There are many major challenges in the shift from paper to digital communication. If volumes become more substantial, the damage also becomes greater in the event of any loss or disclosure of sensitive information. "We're seeing many of our customers themselves battling to maintain and renew their own services, which must be future-proof – they're digitising a great deal," says Jörgen Mellberg. The market is still unregulated and somewhat immature when it comes to security requirements. This means that PostNord Stralfors sometimes takes on the role of consultant for customers, to help them position themselves correctly in relation to industry and legal requirements.
"Requirements for security certifications will increase. There will also be a totally new re-working of the General Data Protection Regulation (GDPR), which will be much tougher and specify more requirements. It has to be implemented for all organisations that processes personal data of EU citizens before the deadline of May 2018. Organisations have to start thinking about this."
Large volumes of sensitive data are handled at PostNord Stralfors. Confidentiality and integrity are therefore getting as important as availability previously been for customers.
"Our customers often deliver a digital file with their most sacred possession, their customer data. We have data from many countries and industries, such as banks, authorities and telecom companies, so security is rigorous. Our customer data is secured 'layer upon layer' with everything from physical security such as CCTV and guards to encryption, role based access and monitoring."
When security is breached
When security is breached, the effects can be enormous. Jörgen offers a couple of examples. One of the world's biggest dot com companies was breached in 2014 and about half a billion personal accounts with all their data were disclosed. It was first announced to the press in September 2016 after 200 million of these accounts were put for sale on an underground forum. The company has been heavily criticised how they have been handling this breach because it's well known in this online world that there is always a risk of being breached but how you respond to it is equally or even more important. It is likely the company face a huge financial loss because of the hack.
Another example are when spy organisations also breached one of the world's biggest SIM card giants, it sent shock waves all around the world.
"With encryption keys, you can monitor a large part of the world's mobile communication and data traffic. Once the door is left open to decode calls or plant viruses, you can't trust anyone any more. At a national level this is naturally a nightmare scenario."
Internet of Things (IoT)
At present we are living in a maturing information society, where information security has a place on the agenda.
"The next major step is advanced, autonomous systems that operate independently. We can see that household robots are already here. With technology becoming a more integral part of our lives, new opportunities are created. At the same time it makes us more dependent on technology and thereby more vulnerable. Some countries are more proactive when it comes to security, such as Sweden, Denmark, Finland and Norway. We must deal with the future by thinking business, being competent and teaching customers about security and risk. It's not the strongest or the biggest that will survive. It's the most adaptable."
At PostNord Stralfors, security is a management function and is considered a strategic issue in order to generate more business.
"The security aspect must be there even at an early stage in every general process, and the costs are transparent and justified for our customers. Security means that we sell more and increases our competitiveness. It minimises damage and maximises the financial result."