What are the Best Practices for Ensuring Documents Remain Secure?

Security breaches and information leaks are all too common, and lately the news isn’t letting us forget it.  The frequency of these news stories remind us how important of a role information security should play in day-to-day business operation.  What happens once information is in the hands of unauthorized users can be detrimental to a business’ livelihood and their loyal customer base.

Internal document sharing and collaboration efforts are oftentimes the culprit of inadvertent security and data leaks.  Without policies in place to control document sharing, most users end up emailing, printing or using an unsecured method to disseminate another copy of a document.  Every time a new version of a document is distributed the information is at greater risk.  The double-edged sword is that sensitive, confidential documents are the type most regularly accessed by users, but also the most critical to keep protected.   It requires precise balancing to employ an effective security system, while still enabling user’s access to the information they need when they need it.

Best practices for information security are different for every company.  Here are some tactics for making security policy development less challenging and to help ensure that your documents remain secure and safe:

  • Rank all business processes relating to information flow in terms of potential risk.  This identifies the probability of threat to that specific area.

  • Give people the lowest permission levels they need to perform their assigned duties.  Organizations often refer to this as permission of least privilege.

  • Grant access based on security groups—visitors, members and owners are a good example of strong group types.  Visitors may have read-only access.  Members have greater capabilities like adding and deleting documents.  Owners can alter internal settings, as well as make changes to the structure of security policies.

  • Classify security policies for every type of document, and label roles and privileges to each user group in regards to those documents.

  • Make sure document security supports the business’ audit and compliance standards.

  • Use two-factor authentication (2FA) to protect against password fraud.

  • Create, manage and regularly assess audit trails of all document accesses.

For more information on ILM’s approach to securing electronic documents, give us a call!

Leave a Reply