The 2017 London Book Fair (14-16 March 2017) offers an excellent opportunity to meet with publishing software vendors. [Read more…]
Ransomware is of increasing concern to medium and large publishers.
Ransomware is a type of malware that restricts access to the infected computer system in some way; usually by encrypting your files, and demands that the user pay a ransom to remove the restriction. If you don’t have a backup you have to pay the hackers to gain access to your data.
Sony Pictures is one media company that was affected by a ransomware attack.
Often a system is infected by a phishing attack where a user inadvertently downloads malware or inadvertently provides a hacker with their user ID and password.
Information on Ransomware
Advice For Large Publishers
At Kensai we recommend that large publishers consult with internet security specialists from E&Y or PWC. Very large publishers should consider Accenture.
- Ernst & Young Cyber Security: http://www.ey.com/gl/en/services/advisory/ey-cybersecurity
- Price Waterhouse & Coopers: http://www.pwc.com/us/en/forensic-services/video/cyber-security.html
Protecting a book publishing software system against such intrusions requires multiple levels of protection.
Staff should receive instruction in best practices for internet security. Over 95% of security breaches are caused by an employee inadvertently providing their user name and password to a hacker.
Backup your data
Restoring a backup file can often negate the extent of a ransomware attack.
Internet Security Software
It starts with ensuring that every workstation that accesses your system has internet security software running. Internet security products can deny access to clients (local or remote) not running internet security software. For small and medium sized publishers with security concerns we recommend using Symantec Endpoint Protection Cloud. Enhance this by also using Malware Bytes Endpoint Security. Malware Bytes; like Sophos Intercept X, is designed to detect and stop ransomware attacks.
Medium and larger sized publishers should consider products such as Sophos Intercept X. Intercept X includes technology that detects spontaneous malicious data encryption to stop ransomware in its tracks. Even if trusted files or processes are abused or hijacked, this technology will stop and revert them without any interaction from users or IT support personnel. It works silently at the file system level, keeping track of remote computers and local processes that attempt to modify your documents and other files.
We recommend cloud managed hardware firewalls. Hardware firewalls are harder for hackers to breach. A cloud managed firewall includes hardware that needs to be connected to the network. The firewall is managed through the cloud by a service provider. Managed firewall services provide 24×7 firewall administration, monitoring, and quick responses to any malicious attacks.
Your company should enforce secure password specifications. This includes minimum character length, the exclusion of dictionary words, and a requirement that passwords be changed periodically.
Two Factor Authentication
We recommend two factor authentications for all email access logins and system logins. In addition to a user name, and password a third identifier such as a passcode sent to the user’s phone or a smart card is required for system access. Two factor authentications for system administrator logins should be required because these users have access to all systems.
Segment Your IT Systems
We recommend that large publishers segment their IT systems so that hacking one system does provide access to all segments of their IT infrastructure. Ransomware attacks are often successful because obtaining a single IT administrators password provides access to the entire system. Best practices call for software (i.e. folder access rights) and hardware (server access) based system segmentation.
An example of system segmentation is storing royalty contract documents on a separate physical server. The hard drive is encrypted. Access is limited to those with a need to know. Out of 400+ users, only 30 users; including the system administrator have access to this server and the royalty contract files stored there. The system administration has a separate username, password and utilizes 2nd factor authentication for accessing this server. Country-blocking is activated so the server cannot be directly accessed by users outside the home country. The server is backed up daily using two online backup services and monitored by Sophos Intercept X.
Employee laptops should have encrypted drives. This will prevent unauthorized users from accessing data stored on a lost or stolen laptop. We recommend services such as Absolute LoJack for Laptops that allow the IT administrator to remotely erase drives on misplaced laptops.
Locate servers in secure rooms with keyed access.
Publishing is changing. Faced with an increasing digitize world publishers are becoming providers of content to third parties that repackage their content. Consumers can obtain content in chunks, as subscriptions, temporary access and via the traditional book purchase.
A recent article by Wolf-Michael Mehl; Executive Vice President of Klopotek, touches on several current and future challenges in publishing and explains what Klopotek can do to support publishers in these specific fields.
The highlights of the article are:
There is a trend towards books being purchased in smaller numbers, while the types of products offered has to increase in order to remaining successful….Keywords such as “lending” content and flat rates for access to content are becoming more and more important.
The Klopotek author portal; STREAM Application – Authors Online, allows authors and agents to access royalties, sales, rights transactions and royalty statements online. This reduces the work for the staff and emailing statements instead of mailing them saves the company money.
