Workflow Automation Software

Millennia Group Blog

Don’t forget to lock the front door

via Flickr - Paul FlintInformation security continues to be an important topic even if there haven’t been any newsworthy breaches recently.  That could be due to the nature of proper security, which involves continual effort and therefore top of mind.  Annual penetration tests, monthly vulnerability scans, scheduled password resets and authentication of new devices are a few recommended policies to stay secure.

Security was much easier when the ability to share was more difficult and the potential for inadvertent release was much lower.  Back when paper documents ruled the world, locked file cabinets or a managed file room with in/out tracking satisfied the requirements.  With digital documents, your systems need to be hardened and so do your users.  Data can leak through the back door or the front door.

System hardening, as mentioned above, involves policies and procedures that help…

Derby Day is coming, place your bets

via Flickr - Phil RoederIt’s completely acceptable and a lot of fun each year to take some risks and place some bets when the Kentucky Derby is run.  The riskiness of the horse you choose is usually based on a personal hunch, minimal research or discussions with a spouse, family or friends.  The amount of loss is known up front and may or may not have anything to do with the riskiness of the horse selected.

If only all risk assessment was so easy.  When you look at real life risk assessment as it relates to your company’s information assets, it’s a very complicated issue.  Here are some basic points that should be considered when trying to protect (aka mitigate risk to) your information assets like documents and data.  Avoiding a data breach is a bet that you really want…

Security shaming is working

Via FlickrOkay, maybe security shaming is not the proper way to describe security awareness training.  No matter how its labeled, it’s working.  We don’t receive emails with employee or patient lists attached.  We aren’t given access to a Box account where we can see all company information instead of only the one folder we should see.

More and more we recognize the need to share information in a secure manner.  Nobody wants to be the one who accidently released a million names and social security numbers.  Security awareness training, a standard ritual now at most companies, is effective at helping to prevent accidental releases, but ensuring that information is securely shared could be a lot easier.

Its already commonplace to ask Siri and Alexa to answer a question, and they do quite accurately.  Cars can park autonomously.  Rockets can blast off…

I need a little wiggle room to be productive

via FlickrThe security of the information that our clients have entrusted us to host in our document management system is paramount.  Clients demand that their information remain private and confidential and we absolutely understand and abide by that.  The SEC, auditors and sound business practices demand it too.

Our clients concern certainly includes stopping bad actors, but it also includes the people that they set up as valid users – they should only see and share what they are allowed to see and share.  However, as far as sharing goes, some flexibility is needed so that users can be productive.  Here are some thoughts on why wiggle room is needed and how sharing information can be protected.

Generally, people don’t work in a vacuum, they need to communicate and work with others, both inside and outside the organization.  The two most…

Please, not another username and password!

Via Flickr by Jans CanonForm Follows Function.  This is a quote from famed Chicago architect Louis Sullivan.  Sullivan designed buildings to be functional first and then worked on building aesthetics.  For software implementation, you might say Function Follows Security. 

For any software, especially document management software, it is extremely important to understand the capabilities of the software’s security model before you begin to work out the configuration and hierarchy of your data.  That is unless you don’t mind having users who need multiple user names and passwords to create the access they need?

While going through the analysis phase of the implementation, list out the types of information that will be managed in the system.  Then list out all the different groups of users that will need access to the system and what parts of…