Documents have been a business requirement since time immemorial. Of course, the way these documents are kept has changed from paper files to the now more common digitized form, the electronic or digital document. It seems obvious to most that some of the information in a business’s files, such as customer information, competitor research, market surveys, and strategies, should be kept a secret if the business is to thrive.
Nevertheless, it is such a common occurrence to see information being leaked into the public domain, especially where electronic versions of documents are concerned. In fact, most companies are unable to prevent this from happening, mostly because they do not have enough information to protect themselves against such scenarios. Being aware of the risks that they face, will allow them to better prepare countermeasures. Listed below are the top five risks:
Disposal of Documents
The disposal of both paper and electronic documents is a risk because it is often done incorrectly. Often with electronic documents, it is hard to locate and delete all versions of a document, especially since people are now using their personal devices (including phones, tablets, and USB sticks) at work. People thus now take copies from work to their homes, where it is sometimes more convenient to work. As a result, a company can only delete the files on its servers, while being unable to do anything about the documents on the personal devices of their employees.
In terms of paper documents, some organizations do not shred their documents when trying to dispose of them. In fact, some may end up recycling the paper for other purposes and, if the document had sensitive information, it can become a problem. Such documents can be scanned and find themselves back on the internet. It is thus essential that you ensure all document versions are removed from use when you need to dispose of them. Also, use a shredder for paper documents and use a document DRM system to make all electronic document copies unusable by automatically expiring them on a given date.
As you can see from the examples mentioned above, one group of people is likely to facilitate documents getting into the wrong hands: company employees. As such, employees pose a risk in and of themselves and you should train them on document security best practices. These practices include not downloading files to public drives, keeping their work in the office, and disposing of files adequately. Therefore, unless an employee has malicious intent, they will do their best to prevent documents leaking.
If you need to control where sensitive documents can be used (say in the office only) then consider implementing a document DRM system as such systems can enforce this.
Trusty Smartphones and Other Personal Devices
Firms have long since lost the war on trying to keep personal devices out of their workspaces. As a result, people have smartphones that can download and process all types of documents at work and it is no surprise that some employee smartphones, tablets, USB drives, and PCs retain sensitive documents. And, when the company incorporates internal structures to protect such documents, the measures do not always apply to the personal devices of the employees which potentially exposes the company. Also, smartphones have cameras and can, therefore, record information on a screen or paper by taking photos. Dynamic watermarking found in document DRM systems help deter users from sharing photos of documents since they will also display their user details.
When information is highly valuable and stored either on company drives or cloud storage or shared through the usual internet channels, there are likely hackers out there trying to access such information. And, if they can gain access to your internal network, they can steal your sensitive files. Some companies do use proprietary software, such as document DRM systems, to process documents which allows them to restrict and control document use. As such, hackers may be able to download the files onto their devices, but be unable to open them which significantly reduces the risk of them exposing the information they hold.
Unauthorized Computer Access
An illustrative example of unauthorized computer access is where a manager leaves guests in his office with his computer logged in. It is a trivial matter for such guests to look at what the manager has on his or her computer. They can even record that information by using their smartphone cameras. It is thus a best practice to ensure that, when an employee leaves his or her desk, he or she always logs out of the device and that no one but that employee knows his or her password. This applies to all company employees with access to sensitive files.
All of the above tips will help ensure your documents are less exposed to those who should not view them. But if you want to go one step further, consider implementing a document DRM system so you can control document access and use.