declarative identity: It includes the data that is shared by the company on the
networks, on a voluntary basis: on its web media (website, blog, social
profiles), on third-party media (news sites, professional directories, forums,
informative sites …), Via photos or videos, etc. All company employees
participate in the creation of the declarative digital identity, directly or
indirectly (for example, by indicating on their LinkedIn profile that they work
for such and such a company).
The 2nd layer is the acting identity: It brings together all the traces left by individuals on the
networks, for example geolocation, Internet browsing habits (via cookies),
personal and professional exchanges (by email, via instant messaging, etc.) ,
or resources consulted on the web (music, video, etc.). This facet of digital
identity is only made by individuals, but the "fingerprint" left can
impact the reputation of the company.
The 3rd layer is the computed identity: It is forged by algorithms which interpret the data collected
to recompose the different facets of an individual or collective identity.
These tools extrapolate in order to forecast needs and respond to them in
advance.
Again, it is possible to add a
stone to the building and complete the millefeuille with a 4th layer: the legal identity. It refers to both cloud identity of
an individual or a company (name, or company name) and tools used to justify
legally (electronic certificate, electronic signature, strong authentication ,
etc. - see low).
The Challenges Related To the Digital Identity of Companies
The issues surrounding a
company's digital identity can no longer be ignored. All sectors of activity
are affected, as well as all sizes of businesses. All organizations leave
traces on the web and are likely to send or receive sensitive documents. For
this reason, all of them are concerned by issues related to digital identity,
which are deployed at three levels: branding, notoriety and cybersecurity.
Branding: The image that the
company projects of itself through its own resources (logo, website, visuals, and
advertisements) is overtaken by the image built by users (prospects, customers,
partners, suppliers, competitors, detractors …). Reduce or at least control the
gap between these two images is one of the major challenges of the 21st century
in terms of control of digital identity. The risk is to let users speak and
neglect malicious content and misinterpretations.
Notoriety: If reputation has always
been a determining issue for companies, the rise of the web has accentuated its
importance. With social networks, in particular, a bad buzz quickly arrived.
Bad news spreads like wildfire, and the proliferation of fake news means that
it is no longer even necessary for information to be true to convince a large
audience. The Internet is subject to the power of rumor, with potentially
irreversible damage to the company - its e-reputation being the foundation on
which the trust of third parties is built. Unfortunately, notoriety does not
depend on the goodwill of organizations, but on the community of their
defenders and detractors. It is therefore essential to monitor the evolution of
this brand image and to be ready to intervene in the event of a crisis.
Cybersecurity: The
risks weighing on the security of information systems continue to increase,
endangering both companies and their users. The number of cyber-attacks against
organizations increased by 25% in 2019 (1), and four out of five companies in
France are ill-prepared to defend themselves against these risks (2). Around
the world, attacks against large corporations are on the rise. Hackers take
advantage of security holes to steal personal data or launch malware, such as:
The theft of the personal data of
106 million customers of US bank Capital One - identification data, financial
information, transaction data, social security numbers, and account numbers.
Cyber Risks Weighing On Businesses
Institutions are stepping up to
force organizations to take action. This is the case through two European
directives: the GDPR (general data protection regulation) which governs the
management of users' personal data, and therefore their security; and the eIDAS
(electronic Identification, Authentication and Trust Services) regulation,
which governs electronic identification and trust services through a common
security base.
The Risks? They Are Of Three Types:
The manipulation of information
(negative opinions, spreading false information, rumors, smear campaigns
against a specific company, etc.)
The manipulation of the digital
identity of the company (misappropriation of the logo or the slogan, theft or
misappropriation of brand, identity theft, manufacture of counterfeits, theft
of data, alteration of documents, etc.)
The data theft (often) sensitive
through the use of security breaches (technical handling).
The Solutions to Adopt To Protect the Digital Identity of the
Company
The challenges linked to digital
identity and the risks relating to its lack of control force companies to take
concrete measures to protect themselves. We can distinguish two main families
of solutions to be adopted:
Best practices to be applied on a
daily basis by company employees (under the leadership of the IT department).
As guarantors of their employer's brand image, employees are the first to be
affected by the right actions to adopt, both to maintain control of the
company's digital identity (attention to publications and exchanges, digital
footprint, use of secure tools to connect to networks, business intelligence to
identify negative and malicious content) and to guarantee the integrity of this
identity during exchanges (use of complex passwords that are changed regularly,
connections only from secure networks, care taken to exchange sensitive documents,
etc.).
The software and application
solutions to be implemented. For example: SSL certificates to secure access to
the website and servers, and thus guarantee the confidentiality of data
exchanged between users and the company. The electronic signature tools that
authenticate senders and confer legal value to digitized documents, eliminating
the risk of alteration of these documents or identity theft. Or the use of a strong
authentication mechanism, which requires the execution of at least two
identification factors in order to strengthen the security of access to the company's
IS. All these tools are linked to electronic certificates issued by trusted
third parties.
In short, the company's digital
identity must be based simultaneously on a set of internal best practices and
on the use of secure total
security software and 100% reliable tools, adapted to the level of
risk. It's the only way organizations can regain control of their digital
identity - the cornerstone of their sustainability.
Comments
Post a Comment