Security Concerns in a (nearly) Paperless Office

In an earlier post, we discussed how the long-held dream of the paperless office is becoming a reality. While the basic technology to permit an office to go completely paperless has been around for decades, issues continued to crop up that prevented full adoption of it. Many of those issues have been addressed today with advancements in data entry, document imaging, document management systems, and the wide-spread adoption of document and communication standards. Together with those improvements, the proliferation of personal computers, high-speed Internet, and mobile devices have driven businesses ever closer to going fully-paperless.

The upsides of going paperless by harnessing these improved data entry/imaging services and modern document management systems are pretty obvious:

  1. Improved efficiency – employees can find and modify the documents they need, when they need them, wherever they are.
  2. Decreased costs – often the cost of using a data entry service is lower than doing it in-house. Furthermore, costs decrease to both buy and store paper.
  3. Safety against loss – digital documents can be backed up many times in different locations to provide mitigation against the risk of systems going down.

But these benefits, if installed improperly, can come at the price of security and privacy. Computer and network security breaches occur regularly these days. The culprits break into computer systems and steal sensitive information. So how do you ensure that your document management system is as safe as possible?

You need to vet the provider’s security practices before you start moving your sensitive documents into their document management systems. Here are some things to consider (they’re not all necessary, but more is better):

  • Encryption. This should be obvious, but the provider must support encrypting documents as well as user’s connections to the system.
  • 2-factor authentication. This is a security measure that’s starting to gain traction with many major sites (Google, Apple, Dropbox). It often uses a user’s mobile phone number to send them a 1-time use PIN every time they attempt to sign in from a new computer or device with their password.
  • Support configurable security policies – Many organizations have password policies that require user’s passwords to be a specific, minimum strength and require them to change their password in regular intervals.
  • Access control. This is the ability to set access to documents or certain areas of the system to specific users or groups (like regular users or administrators).
  • Integration with single-sign on or OAuth systems. Single-sign on systems allow users to sign on once and access other, separate but related systems without having to sign on again. OAuth is an open standard for authentication the allows user’s to sign on to specific sites by using their Google, Facebook, or Twitter credentials, for example.
  • Internal security policies. What is the service provider’s policies for its employees with regard to your data. Who has access to it? The smaller this list is, the better.
  • Physical security. Where is your data physically stored? What are the security policies at the building that physically houses the servers your data resides on?

This is just starting point, but it’s critical to carefully consider the available security features of any document management system or service you use before you commit. To learn more about our policies, and please contact ILM Corporation at (540) 898-1406.

Leave a Reply