As more companies start to transition away from paper files and towards digital, the threat of data breaches increases as does the disasters that come with it. In 2018, the United States experienced 1,244 data breaches resulting in 447 million records exposed.
There are hordes of hackers and nefarious people that work hard to breach weak security protocols and gain access to important documents. But let’s not discount the less nefarious yet risk-laden instances of security compromise. What about employees who access files that they weren’t authorized to look at — either accidentally or on purpose? What about Alan’s termination letter that was left on the printer right next to Alan’s desk?
Depending on your cybersecurity efforts, your IT department might already be using the latest firewalls, malware detection, and anti-virus software, so that the perimeter of your company’s documents are always secure. Having a strong external security system in place to prevent hackers from getting in is necessary for any company to function. But do you have a system in place to protect your documents from internal breaches?
Whether intentional or not, an employee may have unintentional access to emails that contain sensitive information, get forwarded important documents, log in to a public computer and forget to log out, and many more possible scenarios that result in a data breach.
To help protect your files from internal data breaches even as your company grows, intelligent information management (IIM) solutions like M-Files could be your first line of defense. IIM solutions ensure that all your unstructured files, documents, and business processes are stored, captured, managed, preserved, and delivered on a centralized network for easy retrieval. Below I’ll discuss how an IIM platform can help you protect your data from internal breaches.
“It has long been realized that encrypting content at rest, and particularly content in motion, is the only way to secure sensitive and potentially damaging content,” according to this AIIM report. “But suppose that instead of building protective walls around places where sensitive documents are held, we embed security into the document itself?”
Permissions and Access
It goes without saying. Sensitive documents should only be accessible to those who need access. It’s easy to have control over a few employees and the content they access in the first stages of your company. However, for growing companies, the ability to scale permissions access can get unwieldy.
With M-Files, you can set access permissions for whole classes of documents and data objects, in addition to specific documents, and even for different versions of the same document or object – including assigning roles that give different levels of access to different users or user groups, such as managers.
M-Files ensures that information is accessible to the people who need it, and inaccessible and unseen by those who don’t need it or aren’t sanctioned to access it. Access permissions can be controlled by user, group, role, as well as any metadata property — no need for scripting with the flexibility to address unanticipated future needs. Take these two examples:
Employment documents. Employment agreements can be tagged to selected employees, making the agreement visible to that user, their supervisor and the HR department, but no one else. If there’s a management or organization change, just change the supervisor property of the employee and all related documents become visible to the new supervisor.
Sensitive project documents. When project team members are assigned to a project, all associated documents will be visible to only them. Brought on a new team member? Simply assign them to the project group. No need to micromanage and examine permissions for every piece of information related to the project. This approach simplifies onboarding new team members, and also makes it easy to allow external users such as partners and customers to securely access project-related documentation and participate in related processes and workflows.
M-Files also supports the concept of “faceted permissions” — where multiple metadata properties together can define the permissions of a document. In the project-based scenario above, for instance, if permissions are created for project group members, you can make certain document types — like an agreement or contract — visible only to project managers of the related project.
In regulated industries where compliance is key and audits by customers, vendors and regulating bodies are required, M-Files consistently enforces access control policy. M-Files enables businesses to easily prove they are following required procedures and follow regulations.
Audit Trails and Proactive Reporting
Audit trails and proactive reporting are useful during or after a data breach. You can use them to determine who has been accessing files, when they were doing it, and which documents they were after. Your IIM solution will notify you of any suspicious activity that occurs so you can attend to it as needed.
As an example, your IIM can notify you that a finance department staffer, who has access to all invoices, payroll, and tax-related documents is conspicuously downloading confidential information. The information consists of a few vendor invoices, employee payroll, and company tax documents while they’re on vacation, without notifying you of their intent. If you suspect something untoward, once you’re notified, you can block access to all documents until further investigation is conducted.
Sometimes we all hold on to documents or belongings that we should’ve thrown out. While hanging on to a few personal items isn’t disastrous, doing the same with company files presents risk. Although there are certain documents that a company must retain for protection purposes, not all of them have that same weight.
An IIM solution will notify you when certain content has been idle for too long and is taking up space. It’ll then ask you if you want to keep or discard it. If you have no more use for content, you can discard it which ensures that no one has access to old documents that still contain sensitive information.