The securing of company, customer, and client information has always been a priority to organizations. In the “old days,” paper letters, customer files, ledger books, and other documents containing private and valuable information were locked in file cabinets or even stored in intricately secured vaults. The digital world of today exposes that information in ways that require new methods of securing and managing documents. The risk of security breaches has grown; not complying with data and privacy protection regulations like the Health Insurance Portability and Accountability Act (HIPAA), Family Educational Rights and Privacy Act (FERPA), Sarbanes-Oxley Act (SOX), Gramm-Leach-Bliley Act (GLBA), General Data Protection Regulation (GDPR), and others can carry not only severe financial consequences but even imprisonment. Here are five steps that any firm can take to deliver more secure document management.
When an employee fires up their computer each day to connect to the corporate network, normal practice is to require them to authenticate themselves by inputting a user ID and password or using another secure access method like a proximity card and card reader. Requiring employees to follow this same kind of authentication process when accessing document management and workflow systems helps control and limit access to sensitive documents both in the office and remotely. Administrators can set role-based rules to further limit access or customize permissions to view only, add to, modify, archive, or delete a document based on the specific user’s role in the firm or workflow. Remember, printers and multi-functional devices (MFD) are a big piece of an office’s document management ecosystem. Users of these devices should also be required to authenticate before printing, copying, scanning, or faxing. Administrators can implement similar role-based rules that even limit access to specific functions of the device.
Documents that contain sensitive information should be encrypted, making it more difficult for hackers to access the information. Using 128-bit AES encryption is what the U.S. government says is acceptable for secret information and using 256-bit AES encryption is even better. Whenever using a printer or MFD, encryption features should be enabled. That includes encrypting a document when it is sent to be printed and ensuring the hard disk drive (HDD) of the printer has encryption enabled to protect any data that may remain on the HDD. An MFD should also be able to create encrypted PDFs when documents are scanned or sent.
Most documents have a useful shelf life. Creating document retention and governance policy not only makes document organization and management easier, it can also reduce legal risks and liabilities. Establish a policy of what documents are used for, how long they remain active, when and how long they should be archived, and when they should be destroyed. Defining user and access roles in each phase makes certain only those who “need to use” have access to the document in any given phase. Once again, printers and MFDs should be included, especially when it comes to digital shredding of documents that may still be on the HDD of the device when a printer or MFP is replaced or returned to the leasing company. Any document retention and governance policies should be created following government or industry regulations.
Too often, we hear stories about organizations taking days, weeks, or months to recover after losing valuable and sensitive client information due to a malware or ransomware attack. Creating regular backups of document and content management systems doesn’t prevent cyber-attacks, but it does reduce or eliminate the time and effort an organization spends to regain full operating functions. Using cloud-based document and content management solutions or placing backups in the cloud helps protect data even more. Paper documents should be digitized using a scanner or MFD to scan and send them to a document or content management solution that is regularly and automatically backed up. That digitization prevents the loss of critical information that may be on those paper documents in the case of fire, flood, or other disasters.
According to Ponemon’s 2020 Cost of a Data Breach study, human error was the root cause of 24% of data security breaches. Making sure employees understand their role and importance within the organization’s data security and document retention and governance policies helps gain their full support to follow those policies. Regular training of employees helps them know how to use the authentication, encryption, and other data security features of the document management solutions and devices in the office. Heightened employee awareness combined with training can help reduce the risk of security breaches caused by human error and help an organization more readily comply with data and privacy protection regulations.
Securing data and information, in whatever form it exists, is more important today than it ever was. These five steps are just a start to establishing strong security and compliance strategy. Centric Business Systems provides software, hardware, services, and support that can help you create a more secure document management solution for your firm. Visit us at www.centricbiz.com or contact us at (877) 902-3301 to schedule an assessment and consultation today.