In-depth

Documents: the security risk you hadn't thought of

The consequences of data loss are becoming more and more serious

It's becoming extremely difficult for companies to guarantee the security and integrity of their data, not least due to the increasing mobility of employees. Staff spend more time away from the office, accessing company documents from all over the world, often using their own devices.

The bring your own device' (BYOD) trend poses a major problem for company security. This was demonstrated by a study carried out by the Ponemon Institute in which 2,300 IT and security specialists from eight countries were surveyed. 58% of respondents consider BYOD to be a security risk, with experts claiming that the use of private mobile devices restricts the effectiveness of data protection measures and hampers the implementation of security policies.

Increased mobility combined with new opportunities for communicating and reproducing information, mean the risk of data loss for businesses rises. Even when printed out or simply distributed incorrectly, lists and documents can easily fall into the wrong hands or be deleted by employees accidentally or deliberately.

If development results, customer drafts, contracts or other confidential information fall into the wrong hands, it's not simply a competitive disadvantage for the company concerned. When data is lost or stolen, as well as affecting the company's reputation, it could also incur financial losses or make the organisation liable for heavy fines.

Not only is data becoming more mobile, it is also distributed more quickly and created in larger volumes. Around 90% of German companies that took part in a survey for Bitkom declared that the amount of data they were producing had increased in comparison with the previous year. On average, these companies were generating 22% more data.

Increased hardware costs are not the only consequence of this increase in data; the cost of protecting such information against unauthorised access, whether from inside or outside the company, is also increasing.

The consequences of data loss are becoming even more serious, and a study from the Ponemon Institute on the cost of data breaches revealed that over the past two years, costs incurred by companies due to data loss have increased throughout the world by 23% to an average of $3.8 million per security breach. Under the new GDPR regulations, companies could be fined 4% of their annual turnover or 20 million for failing to comply.

If documents contain personal information, many data protection regulations such as the European Data Protection Directive legislations also apply as well as GDPR. It must be possible to ensure that access, editing and distribution of information to third parties can be recorded and traced, and companies also have an obligation to ensure a level of security appropriate to the risk of a breach, such as encrypting documents to ensure that only authorised users can get access, and that no unnecessary personal data is included.

However, paper documents are not necessarily a way to protect against hacks or breaches. It could even be argued that the opposite is true once a paper document has left the printer, its journey from that point onward is difficult to control. It's impossible to know who might be able to read or copy it, and documents are at risk of being lost during transport or disposal.

Even if, in principle, it's easier to keep digital documents under greater control than printed documents, digital formats still represent a potential security risk for companies. Therefore, document security should be a central component of company security. According to the Ponemon Institute study, 72% of IT experts surveyed believe that document security can contribute to maintaining data confidentiality, integrity, authenticity and accessibility.

There are a number of different ways documents can be secured online at all stages of the workflow to ensure that data doesn't fall into the wrong hands, including using password protection to open and edit documents, protecting access at a project or group level and using encryption to ensure that protected files can't be read by unauthorised people, should they fall into the wrong hands.

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021
Microsoft open sources CodeQL queries used in Solorigate inquiry
Security

Microsoft open sources CodeQL queries used in Solorigate inquiry

26 Feb 2021
CISA warns of ongoing Accellion File Transfer Appliance attacks
hacking

CISA warns of ongoing Accellion File Transfer Appliance attacks

25 Feb 2021
What is a Trojan?
Security

What is a Trojan?

25 Feb 2021

Most Popular

Npower shuts down app after hackers steal user data
hacking

Npower shuts down app after hackers steal user data

25 Feb 2021
Hackers publish Bombardier data in wide-reaching FTA cyber attack
cyber attacks

Hackers publish Bombardier data in wide-reaching FTA cyber attack

24 Feb 2021
New monitors for an agile new normal
Sponsored

New monitors for an agile new normal

19 Feb 2021