internal-page-background-header.png

Is your information safe? Document security in the information age

shutterstock_527443798Most people think of document security only in relation to highly sensitive documents. However, the security of information is not something that should be taken lightly. Documents are, after all, at the heart of everything that a business does. From product designs and development plans to invoices and contracts, documents are the lifeblood of communication and productivity in an organisation.

With the rise of digital information, BYOD initiatives, collaborative working practices, and more open, distributed corporate ecosystems, the need for document security has never been more acute. However, across many industries, document management and security practices fall short. A recent survey revealed that, though 74% of businesses have a formalised document management solution, only 49% of end users are aware of it.

We’ve written previously about why companies need a powerful document management system (DMS) to help organise and control complex development and business processes. But document management doesn’t end with harmonised file structures and collaboration - organisations must also ensure the integrity of sensitive information.

Security remains a concern. A 2016 Ponemon Institute study found that 76 percent of U.S. and European organisations had experienced data theft or loss in the previous two year period. And respondents say insider negligence is more than twice as likely to cause the compromise of insider accounts as any other culprits, including external attackers, malicious employees or contractors.

Only 29% of respondents say their companies fully enforce a strict least privilege model to ensure insiders have access to company data on a need to know basis only. That explains why 62% claim that they have access to data that they should not.

A two-pronged document security approach

If insider negligence is the biggest culprit in data loss and users have access to data they shouldn’t, that is a risky combination of circumstances. Couple that with how few end users are aware of and using their companies’ document management solutions, and it suggests we need a two-pronged approach to document security - one prong should address control and the other usability.

Document management and control

Document security is broader than firewalls and encryption. You should have a system that allows you to control the level of access that employees and other parties have. Ideally, the more “fine-grained” that control is the better you will be able to minimise the opportunity for those documents to fall into the wrong hands. With the right controls in place, employees that are allowed access to a particular document won’t be able to share it with someone who shouldn’t see it, accidentally or otherwise.

Additionally, the control you have should extend to use-rights - what permissions each user has to view or modify a document or set of documents.

Though we’ve identified internal negligence as the larger issue, external threats shouldn’t be ignored. To that end, encryption and other security measures are also important. Your DMS should offer secure user authentication and end-to-end 2048-bit SSL encryption. And, if it is cloud-based, you should scrutinise the security and backup/redundancy procedures of the data centre.

Also, with cloud-based accounts you should test the connection security of your online server to determine the protection your solution provides against 3rd parties extracting information by eavesdropping. You can test the security using 3rd party services such as SSL Labs. It should achieve a minimum of a grade A rating but ideally an A+.

DMS usability

The other way to help improve document security in an organisation is to make sure the document management system that’s put in place is used. This can be done by making sure it is as “usable” as possible. If a solution is easy to use, is intuitive and accessible, it will be adopted more willingly. If it’s confusing and opaque, users can get frustrated and may abandon it, reverting to their old ways of working.

Speaking of “old ways of working”, usability will be helped by implementing a DMS that is flexible. It should be able to adapt to your organisation’s existing operations and workflows without dictating changes to the way you work.

Without high usability, all the security and controls you put in place could be significantly less effective.

Maintaining the integrity and safety of your business documents is more important than ever. The “information age” has delivered incredible benefits to businesses in terms of productivity, collaboration and efficiency. But it has brought with it greater opportunities for data to be lost or compromised, either through negligence or maliciousness.

A document management system that offers both security and control as well as usability can help ensure you minimise the risk.

Apply risk based thinking to quality processes

Tags: Information Security