The STREAM Application – Rights Sales Manager, allows publishers to focus on the marketing of available rights. All the information regarding a title and its component rights are accessible via a single portal. The rights manager also tracks potential licensee’s topics of interests.
Klopotek tracks “chunk” products for each title. A “chunk” is a component of a title. Examples of “chunks” are a chapter, a table, or a form.” “In Klopotek, “chunk” variants can have individual titles, prices, and information on page number, so they can be sold and invoiced just like e-books.”
The STREAM Application – Permissions and Compliance Manager, contains all of the content, asset and license metadata that allows the publisher to ensure that any content sales are in compliance with the licensing agreements.
Klopotek O2C; order to cash, application supports traditional sales models along with online subscriptions, bundles, bundles that include a subscription product along with the sale of customized products.
In addition to the points listed above I would add the importance of content discovery functionality. Content chunks only sell if a consumer or potential licensee discovers it. Context oriented discovery engines such as Google Scholar or Microsoft Academic can help a user find the content that he is looking for. These search engines index the full text and/or metadata of each indexed article/book.
The 2016 London Book Fair (14-16 April 2016) offers an excellent opportunity to meet with publishing software vendors. [Read more…]
This 2014 hack of the Sony computer system has lead many larger publishers to examine the security of their royalty software systems. The requirements in recent RFP’s often mention security as one of their key criteria.
What is security for a royalty software?
From our point of view royalty software security is composed of three components:
- Data file encryption
- Document management system encryption
- User access rights
- Security monitoring / auditing
Data File Encryption
Most royalty applications are built on a MS-SQL server.
For these applications here is a listing of the ten SQL database security tasks. These tasks include implementing cell level encryption and encrypting the data that is transmitted between the app and the database.
Document Management System Encryption
The DMS (document management system) stores copies of royalty agreements. PDFs of scanned royalty agreements may be stored within the royalty application or in a separate location.
For document security, we recommend that PDFs be stored on an encrypted drive. Access to the documents should be limited to the royalty software. Only users logged into the royalty software can access these documents in their unencrypted state.
User Access Rights
Access rights controls which users can access the software. Many software intrusions result from the hacker breaking in with a user’s password. For greater security against this threat we recommend two factor user authentication for users accessing the royalty system.
Single factor authentication relies on the user submitting his user name and password.
Two factor authentication requires a users password and a PIN that is dynamically generated when the user attempts to sign in. This PIN may be created by a physical device that a user has access to or it may be emailed to the user’s mobile phone.
When an employee leaves the company their access rights should be immediately terminated.
Security Monitoring / Auditing
Third party IT security solutions and services can monitor access to the selected folders and files to prevent downloading and copying to unauthorized locations.
The London Book Fair (April 14 – April 16) presents an excellent opportunity to meet with book publishing software vendors and speak to their clients. [Read more…]
New publishers on a shoestring budget need software for accounting, royalties, title information and editorial project management to manage their operations. With these tools in place they can focus on acquiring titles, publishing titles, marketing and sales. [Read more…]
The Frankfurt Book Fair is the world’s larger book fair. In 2013 this fair hosted 7,275 exhibitors from 102 nations, 631 literary agents, about 9,300 journalists, 275,342 visitors and 170,664 professional visitors.
At the Frankfurt Book Fair you can meet publishing software vendors and their clients. There is no better way to talk to the representatives of many vendors at one time.
BooXtream, Hall 8 L133 – www.booxtream.com
- DRM watermarking for ebook publishers
Digimarc, Hall 8.0 L112 – www.digimarc.com
- DRM watermarking for ebook publishers
Jeux de Couleur, Ltd. (That’s Rights, Easy Royalties), Hall 4.0 J146 – www.thatsrights.com
- Royalty and rights management software for small to medium sized publishers
Klopotek & Partner GmbH, Hall 4.0 E9 – www.klopotek.com
- ERP solutions for book publishers – royalties, editorial, production management, sales, title information – for medium to very large publishers
knk Business Software AG, Hall 4.0 G7 – www.knk.com
- Microsoft Dynamics NAV solutions for book publishers for medium to large publishers
Publishing Technology, Hall 4.2 M35 – www.publishingtechnology.com
- ERP Solutions for book publishers – ecommerce, royalties, production management, sales, title information – for medium to very large publishers
Real Software Systems, Hall 4.0 C38
- Rights and royalty solutions for medium to very large publishers
Stison Ltd, Hall 8.0 A75 – www.stison.com
- ERP Solutions for book publishers
Virtusales Publishing Solutions, Hall 4.0 C31 – www.virtusales.com
- Editorial, production management, rights & royalties, title information solutions for small to very large publishers
An important criteria of any book publishing software purchase decision is the vendor’s area of expertise.
