how-to: 18 ways to secure your electronic documents
DESCRIPTION
Are your organization’s #document #management #security inefficiencies leaving you open to legal and economic repercussions? Compliance with mandates such as the Privacy Act, Freedom of Information Act, #HIPAA and the #Sedona #Principals for e-discovery and disclosure are causing ongoing concern within government agencies and corporations…and increased need for solid document security. But how can you keep these electronic files secure during the entire chain of custody? Here are 18 security suggestions.TRANSCRIPT
18 Ways to Secure Your Electronic Documents
Question
Are your organization’s document management security inefficiencies leaving you open to legal and economic repercussions?
Compliance
Compliance with mandates such as the Privacy Act, Freedom of Information Act, HIPAA and the Sedona Principals for e-discovery and disclosure are causing ongoing concern within government agencies and corporations…and increased need for solid document security.
6 Facts About U.S. Business Documents
Over 30 billion original documents are used each year in the United States.
The cost of documents to corporations is estimated to be as much as 15 percent of annual revenue.
85 percent of documents are never retrieved.
50 percent of documents are duplicates.
more >>
6 Facts About U.S. Business Documents
60 percent of documents are obsolete.
For every dollar that an organization spends to create a final document, 10 dollars are spent to manage the document creation process.
SOURCE: Microsoft Corporation
Electronic Document Management Systems
Electronic repositories designed to provide organized, readily retrievable, collections of information for the life
cycle of the documents.
Challenge
How can you keep theseelectronic files secure
during the entire chain of custody?
From Blue Mountain Data Systems
18 Security SuggestionsFor Your Electronic Documents
Suggestion #1
Paper documents may be secured by locking them in a file cabinet or safe. Before they are digitized, however, a security hierarchy must be carefully planned, to avoid inadvertent disclosure.
Suggestion #2
It is important to preserve the original files in an unalterable state in order to add legitimacy to the system. When scanned, PDF is a standard storage format. Searchable PDF is even better.
Suggestion #3
You need to develop a consistent, scalable security hierarchy that’s easy to administer and update as staff and roles change.
Suggestion #4
This makes your security management tasks easier to manage. It’s a waste of time to manually adjust permission settings on a multitude of documents.
Suggestion #5
Enable rights to the EDMS application through Active Directory. This enables assignment of individual and group rights, as necessary, as well as making it easier to change or update security as your organization and document security needs change.
Suggestion #6
While rights to the application may be established via Active Directory, establishment of security roles within the application facilitates a more granular approach to controlling who can see various collections of documents, as well as who can administer the application.
Suggestion #7
If your employees access the document repository via mobile phones or tablets, you should disable automatic login so that the secure information is not compromised should a device be lost or stolen.
Suggestion #8
The majority of security issues with documents are due to internal mismanagement or manipulation. The biggest threat may already be inside your firewall. It is important to protect documents from insiders – employees who may want to steal information such as customer bank account numbers or electronic medical records. Innocent threats include inadvertent deletion of documents. This may be controlled through the use of read-only permission assignment to document storage areas.
Suggestion #9
One of the most dangerous and easily preventable ways of ensuring document security is to only allow employees or contractors access to sensitive files when they have a need for such access, and only for as long as they need access to them. This prevents inappropriate access of those documents at a later date and will prevent your company from potential litigation.
Suggestion #10
Ensure that there are provisions in place to prevent non-malicious events such as accidental deletion or modification of documents from occurring by users. Remember that your employees are your most valuable assets but they are also the most likely to make mistakes. These unintentional mistakes can hurt your company’s reputation.
Suggestion #11
Be sure each piece of information you gather is necessary for any of the current functions or activities of your organization or agency. If you don’t need it, don’t collect it in the first place. Also…don’t collect personal information just because you think that you will use that information at a later date. Don’t store what you don’t need.
Suggestion #12
Be sure all personal information has been removed from electronic devices before you assign them to a different user, or send them to be recycled.
Suggestion #13
Disable electronic document exports for employees who do not have permission to store sensitive documents locally.
Suggestion #14
Are your records and documents protected from fire, flood, and natural disasters? Have a backup plan that saves files in an alternative location should a disaster occur.
Suggestion #15
It is just as important to delete files as well as keep them. Review records retention guidelines. If you don’t have a records retention schedule, create one. Schedule the destruction of electronic records you do not need to archive once they reach the end of their useful life.
Suggestion #16
Email is a vital tool for all organizations. Yet it can expose your agency to significant risks due to the unintentional disclosure of confidential information, as well as data loss or destruction due to viruses or the unintentional downloading of other malware programs. Secure your employee email accounts and archives, and control via policy the types of attachments that may be emailed.
Suggestion #17
When your employees create files using word processing or other applications, information about them and the edits they make are stored as hidden information within the document file. This information is called metadata. This hidden metadata can become visible accidentally – when a file is improperly converted, or when a corrupted file is opened. Reduce or eliminate the metadata in your documents before you store them electronically.
Suggestion #18
When you destroy electronic records from your EDMS, be sure they are gone for good. Many people don’t realize that files that have been deleted can be recovered using forensic recovery software. Ensure that hard drives are “scrubbed” so that the data is not recoverable.
ABOUT US
Blue Mountain Data Systems Inc.
Blue Mountain Data Systems Inc. is dedicated to application and systems development, document management and the automation of workflow processes.
Read more about our experience here:>> http://bluemt.com/experience
MANAGEMENT
Paul T. Vesely Founder, President, CEO and Principal Architect
Mr. Vesely is a recognized thought leader in systems architecture and delivery, having designed and delivered many enterprise wide information and document management solutions. Mr. Vesely’s history includes 33 years experience in the information systems industry, with Unisys, Grumman, PRC and a host of clients in both government and private sectors.
CONTACT US
Contact Us Today to Discuss Your Next IT Project
HEADQUARTERS366 Victory DriveHerndon, VA 20170
PHONE 703-502-3416
FAX 703-745-9110
WEBhttp://bluemt.com