What comes to mind first when it comes to digitization and data security?
Digitization in the sense of replacing the paper information carrier with its digital equivalent means that more data about the company, customers, and business processes can now be found in digital form. This increases the value of the information that the company stores in digital form, and it also increases the potential attacker's interest in overcoming their security and gaining access to this data. I'm not saying that more data means more valuable information. However, the probability of finding something valuable or causing more damage by devaluing the data is much higher.
Can SOS electronic customers be sure that their data are safe?
We store customers‘data in two systems that are very closely interconnected. The first is ERP, where we have been using a K2 Atmitec s.r.o. product for 20 years. The second is our e-commerce platform, which is developed according to our specifications and the experience of the supplier Bart.sk s.r.o.
When dealing with data security, we consider two basic risks: data loss and data misuse. Our ERP runs in the Slovanet a.s. in Bratislava, where we are guaranteed a very high level of availability and security of our data. Moreover, we use Veeam backup to extra disks and at the same time, we store backups in our company's storage too. With regard to data misuse, we consider two sources of threats - external and internal. To ensure comprehensive protection against all types of cyber threats at a professional level, we have decided to use the excellent references and experience of Slovanet. It has been providing us with an Internet connection for more than 15 years and its solutions cover the entire spectrum of threats from external sources and part of the threats from internal sources. Regarding internal sources, we talk about employees, where we try to reduce security risks by constantly training employees.
Which tools do you use to ensure system security?
As I mentioned, Slovanet provides us with a complex package of services such as firewall, antivirus, intrusion prevention (IPS), antispam, antispyware, web filtering, categorized web filtering, and traffic shaping, virtual private network, Data Leak Prevention, Network Access Control and Application Control. To be more specific, they are Fortinet, Veeam, and Bitdefender products.
There are now two major events happening in the world - the ongoing global pandemic and the war in Ukraine. What plan does SOS have in case of data threats because of these events?
Already in 2018, we decided to migrate the core of the information system to the cloud and began using the Google G-Suite office suite, which also works in the cloud. Thanks to this, the transition from work in the company's offices to work in the home office took place within just two days. We also managed to redirect telephone numbers to virtual ones on computers, so we can make phone calls with partners within the company without restrictions. In terms of safety, the security risk has increased with working from home, especially with regard to the human factor. However, we did not record any incidents, so I would like to take this opportunity to thank all the employees for their responsible approach. We have started our regular digital skills trainings, we inform about current news and threats through our internal website.
Teams now work mainly online. How do you ensure the smooth running and security of the data that employees exchange online?
As I mentioned, our "core" IT systems are online, and thus employees don't have any company data on local computers, they only access it through a secure VPN connection. The information is stored either in ERP or in Google Workspace documents. In both cases, access to them is allowed only on the basis of authorized access.
SOS company operates in several countries around the world. Do you see any differences in the need for data security and protection between countries?
Colleagues from all countries work within a centralized system, which is taken care of by the IT department in Košice. Our philosophy is to ensure the maximum level of data security, regardless of the country from which the user connects to the system.
Do not miss these articles
Do you like our articles? Do not miss any of them! You do not have to worry about anything, we will arrange delivery to you.