DIGITAL RISKS & GUARD AGAINST IT

 

DIGITAL RISKS & GUARD AGAINST IT

In many ways, digital identity is strength for the company: it is a testament to a well-established brand image and a recognizable name, whether selling products / services or trading documents. But, lacking control, this intangible identity can quickly turn into a weakness, and weaken what the organization has taken years to forge - the foundation of trust on which its sustainability is based. Theft of data, modification or alteration of documents, theft of sensitive information or trade secrets, manipulation or theft of identity. The risks posed by the digitization of identity on the company are numerous and must be taken into account serious.

What Are They? How to Protect Yourself from This?

Digital corporate identity: a definition

In what is digital identity? Digital identity is defined as "the collection of traces (...) that we leave behind us, consciously or unconsciously, as we navigate the network and the reflection of this set of traces, as it appears to be “remixed” by search engines”. To this, we must add another dimension linked to the dematerialization of exchanges: digital identity designates the identity assumed, online, by the issuer of a document or a decision order. It works the same for natural and legal persons. For example, a HRD who signs a hiring contract and sends it by email to the recruited person uses his digital identity - except that, in a company, each employee is responsible for the integrity of the identity of the employee whole structure.

The Different Layers of Digital Identity

The digital identity is made up of a succession of three informative layers:

The 1st layer is the declarative identity: It includes the data that is shared by the company on the networks, on a voluntary basis: on its web media (website, blog, social profiles), on third-party media (news sites, professional directories, forums, informative sites …), Via photos or videos, etc. All company employees participate in the creation of the declarative digital identity, directly or indirectly (for example, by indicating on their LinkedIn profile that they work for such and such a company).

The 2nd layer is the acting identity: It brings together all the traces left by individuals on the networks, for example geolocation, Internet browsing habits (via cookies), personal and professional exchanges (by email, via instant messaging, etc.) , or resources consulted on the web (music, video, etc.). This facet of digital identity is only made by individuals, but the "fingerprint" left can impact the reputation of the company.

The 3rd layer is the computed identity: It is forged by algorithms which interpret the data collected to recompose the different facets of an individual or collective identity. These tools extrapolate in order to forecast needs and respond to them in advance.

Again, it is possible to add a stone to the building and complete the millefeuille with a 4th layer: the legal identity. It refers to both cloud identity of an individual or a company (name, or company name) and tools used to justify legally (electronic certificate, electronic signature, strong authentication , etc. - see low).

The Challenges Related To the Digital Identity of Companies

The issues surrounding a company's digital identity can no longer be ignored. All sectors of activity are affected, as well as all sizes of businesses. All organizations leave traces on the web and are likely to send or receive sensitive documents. For this reason, all of them are concerned by issues related to digital identity, which are deployed at three levels: branding, notoriety and cybersecurity.

Branding: The image that the company projects of itself through its own resources (logo, website, visuals, and advertisements) is overtaken by the image built by users (prospects, customers, partners, suppliers, competitors, detractors …). Reduce or at least control the gap between these two images is one of the major challenges of the 21st century in terms of control of digital identity. The risk is to let users speak and neglect malicious content and misinterpretations.

Notoriety: If reputation has always been a determining issue for companies, the rise of the web has accentuated its importance. With social networks, in particular, a bad buzz quickly arrived. Bad news spreads like wildfire, and the proliferation of fake news means that it is no longer even necessary for information to be true to convince a large audience. The Internet is subject to the power of rumor, with potentially irreversible damage to the company - its e-reputation being the foundation on which the trust of third parties is built. Unfortunately, notoriety does not depend on the goodwill of organizations, but on the community of their defenders and detractors. It is therefore essential to monitor the evolution of this brand image and to be ready to intervene in the event of a crisis.

Cybersecurity: The risks weighing on the security of information systems continue to increase, endangering both companies and their users. The number of cyber-attacks against organizations increased by 25% in 2019 (1), and four out of five companies in France are ill-prepared to defend themselves against these risks (2). Around the world, attacks against large corporations are on the rise. Hackers take advantage of security holes to steal personal data or launch malware, such as:

The theft of the personal data of 106 million customers of US bank Capital One - identification data, financial information, transaction data, social security numbers, and account numbers.

Cyber Risks Weighing On Businesses

Institutions are stepping up to force organizations to take action. This is the case through two European directives: the GDPR (general data protection regulation) which governs the management of users' personal data, and therefore their security; and the eIDAS (electronic Identification, Authentication and Trust Services) regulation, which governs electronic identification and trust services through a common security base.

The Risks? They Are Of Three Types:

The manipulation of information (negative opinions, spreading false information, rumors, smear campaigns against a specific company, etc.)

The manipulation of the digital identity of the company (misappropriation of the logo or the slogan, theft or misappropriation of brand, identity theft, manufacture of counterfeits, theft of data, alteration of documents, etc.)

The data theft (often) sensitive through the use of security breaches (technical handling).

The Solutions to Adopt To Protect the Digital Identity of the Company

The challenges linked to digital identity and the risks relating to its lack of control force companies to take concrete measures to protect themselves. We can distinguish two main families of solutions to be adopted:

Best practices to be applied on a daily basis by company employees (under the leadership of the IT department). As guarantors of their employer's brand image, employees are the first to be affected by the right actions to adopt, both to maintain control of the company's digital identity (attention to publications and exchanges, digital footprint, use of secure tools to connect to networks, business intelligence to identify negative and malicious content) and to guarantee the integrity of this identity during exchanges (use of complex passwords that are changed regularly, connections only from secure networks, care taken to exchange sensitive documents, etc.).

The software and application solutions to be implemented. For example: SSL certificates to secure access to the website and servers, and thus guarantee the confidentiality of data exchanged between users and the company. The electronic signature tools that authenticate senders and confer legal value to digitized documents, eliminating the risk of alteration of these documents or identity theft. Or the use of a strong authentication mechanism, which requires the execution of at least two identification factors in order to strengthen the security of access to the company's IS. All these tools are linked to electronic certificates issued by trusted third parties.

In short, the company's digital identity must be based simultaneously on a set of internal best practices and on the use of secure total security software and 100% reliable tools, adapted to the level of risk. It's the only way organizations can regain control of their digital identity - the cornerstone of their sustainability.