Documents: the security risk you hadn't thought of
The consequences of data loss are becoming more and more serious
It's becoming extremely difficult for companies to guarantee the security and integrity of their data, not least due to the increasing mobility of employees. Staff spend more time away from the office, accessing company documents from all over the world, often using their own devices.
The bring your own device' (BYOD) trend poses a major problem for company security. This was demonstrated by a study carried out by the Ponemon Institute in which 2,300 IT and security specialists from eight countries were surveyed. 58% of respondents consider BYOD to be a security risk, with experts claiming that the use of private mobile devices restricts the effectiveness of data protection measures and hampers the implementation of security policies.
Increased mobility combined with new opportunities for communicating and reproducing information, mean the risk of data loss for businesses rises. Even when printed out or simply distributed incorrectly, lists and documents can easily fall into the wrong hands or be deleted by employees accidentally or deliberately.
If development results, customer drafts, contracts or other confidential information fall into the wrong hands, it's not simply a competitive disadvantage for the company concerned. When data is lost or stolen, as well as affecting the company's reputation, it could also incur financial losses or make the organisation liable for heavy fines.
Not only is data becoming more mobile, it is also distributed more quickly and created in larger volumes. Around 90% of German companies that took part in a survey for Bitkom declared that the amount of data they were producing had increased in comparison with the previous year. On average, these companies were generating 22% more data.
Increased hardware costs are not the only consequence of this increase in data; the cost of protecting such information against unauthorised access, whether from inside or outside the company, is also increasing.
The consequences of data loss are becoming even more serious, and a study from the Ponemon Institute on the cost of data breaches revealed that over the past two years, costs incurred by companies due to data loss have increased throughout the world by 23% to an average of $3.8 million per security breach. Under the new GDPR regulations, companies could be fined 4% of their annual turnover or 20 million for failing to comply.
If documents contain personal information, many data protection regulations such as the European Data Protection Directive legislations also apply as well as GDPR. It must be possible to ensure that access, editing and distribution of information to third parties can be recorded and traced, and companies also have an obligation to ensure a level of security appropriate to the risk of a breach, such as encrypting documents to ensure that only authorised users can get access, and that no unnecessary personal data is included.
However, paper documents are not necessarily a way to protect against hacks or breaches. It could even be argued that the opposite is true once a paper document has left the printer, its journey from that point onward is difficult to control. It's impossible to know who might be able to read or copy it, and documents are at risk of being lost during transport or disposal.
Even if, in principle, it's easier to keep digital documents under greater control than printed documents, digital formats still represent a potential security risk for companies. Therefore, document security should be a central component of company security. According to the Ponemon Institute study, 72% of IT experts surveyed believe that document security can contribute to maintaining data confidentiality, integrity, authenticity and accessibility.
There are a number of different ways documents can be secured online at all stages of the workflow to ensure that data doesn't fall into the wrong hands, including using password protection to open and edit documents, protecting access at a project or group level and using encryption to ensure that protected files can't be read by unauthorised people, should they fall into the wrong hands.
The IT Pro guide to Windows 10 migration
Everything you need to know for a successful transitionDownload now
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Software-defined storage for dummies
Control storage costs, eliminate storage bottlenecks and solve storage management challengesDownload now
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacksDownload now