The latest global cybernetic attack, caused by Wanna Cry ransomware, has raised cybersecurity awareness in companies. More than 200,000 victims from at least 150 countries have seen their information compromised, reports Europol. Among those affected were large companies and public bodies, such as the National Health Service (NHS), which are still weighing up the consequences. However, although this cybernetic incident has had the most media impact in recent years, the truth is that every day there are around 4,000 malicious attacks worldwide, according to the FBI.
In the light of these figures, the question arises of how to ensure cybersecurity in companies which, immersed in digital transformation, are exchanging large amounts of confidential information daily, ranging from personal details to financial affairs or business reports.
In this sense, one of the most effective tools to combat the risks of electronic submission of information is EDI, which encrypts the data and provides more advanced security mechanisms than email or the traditional communication channels. So, this technology is expanding in a multitude of sectors, such as healthcare, automotive, retail or logistics.
But over and above the methods used, it is crucial for companies to assess the security level of the solutions provided by their technology partners. This task involves demanding certificates and international authorizations accrediting their cyber security.
EDICOM carries out more than 400 million transactions annually through the EDICOMNet Value Added Network. Invoices, payroll, contracts and all kinds of protected information of some 14,000 companies from all over the world travel safely through this VPN. To ensure cybersecurity, confidentiality and data integrity, the service is subject to the requirements of the main international accreditations in the security scope.
The latest certificate, granted by the UK government, is CREST, which authorizes EDICOM as a technology services provider in the country under the Cyber Essentials initiative. Nevertheless, the list is also bolstered by other global trust accreditations, including these five:
ISO 27001 on Information Security, certified by the Spanish Standardization Association (AENOR).
ISO 20000 on IT services management for provision of the ASP-EDI service.
ISAE 3402 as per requirements defined by the American Institute of Certified Public Accountants.
TIER II Design by Uptime Institute Certified.
European Certification Authority, approving EDICOM as Certification Authority for the whole of Europe.
Cybersecurity in data storage
One of the most immediate consequences of cybernetic attacks is theft and loss of information. To this end, businesses must not only ensure cyber security in data interchange, but also in subsequent storage.
When the volume of documents is high and, especially, when it is necessary to preserve the legal validity of files, as occurs with invoices or employee payrolls, simply copying the data onto a hard disk is not enough. In these cases, it is indispensable to have advanced electronic filing mechanisms.
EDICOMLta is a long-term safekeeping service which applies the identification, electronic signature and time stamping methods governed by the eIDAS regulation. This enables businesses to preserve all their data in the cloud for the legally set period and, most importantly, with security guaranteed.
EDICOM, as a trusted third party, performs permanent audits of the files held, equating digital documents to the rank of electronic originals which can act as legal evidence in the event of legal requirements.
In addition, to maximize cybersecurity, all the data are stored in parallel in two Data Processing Centers (DPC) belonging to EDICOM, along with their respective backup copies. Each of them is located in different physical installations, but they operate in a synchronized manner and maintain a permanent replica of the files in real time. This way, businesses are assured of the maintenance and availability of the information through time.