In an age when publishers have so much content and data at their fingertips, digital security is a top priority. As high-profile breaches have shown, poor practice can have very serious consequences in both financial and reputational terms. It takes a long time to fix problems, repair the damage and restore trust with those whose data has been compromised.
The risk of security failures has come into even sharper focus during the widespread switch to remote working since the start of the COVID-19 pandemic. Cloud and collaborative technology open up new and efficient ways for publishing teams to work together, but it also brings new concerns about protecting sensitive information. IT partners may have access to a significant proportion of your systems and data, which can make them attractive targets for cybercriminals.
With all that in mind, it is important to put effort and care into ensuring the highest standards of security in the systems we use every day. Based on MetaComet’s years of experience of building ultra-robust solutions, here are five key considerations.
1. Look for accreditation
As we mentioned in our last BookMachine blog, recognised accreditation is the surest sign that a systems provider takes security seriously. It is not enough for a business to say they protect data—they need to prove it through independent and rigorous audits of their processes and policies. At MetaComet, we have recently secured formal Soc 2 Type II compliance for our royalty management solutions—the gold mark for security in the US, and very similar to the ISO 27001 standard that is better known in the UK and Europe. It follows months of work in areas like data encryption and the isolation of customer data. Certification like this takes a lot of effort, but it’s worth it to give publishers peace of mind that the data they trust us to store is as safe as it can possibly be.
2. Ask about testing
You can’t be sure that a system is secure until it has been tested to destruction. Accreditation should confirm this, and providers should be able to back up their claims about security by showing proof of thorough and regular penetration testing and vulnerability scanning of systems—not just by its own teams, but by external experts. This provides reassurance that systems can repel known types of attacks.
3. Check for transparency
A good systems provider should be able to talk confidently about security and answer any technical questions. If they can’t do so, are hesitant about sharing practices, or downplay the seriousness of questions, it may indicate that their team doesn’t have the experience or knowledge to keep your information safe. Security is a core value at MetaComet, and we’re always happy to discuss any aspect of our work with anyone who is interested.
4. Make sure you trust the people
A software provider is only as good as its people, and with research showing that the bulk of data breaches are caused by human error, it’s vital that you can trust the teams. Responsible companies should vet and regularly train all employees who have any access to sensitive information, and ensure they follow best practices.
5. Investigate contingencies
Even the most secure providers should have plans in place for if things go wrong. Do they have business continuity plans so that clients aren’t affected by outages or server issues? Back-up procedures won’t necessarily be enough. In worst-case scenarios, what’s the disaster recovery plan? Are they clear on who is responsible for what during a crisis, and how developments would be communicated?
It’s not essential to understand all the technical aspects of security. There’s no reason why publishers should be expected to do so—after all, this is why a business brings in IT partners in the first place. But because your providers should be working on security every day, you should expect them to be comfortable talking about security issues and address any of your concerns.
David Marlin is co-founder and President of MetaComet® Systems, a leading provider of royalty management solutions with 20 years’ experience in publishing and more than 200 clients around the world. Its systems are dedicated solely to royalties, and include ultra-robust security and simple implementation, backed up by dedicated QA and support teams. Click here to learn more about MetaComet’s solutions.
David and the MetaComet® Systems team would love to hear BookMachine readers’ views on these and other aspects of software acquisition and implementation. Share your thoughts in the comments below.