For businesses, it is no longer a question of if, but when, a hacker is going to breach their perimeter security. With 2016 having the most data breaches recorded in a single year, businesses must take serious measures to protect their assets. And yet, despite a strong focus on perimeter security, most organisations are missing one important and easily protected layer: the document level.
Phones and laptops are relatively easy to lose; in fact, according to Gartner, a laptop is lost or stolen every 53 seconds. However, the loss of the device itself is trivial to a business; it’s the loss of the data within that device that can be devastating.
When several laptops belonging to Coca-Cola were stolen, the company also lost almost 74,000 records of personal identifiable data. While the laptops were recovered, the data was lost forever, leading to several law suits against them. Similarly, 97,000 Starbucks employees were directly affected by the loss of their data when a laptop was stolen.
Organisations need to find solutions to secure their documents in ways that prevent unauthorised individuals gaining access to valuable data in the event a device is breached. These solutions would also have to be invisible to employees, as they often tend to develop insecure workarounds to security methods they deem inconvenient.
The risk and cost of data loss
While data is contained within a document it is as secure as the solutions that the organisation storing it has provided. Only once a document is in use or in transit does it become considerably more vulnerable. Once in use, a document can be edited, destroyed or shared with unauthorised individuals outside of the organisation, while a document in transit can be intercepted over insecure connections by thieves. However, the status and security of a document is more complex than simply being stolen or secure. The protection of a document rests on the control of the data within – who is authorised to access it, the length of time it can be edited, how many copies can be printed, who can sign it, who it can be shared with, and so on.
According to IBM’s 2016 Cost of Data Breach Study, the average cost of lost data was $221 in the U.S. Whilst 48 per cent of these breaches were caused by hackers and criminal insiders, human error, negligence, and system failures were considerable risk factors that endangered the safety of an organisations’ data. Mitigating these risks requires a business to not only have robust perimeter security, but also adequate protections in place on the documents themselves.
Document Security best practices
Thankfully, many documents have built in mechanisms which help secure and restrict access to documents:
Word – The most commonly used document writer, Microsoft Word comes with many security measures which a user can activate if they so choose, including encryption and password protection
PDF – Perhaps one of the most secure forms of digital documentation, employing encryption, password protection, limitations on printing and the prevention of the copying or alteration of images and text, as well as Certificate security based on a signed document
The misconception that these writing tools are producing unsecured static documents is causing businesses to miss opportunities and cause unnecessary concern. If more organisations were fully aware of the security features built into the software they already own, they could strengthen their security solutions, improve their overall business processes, and add confidence to their document processing.
Most organisations already know that documents can be password-protected, however this has several limitations. Passwords are lost, forgotten or compromised all the time. Simple password-protection does not provide the level of security that businesses require. Nor does simply encrypting a document.
What businesses require is document security that goes beyond basic data encryption, adding business-centric digital rights management, which allows them to customise the ways they secure their documents. This should be established when the document is first created, and will stay with the document wherever it’s sent, ensuring that the security guidelines are always enforced, with full tracking and auditing of the individuals that have accessed and shared the document.
For those organisations that adopt these security measures, the biggest benefits are increased control of their intellectual property and increased competitiveness.
In the event that documents are stolen or leaked, a business can make use of various protections available on PDF documents, such as password protection, disabling the print function, or setting its text to display in low resolution to confound Optical Character Recognition (OCR) software. These types of functions are useful for anyone managing sensitive content, such as financial organizations, legal firms, and healthcare organisations.
Any business that operates on the basis of dynamic pricing, with prices changing at different times each month, can find that its suppliers often struggle to ensure that rate sheets get adequately updated. To counter this, it can implement a DRM function on its PDF rate sheets that will automatically update every copy in the supplier’s possession when prices change. DRM rules can also be set up to retract the rate sheet if one of the suppliers ends its relationship with the business, preventing the former customer from sharing its prices with a competitor. This also allows the business to operate more quickly, and respond instantly to changes and demands in the market.
Being able to apply in-depth and precise controls, as well as DRM, to how documents can be viewed, shared, updated and edited, and by whom, is a powerful tool in any business’ security solution. With a huge growth in remote working culture, and therefore an increased risk of confidential documents being transferred between unsecured networks and devices, it is crucial that the task of protecting those documents is as simple as possible. Through the adoption of a document-centric approach to securing business files, organisations are able to truly embody the phrase ‘for your eyes only’ when it comes to their documents, gaining both business efficiency and a competitive edge.
This article is from the CBROnline archive: some formatting and images may not be present.