If your organisation survived the global WannaCry ransomware attack, you can congratulate your security team for protecting your network. But this is no time for complacency, because criminals, disgruntled employees and industrial spies are lurking in cyberspace, ready to steal your digital assets.
Your confidential documents are a prime target for thieves because they leave your network “fortress” and travel to laptops and smartphones with minimal security features.
Other threats come from inside your organisation, such as an employee posting a file on a social media site, forwarding it to a friend, or uploading it to unsecure online services.
>See also: Can we ever eliminate the ‘human error’ element of cyber security?
Without an effective document protection system, your company and your shareholders could suffer a costly financial loss, loss of competitiveness, productivity or lasting damage to your reputation. Consider the consequences of the theft of a digital movie file before its debut or an innovative architectural design.
What would happen if a cybercriminal stole your company’s strategic marketing plan and sold it to a competitor, or if a former employee stole 14,000 confidential engineering documents, as Waymo, – the former Google self-driving car company – is alleging in a California court?
Although US based companies are targeted more often than companies in other regions, cyber crimes are growing around the world, as more executives, sales people and others work from remote locations. Because more and more documents are in motion over the Internet, the security risks continue to grow.
>See also: A year in high-tech crime
A recent Accusoft survey of the 350 IT managers and professionals, Closing the Document Management Awareness Gap, found that about 33% reported that sensitive documents had been compromised due to poor security strategies, and 43% said employees don’t always comply with policies.
Deploying IRM solutions
To address this serious security problem, a growing number of companies are deploying information rights management (IRM) solutions that prevent confidential digital assets in the most commonly used file formats (Word, Excel, PowerPoint, PDF) from being opened by unauthorised users.
If a user authenticates and opens the document (online or downloaded copies), the company can still control the level of access, including read, print and other functions.
An IRM application adds an additional layer of security to confidential documents, which can be housed securely in the cloud, and synchronized with an office computer or smartphone.
They can also un-share a document from a user at a specific time, or immediately if a mobile device has been stolen. While no solution is perfect, implementing an IRM strategy is clearly one best practice for document protection.
>See also: The lucrative business of ransomware is ‘here to stay’
Protecting confidential documents is particularly important in highly regulated industries, including healthcare, financial services, telecommunications, utilities, among others.
In these sectors, a solution featuring IRM capabilities – together with the key relevant certifications – can provide a foundation for meeting risk and compliance requirements.
The most common functional areas of application of these technologies include:
• Executive and board communications
• Corporate services, such as human resources management, legal operations, financial reporting
• Corporate development, acquisitions, divestitures and post-merger integration plans
• Debt financing and corporate lending
• Research and development, centres of innovation
• Marketing and sales strategies
A step-by-step approach
Implementing an effective IRM solution requires a change in the mindset at every level of the organisation, including the board of directors, and senior leadership team. After all, this is a high-stakes issue for the entire company. In an era of collaboration, users must understand the risks, and use security tools appropriately.
>See also: Why the healthcare industry badly needs a cyber security health check
An effective document protection strategy begins with identifying the “crown jewels” in terms of confidential documents. For instance, the security of boardroom documents or market strategies might be the top priority in one company.
Next, the senior leadership team should assess current security gaps and technology options for closing those gaps. The financial/reputational risks involved with the loss of a confidential content – which could result in the loss of millions of dollars – should be weighed against the cost of that solution.
Here are four steps to improve document security in any organisation:
1. Protect: The most efficient way to minimise security risks is reducing the number of documents in motion. That means storing a sensitive document in a secure and certified cloud document collaboration platform, rather than sending documents over the Internet as email, text or other messaging attachments.
2. Detect: A cloud-based document protection solution also allows you to track who is accessing the document, the user’s location, and any actions affecting that document.
For instance, you could detect two or more simultaneous log-ins from the same user ID or a suspicious log-in from a country known to be a haven for cyber criminals.
>See also: The enemy within: data thieves lurk within an organisations’ ranks
3. Contain: One of the key features in maximising the security of documents in a collaborative environment is the ability to terminate access once a threat is detected. If a user’s ID appears to be compromised or a mobile device is stolen, access can be suspended immediately.
4. Recover: With a cloud-based solution, a user who has been compromised or lost a device, can be quickly reinstated, minimising any downtime. The recovery process involves refreshing the authentication and privileges of the user, who can be back up and running in minutes and synchronisation to a new device will get the user back to where he/she was before the incident.
With global cyber threats on the rise, it’s essential to implement a strategy to protect your confidential documents. The risks are too great to ignore.
Sourced from Marco Matouk, founder and CEO of Avanzada Group