Corporate information has never been more in danger. In addition to keeping a tab on sharing habits of employees, companies also have to deal with a large variety of document security threats, ranging from new vulnerabilities to purposeful breaches and sponsored infiltration. It is critical that organisations communicate efficiently within and outside the company, with its consumers and clients alike. However, a growing level of communication brings along with it the dangers that classified corporate data could be handled recklessly, thus making it fall into wrong hands.
For some organisations, sharing confidential data in documents via paper, free file sharing services or emails are not viable options as it could result in data infringement, hacking, or unintentional exposure. Likewise, with almost every employee using smart devices to access corporate information, it is critical now, more than ever that data security reaches beyond the periphery of the company.
What must organisations to when it comes to document security and sharing of files? What must they do to ensure their companies do not feature in data breach headlines of tomorrow? At the end of the day, data breaches are becoming an increasing menace to businesses than cyber hacking, as a number of companies in recent months have been fined for unintended data mismanagement and loss. Unfortunately, these continue to take place thus causing greater embarrassment for organisations.
Document security is a must on the desktop or mobile devices so that documents are kept secure at all times. Here are some basic best practices for protecting documents.
- Do not open unsolicited documents or attachments. If you do not recognise the sender of a document or an attachment, do not open it. If you are not expecting a known person to send you a document, do not open it. Virus emails and phishing frauds can trick you into opening emails from someone you know even if it has not come from them. Speak to the sender to confirm whether they have really sent you the file and if it is safe.
- Do not enable auto download. Disable the auto download function on your email settings and turn off the function. It can help prevent downloading infected attachments.
- Create a shared file structure and name them with labels according to their function that are easy to identify. For example, documents that contain common compliance or retention regulations should be stored together for easy access.
- Facilitate collaborative options such as document read, announcements, commendations and comments that can keep everyone on par on the status of the document in the event of forwarding it or for auditing purposes. Employ password protection when documents are been shared with external groups. As far as possible avoid sending documents via email and opt for file sharing options for greater security.
- Provide access to only those who need to view it. You may want to offer levels of permissions to access content and consider whether the viewer needs to edit, print, or just view the data in the document.
Lack of document security could be attributed to the IT department needing to handle the sharing habits of employees outside the organisation. Until recently, when data was behind the firewall, the IT department was aware of what was contained within the internal systems and how employees were sharing data. Today, where cloud file synchronisation and sharing (FSS) services have easily made their way into numerous organisations, the IT department has a huge challenge on their hands.
FSS platforms in an organisation must have robust capabilities to empower document protection and content safety without affecting employees’ capacities in getting their jobs done. In order to make it easier to manage the access to data files and PDFs, as well as protect the organisations’ intellectual property, technologies such as information rights management must be considered. It is also important that organisations look into the option of adding specific permissions to the document, such as a time limit after which the file can no longer be accessed, even if the user has already downloaded it.
In highly regulated industries such as finance and pharma, management and IT departments must be confident that classified data concerning their consumers, contracts and related information continues to remain safe at all times. All these compliance issues and more must be taken into account especially if FSS technology abounds in an organisation. At the end of the day regulations, vary from one country to another. In some cases, government bodies may demand specific consumer information from cloud agencies that can cause inconvenience for all parties involved. Under such circumstances, effective solutions like Customer Managed Keys (CMK) empower the data owner, thus permitting consumers to direct and control their own encryption keys.