Keeping Cyber-Secure During the ‘Pivot:’ What to Watch Out for When Moving from Paper to Digital

Paper isn't a thing of the past – yet. But increasingly, whole industries are digitizing their paper records. Medical offices and hospitals, insurance companies, license bureaus – everyone is going digital. Digital saves money by reducing the need for office and storage space, and by reducing the need for staff to process that paperwork. It also potentially makes data more secure; a good cybersecurity system can ensure that information is kept from the prying eyes of hackers, or just the nosy. Before, papers could be easily stolen from an office filing cabinet; now, bad actors have to get past formidable security systems in order to pilfer.

But, moving from paper to digital can itself be a risky business. During the transition process, organizations may actually be more vulnerable, at least until the cybersecurity system is in place. Here are just several of the concerns:

  1. The move from paper to computer requires staff to learn the new system, and when data is scanned or input into servers, it could be vulnerable to a network attack. Until they learn the new system, staff may not be savvy on what those threats are – thus they may not be clear on best practices to keep those threats out.
  2. Email, an ever-present threat even under normal conditions, becomes even more risky during a transition period. Hackers often use social engineering to convince employees to open email messages with attached documents that contain malware. Employees may get an email asking them to approve a document that was digitized by another department. However, it's possible that that document is actually a shill, sent by hackers who are seeking to get a front-row seat on the organization's new digitized document server. In the chaos of transition, employees may pay even less attention to security rules that require them to double-check attachments than they usually would.
  3. During the transition to a company-wide digital system, data from disparate sources – scanned documents, as well as from PCs or devices that employees have been using until now – will be transferred to the new system. Is that data clean – or does it contain trojans or malware? If the documents, messages, and other items that are being transferred have not been thoroughly examined, there is a distinct danger that these, too, could be a source of infection for the organization.

Documents and files, sourced from either email or uploads, could contain malware, either as an attachment or in the form of a macro or javascript embedded inside an attached document. Because there is so much traffic during the move from paper to data – scanning, digitizing, email approval requests, etc. - it would be relatively easy for hackers to sneak a rogue file, attachment, or macro into the system, given the relative chaos of the moving process. As it is, some 95% of everyday security breaches have their origins in socially-engineered phishing attacks; it stands to reason that the percentage would be at least as high during the digitization process.

With transitions never going as smoothly as anticipated, something always comes up, organizations need to prepare for the possibility that hackers will try to hijack data as it enters the system. To prevent that, they need a process that will protect systems that are inherent in attachments.

Some methods that are used to do that are anti-virus systems and sandboxes. Unfortunately, these do not provide a full solution for email protection. Anti-virus systems cannot protect against zero-day attacks. Sandboxes can be evaded as there has been a huge growth in such techniques, and therefore cannot be the trusted solution for an organization.

What's needed is a system that can examine attachments and remove from them the code that could spread malware on a system. The system should be able to remove the threatening component of an attachment, if one is identified. Once it’s been cleaned up, the system releases it for processing.

Transitions are never easy – and the transition from paper to digital is difficult enough. A hack attack right off the bat would be traumatic. With the proper cybersecurity system in place preventing the most common form of cyber-breach, organizations can rest assured that their transition will be as smooth as possible.

By: Aviv Grafi, CEO of Votiro

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about Votiro

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Aviv Grafi

Latest Videos

More videos

Blog Posts