Security Points to Consider for a Records Management Practice
Scan the headlines, and you’ll see that, more often than not, there is big news of a data breach and its impact on the organization, staff, and clients. In some cases, the information gained by cybercriminals is from paper and digital documents. Although a secure document management system and strategy may not prevent an attack, it can thwart it, mitigate its losses, and ensure regulatory compliance.
Good document management security policies can help companies stop or reduce a data breach's financial and hostile public relations risks. IBM commissioned a study with the Ponemon Institute that argues the global average cost of a data breach is $3.92 million. When we are asked about ways to address risks, we give these tips:
It’s crucial to limit and control access to the ECM system- One standing ECM security rule is that access to documents should be on a need-to-have basis. User authentication requirements are critical, and with Laserfiche, you can apply security down to the word level. User-specific permissions and access rights should be used across the network to manage and control who accesses devices and documents and what they can do with them. Controlling access at the document level can include using digital rights management, passwords, or digital signatures.
Determining what data or documents to encrypt is essential. When data or records are encrypted in the cloud, the encryption should be in place whether the file is at rest on the network, in transit, or in the cloud. Use encryption-Communication between client applications and the Laserfiche Server can be encrypted using SSL. Experts conclude that just 43% of organizations have an encryption strategy applied consistently, and more than 50% don’t have a consistent data protection strategy. Laserfiche encrypts all three.
Practice strategic archiving- Moving archival files to a separate storage device or a trusted system. Moving these files to a separate storage device or location makes them more difficult for cybercriminals to access. Paper documents should be scanned and properly indexed to create digital files – preferably when they are received into the business or when they are created. The encryption and permission policies of the enterprise should protect all archived digital files. Most documents do not need to be stored for perpetuity, so following a document destruction policy is the ideal protection for older data.
System backups are crucial to any enterprise information management practice and disaster recovery plan. Creating backups separate from the typical operating environment and network system allows a company to defend against attacks. The files in these backups provide recovery points if a cyber attack occurs on any given day. Multiple backups give multiple recovery points in case files in any given backup have been infected by malware or the victim of ransomware. In addition, organizations should consider building a trusted system. Here’s a recording of a trusted system webinar we created with a partner.