Kofax Senior Vice President and GM APJ Zakir Ahmed says with the boom of digitalisation, physical paperwork is unsustainable in the longer term, and, it is not feasible for high organisational workflows. However, going paperless comes with additional security measures that business organisations must employ to safeguard their assets.
By Zakir Ahmed
Security, especially in the digital realm, is a significant concern for every business today. High-profile stories about data breaches and the loss of sensitive personal information or important business materials aren’t uncommon. Even more such stories appear below the fold. Yet while many businesses invest in diverse solutions from firewalls to anti-social engineering training, a key element often remains overlooked — document security.
To protect your business’s paperwork and digital file infrastructure, it’s essential to invest time to improve your operational practices.
There are many industries where safeguarding sensitive information is paramount. These include the legal sector, healthcare, education, banking and even government. With records on customers and clients, individuals and other businesses, there’s considerable potential for abuse should the information fall into the wrong hands. When files remain unsecured, exposing private information could be as easy as copying and opening a file. Would you leave a filing cabinet full of client records unlocked?
Likewise, not every employee in a business should have access to all the information it produces. In some cases, you may need to conceal details about an upcoming product or service offering to prevent staff from sharing the information outside appropriate company channels. Pay records, financial details and other such private information must also stay out of the hands of the unauthorized. Appropriate strategies for addressing these needs are, therefore, an essential element for any business.
Instituting a simple system for controlling records and internal company paperwork is the first step to implementing stronger document security. While eliminating the hard copy isn’t always feasible, it’s easy today to make strides towards a “paperless” office. Not only does such a switch save money on office supplies, but it provides advantages for security, too.
For example, there are many more ways to secure digital files than there are ways to protect physical paperwork. Loss of the original hard copy is less of a concern.
It’s also easier to change digital documents as needed. Quick manipulation empowers faster, more efficient workflows; with digital certificates, it’s possible to verify the integrity of a file as an original, providing more versatility.
Tap into these benefits by investing time into digitizing your files with OCR-enabled scanning technologies capturing the document itself, not merely an image.
Develop a Security Classification System
Just as you wouldn’t use one key to secure every door across an entire office building, you shouldn’t use the same security settings for every document. In fact, some of your digital files may not need any exceptional protection at all — but you’ll need to make that determination carefully.
Create a series of security “tiers” from documents accessible to all to those available only to specified employees. For instance, memos on procedures and guidelines might be unsecured for all employees, while only Human Resources staff may see personnel files.
Use a combination of tools to restrict access. These include applying protections to the documents themselves, and using digital content management systems requiring passwords for access to secure file systems.
Periodically review document classifications to ensure proper filing. Consider the classic legal tale of a lawyer discovering crucial internal paperwork accidentally left inside a box of discovery materials. Mis-filing can compromise the integrity of your security efforts.
Classifying documents and separating them into different tiers only works if you have a way to differentiate security levels from one another. “Encryption” is a broad term that can encompass a range of solutions, including password-based security as well as key and certificate-based cryptography. Using a combination of these tools, along with operating system-level access controls, gives your security setup the teeth it needs to keep out the unwanted viewer.
Use strong, and unique passwords shared only with those authorized to view files. Discourage the display of passwords on personal workstations. Consider the potential benefits of using an enterprise password manager.
Learn how public key cryptography works and consider employing it on sensitive internal and external communications, including conversations with clients. Enable others to verify the authenticity of your message.
Rely on industry standards, including AES-256, for the strongest encryption possible.
In summary, good document security starts with a digital file infrastructure and succeeds with robust encryption backed up by smart practices.
Don’t Put All Your Eggs in One Basket
All the efforts to implement good security practices won’t mean much if your entire data infrastructure goes up in smoke. The possible threats are many — fire, flood, hardware failure and even ransomware all pose serious risks for the integrity of a company’s data. Any business continuity plan should include secure backup efforts. As part of efforts to improve document handling and retention, businesses should keep the following considerations in mind:
Routinely back up the most critical documents and databases your business uses to a secure storage location. On-site backups are acceptable, but some off-site storage — whether a cloud service or a third-party host — is ideal as well.
Thoroughly encrypt all backups. Consider using archive file formats to combine multiple data sets into one locked-down cache.
Put backups on an automated schedule where possible, and routinely update passwords. Updating ensures you neither forget how to access the backups nor run the risk of allowing an intruder to use outdated information.
By taking time to create an appropriate setup, such processes become second nature, a natural part of everyday operations. Threats from bad actors are on the rise and changing legislation surrounding data privacy means now may be the ideal time to step back and re-assess the way your business handles documents on a daily basis.
(Ed. Featured image courtesy of Sharkbite.)