Information security continues to be an important topic even if there haven’t been any newsworthy breaches recently. That could be due to the nature of proper security, which involves continual effort and therefore top of mind. Annual penetration tests, monthly vulnerability scans, scheduled password resets and authentication of new devices are a few recommended policies to stay secure.
Security was much easier when the ability to share was more difficult and the potential for inadvertent release was much lower. Back when paper documents ruled the world, locked file cabinets or a managed file room with in/out tracking satisfied the requirements. With digital documents, your systems need to be hardened and so do your users. Data can leak through the back door or the front door.
System hardening, as mentioned above, involves policies and procedures that help protect the information. Additional best practices include encrypting the files at rest, which essentially means your document management system encrypts the files on the server on upload. But meta data associated with the files also needs to be encrypted, such as names, addresses, account numbers and social security numbers. These efforts help protect your data in case a bad actor gets in through the backdoor.
Don’t forget that systems have a front door too. Security needs to be part of the user awareness as well because with digital documents, the ability to move volumes of information is much easier than moving a wall of file cabinets. Users with the ability to share large volumes of documents need to have training on how to configure security properly and only certain users should have that “share” capability. Users should also have limits on how many documents can be emailed out of the system at one time.
Admin users need to monitor data flows via the system logs. They also need to manage new user setup logs to ensure only approved users gain access. Security settings need to be easily reviewed across all users and groups to audit existing configurations on a periodic basis. Appoint an Admin to have security responsibilities for the document management system with quarterly reporting of activity.
It’s easier now to move large volumes of digital documents, containing valuable corporation information, so it is important to make sure security is tight at both the system and user level. Free, folder based file sharing sites are useful, but the ease of use factor can be counter to your security objectives. A network drive is even more difficult to manage. Find a system that has both application level and user centric security covered and your documents will be safer.
Millennia Group has been providing workflow and document management solutions since 1996. For more information visit our website at www.mgdocs.com or send us a note at firstname.lastname@example.org.