Publishing software solutions often focus their development in a few specific areas. While some vendor solutions excel in financial management others focus on title information management, production management, royalties & rights, sales order processing or ecommerce sales.
A vendor’s area of expertise can be identified by their software development roadmap, reading press releases to see what are the most commonly implemented modules are and viewing the vendor’s website to see what functionality receives the most emphasis.
Example 1: IBS Bookmaster is known for their sales order processing, distribution management and warehouse management along with integrated financials. Most of their clients operate have distribution and warehouse operations. A review of their website shows an emphasis on supply chain management and financial reporting.
Example 2: Klopotek is known for their production management, title information and royalty & rights management functionality. This is where most of their ongoing development has occurred.
Example 3: knkPublishing is known for their integrated Microsoft Dynamics financials. Publishers that purchased their software did so in large part because of their integration with the financial management modules provided by Microsoft Dynamics.
Example 4: Firebrand Technologies is known for their turn-key title information management.
Example 5: Easy Royalties is known for their powerful royalty solutions for small publishers.
Example 6: Publishing Technology is known for implementing ecommerce solutions for publishers and their order to cash solutions for publishers.
Example 7: Virtusales focus is title information management, production management and royalties. They do not handle sales nor offer integrated financials.
Book Expo America 2014 is the place to be if you want to explore book publishing software solutions. From Thursday May 29th through Saturday May 31st, 2014 publishing software vendors will be exhibiting at the Javits Center in New York City. Here you can meet with vendors and talk to the publishers that use their software.
Cyberwolf, Inc. – Stand DZ1764 – www.cyberwolf.com
CyberWolf offers a complete line of publishing supply chain technology: Business management, royalties, eCommerce, ONIX & ebook download solutions. Through technology innovation, our professional teams help publishers improve and grow operations, productivity, sales and profitability. The ACUMEN Book® business management system is the industry price/performance leader. Diversified DRM™ and the CyberWolf Download Service provide maximum flexibility for website ebook sales.
Firebrand Technologies – Stand DZ2257 – www.firebrandtech.com
Firebrand Technologies provides steadfast leadership and seamless information flow throughout the publishing process. Title Management Software tracks titles from pre-acquisition through post-production, marketing and sales. Eloquence Metadata services are the fastest, most accurate and cost-effective way to implement ONIX. Content Services offers publishers the ability to manage, store, distribute and sell final eBook content. Firebrand’s eBook Architects is a premier eBook design company.
Klopotek – Stand DZ1756 – www.klopotek.com
Klopotek is the software provider trusted by over 350 publishers on four continents and is the most comprehensive, integrated standard enterprise software created for publishers. It covers all work processes in the publishing business; enables publishers to highly optimize and automate workflow in editorial, contracts, rights, royalties, production and order to cash. Publishers who use Klopotek save significant time, lower IT investment and streamline processes in every aspect of their business.
Media Services Group – Stand 1003 – www.msgl.com
Media Services Group, developers of the well-known publishing systems Elan Book and The Cat’s Pajamas, has been providing solutions to publishers since 1985. eCommerce/digital strategy; product lifecycle management; rights & royalties; CRM; inventory and warehouse; order fulfillment; subscriptions; accounting and much more. Become one of over 10,000 publishing professionals who manage their most complex business requirements with our Elan software.
MetaComet Systems – Stand 1015 – www.metacomet.com
MetaComet Systems is the creator of the acclaimed RoyaltyTracker.com as well as the recently launched AuthorPortal.com and PublisherSales.net. Cut costs, save time, reduce risk and improve author relationships with our state-of-the-art tools and expertise. We will also help you generate additional revenue with marketing tools for your authors and improved rights management.
Trilogy North America – Stand 2550 – www.trilogynorthamerica.com
Trilogy Enterprise Systems provides a full range of software and services to meet the complex demands of the publishing and related book industries. Modules include rights, royalties, production, order entry, title management, EDI, distribution and integrated WMS and Microsoft Dynamics GP (Great Plains).
Virtusales – Stand DZ1971C – www.virtusales.com
Virtusales develops Biblio3 which is used by some of the world’s leading publishers including Hachette, Random House, Penguin Books, Pearson Education, Macmillan and Harvard University Press. Biblio3 is an advanced publishing management system available in the cloud, allowing publishers to track their data from pre-acquisition to publication. It covers functional areas including ONIX & eBook feeds, production management, contracts, rights, royalties and digital asset management.