Safety Detectives spoke to Markus Koelmans, VP Engineering at DocuWare, a cloud-based document management and workflow automation software.
He shared his thoughts on the current and future challenges posed on everyone’s online security, and some expert tips that will help everyone better understand how to prevent identity theft.
What’s the story behind DocuWare: How did it all start, and how has it changed during the years?
Founded in Germany in 1988 and now used in over 100 countries throughout the world, our focus has always been on developing a document management system that is scalable for any size enterprise, secure, easy to implement and intuitive to use. We’ve always been innovators in the tech space and in 2012, we introduced DocuWare Cloud.
At the start of 2019, Dr Michael Berger, previously our Chief Technology Officer and Max Ertl, formerly our Chief Revenue Officer took over the management of the company. Later in the year, we were acquired by Ricoh. However, as a 100% subsidiary, we remain independent and continue to focus on developing our proven ECM solutions and expanding our global partner network which currently sits at over 800 partners.
Today, we have grown to 400 employees, spread over five offices, with a total of 15,000+ customers, over 7000 of whom use DocuWare Cloud. We’re proudly recognised by customers, partners, and leading market analysis companies, such as Gartner and Nucleus, as a reputable secure solution for document management and workflow automation for teams and companies of all sizes.
What services and products do you offer?
We provide businesses around the world with market-leading document management and workflow software. From manufacturing and retail to healthcare and government, we help organisations of all sizes transform disorganised files into findable, secure electronic documents.
Our solutions can be hosted on-premises, in the Cloud or as a hybrid application, aiding businesses to automate tedious manual tasks for employees, reduce dependence on paper files, and deliver secure access to information and files anytime from anywhere on any device.
What makes you stand out from your competitors?
Our paperless approach allows us to cover the full spectrum of office tasks. When it comes to documents, DocuWare products are truly scalable and can be purchased on a small scale as needed by departments or by process and then, as user acceptance grows, the business begins to see the benefits of increased efficiencies and increased profitability, the cloud-based solution can be easily scaled up for a larger deployment. What really makes us stand apart is that we work with a huge network of Authorised DocuWare Partners. These Partners are the locally based organisation offering expert local support and Professional Services to the customer at every stage of their digital transformation. Our Partner network is our strength.
What are the challenges you and your customers are facing regarding cybersecurity?
Since the pandemic businesses have adopted more work-from-home policies to keep their employees safe and productive. This shift is not without its challenges, exposing businesses of all sizes to a wide range of security threats.
Currently, we see three main challenges. Firstly, double (or multiple) extortion ransomware, crypto-viruses first exfiltrate data, then encrypt files, documents or entire systems. After those two steps, blackmailers are demanding payment for decryption or unlocking. If money is paid, data can be decrypted in some cases (unless programming errors have happened, or the attacker changes their mind). If a company does not pay, an attacker may threaten to leak the gathered sensitive data to the public and expose the company’s name as the current target of a ransomware attack. Next, connecting to an unsecured home network or an unsecured public Wi-Fi network in a public space exposes an employee to malicious attacks. Finally, phishing attacks are fraudulent activities aimed at gaining access to some company’s employee credentials and therefore to the company’s systems. They are carried out by email spoofing, instant messaging, text messaging (smishing), MFA-fatigue attacks or voice fishing (vishing).
There is a lot a business can do to safeguard its employees from these challenges. Only use secure Wi-Fi networks as they are protected by encryption and a password and use a VPN to create a self-contained network. Additionally, use secure document archiving as these solutions have strong user authentication, transfer data using TLS 1.2, provide document encryption with 256-bit AES, have multi-level access control for documents and settings, track all actions, store all data redundantly, and offer robust protection against malware and other attacks. Finally, what are seen as simple things but are often missed: Activate firewalls and use anti-virus software, educate employees to remain aware of suspicious emails, protect passwords and remember, attackers, do sometimes get past defences even when security protocols are followed. So, always create multiple backups of data to protect against disaster and ensure business continuity.
What tools and systems are you using to secure your website users’ privacy?
I guess I jumped the gun by covering a lot of this in the previous question! For us, at DocuWare, the main ways we secure our website user’s privacy is through secure transfer (TLS 1.2), as well as ensuring that there is no leakage of personal data.
Is There Any Recent Cyber-Attack That Concerned You More Than Others?
The ones that come to mind immediately are T-Mobile and Capital One. They are hugely successful businesses, yet both fell prey to hackers, which led to customer information being compromised. This could have been potentially avoided with better security measures. Another was the recent attack on Danish State Railways which is the largest train operator in Denmark and Scandinavia. The DSB network came to a screeching halt due to a cyberattack on a subcontractor that provides a critical app for train conductors. This is a valuable lesson to us all – we often focus so much on our own security but are remiss about checking the security practices of the businesses we subcontract with.
Secure document archiving offers many benefits, but as lessons learnt from the hacks I highlighted, it needs to meet particular safety and security standards for it to be effective. This includes everything from the likes of proper encryption and data redundancy to data separation and document integrity.
What cybersecurity trends do you think will be crucial in the near future?
For me, improved identity and access management will be critical in the future. We’ll certainly see that catch on. Additionally, I predict a large uptake in endpoint protection, hardening and AI-based anomaly detection. This is a trend I’ve been seeing a lot of over the past few months and expect it to grow as businesses see the value and return on investment.
And what about your future? What is next for DocuWare?
Across all industries businesses in the current climate need to be more efficient and compliant. With an increasing focus on automation and investment to meet these developing market demands – we hope as a business to continue to grow to match this.
Our focus for the future as we continue growing is on investing across the board. We’ll invest in our people, in our processes and in sales to stay ahead of the competition and expand further worldwide.