Security and data protection need to be an essential part of any business' strategy. Data breaches are now one of the most common - and potentially damaging - threats any organization faces. And one of the key areas within this discipline that every business needs to be paying close attention to is document security.
But what is document security?
And how does it relate to more general data protection practices your company may have?
Essentially, this term refers to how files containing sensitive business information - whether these are physical or digital files - are stored, shared and processed. This can cover some of a business' most valuable assets, from intellectual property to customer details, so protecting them must be a number one priority.
While it is closely related to other security issues, there are a few unique challenges surrounding document security that can require specialized solutions. This includes issues such as duplication, and the creation and sharing of multiple versions of documents. Especially in larger companies, this can create a large sprawl of files that can be hard to keep track of, potentially leaving valuable information in easily exposed locations.
The need for better document security
While businesses often think they are taking the necessary steps to ensure document security, the reality may be very different. One study by Accusoft, for example, found that while nine out of ten IT managers (90 percent) are confident they have the tools they need to protect their organizations' documents, more than a third (34 percent) have had sensitive information compromised due to poor file management practices.
Such breaches can be very costly, both in financial terms and the damage it can do to a company's reputation. A 2017 study by the Ponemon Institute revealed that the average financial cost of a data breach is $141 per record - and since large incidents can see millions of pieces of data compromised, this can quickly become a serious issue.
Reputational cost can also be significant, both in the loss of trust among existing customers, and making potential new customers think twice. Ponemon's study found 31 percent of consumers ended their relationship with an organization after it had been breached, while 65 percent reported a loss of trust in organizations that suffered one or more data breaches.
Managing your employee access
One of the most common causes of data breaches that expose sensitive documents is poor employee practices, whether this is due to malice, negligence or just a simple mistake. Some 93 percent of businesses say human behavior is the number one risk to their data protection.
Improving user education is one essential step to improving this, but there are also more concrete solutions that businesses can implement to reduce the risk of employee-related data breaches.
Any good document security solution should have strong access controls that set out who in a company is allowed to view and edit the data. This should be able to be configured for individuals or on a group basis, and be flexible enough so that it does not interrupt the key day-to-day workings of the company. For example, some users may need to view details in certain spreadsheets - but if they have no business modifying a field, they should not be able to do this. Full access should be limited only to those employees for whom it is essential.
As well as differing permissions, such solutions should also offer full auditing capabilities so senior staff and security professionals have a full record of which users have accessed files at which times, as well as what - if any - changes were made. These details also need to be frequently monitored so any unusual or suspicious activity can be spotted and acted on.
Enforcing your policies
Even if such solutions are in place to restrict who has access to sensitive documents, steps still need to be taken to ensure authorized individuals are handling this information responsibly. This is especially true in today's mobile-focused environment, where most employees will think nothing of carrying confidential documents out of the office on their laptop or tablet, or accessing files on the move via their smartphone.
Therefore, any enterprise's mobile strategy must have provisions in place detailing the correct process for accessing key documents when outside the office, whether this involves enterprise-owned gadgets or a bring your own device (BYOD) approach that allows people to use personal devices. In these circumstances, businesses may not only be exposed to the additional risks posed by unsecured Wi-Fi networks and being outside a firm's firewall, but also the threats posed if a device is physically lost or stolen.
While it may be relatively straightforward to place restrictions on what documents can be accessed on a device owned and maintained by the company, it may be less simple for BYOD gadgets. In this case, businesses will have to work carefully to balance the business demands with the need to keep users' personal files separate.
This may be especially important if you need to wipe a device remotely. Having such a policy in place is essential for good document security, but you will have to be clear with employees about when such a decision will be made and what, if anything, will happen to any personal files stored on the device.