The Bread and Butter of Data Security

Cyberspace Rules Revisited

By Nicholas Edwards, Grace Information & Records Management Digital Solutions Specialist, Sydney, with contributions from David Ramsay, Grace Information and Records Management Brisbane Manager.

 

For the technologically savvy, and the technologically not so savvy practitioners, data security should never be taken lightly, particularly in a legal landscape. As modern workplaces edge closer and closer to the paperless society, there is the growing demand to ensure the security and ubiquity of all business documents when adopting cloud based systems.

The introduction of online Enterprise Content Management (ECM) systems allow for timely document retrieval at the click of a button; anywhere, anytime. But how do you ensure accurate security measures that enable and empower employees to access information, while at the same time providing security and audit trails to appropriately track and control information?

What can you do short term to ensure your own data security?

1. Ensure your work files are located on a network drive.

This will provide you with a safeguard as the IT department will be able to backup this location, providing security upon loss of laptop, tablet and computers; as items are not one the unit but on the company network.

2. Only open safe and secure emails and web browsers links.

Despite even the best spam software, sometimes suspicious emails and web browser links can make their way into your inbox, so ensure to always check links before opening and if in doubt check with your IT department.

3. Turn off all location tracking unless you explicitly need it.

As a rule of thumb only have tracking through search engines, tracking applications on devices or Bluetooth active when necessary.

For large corporations, best practice recommends installing software restricting access based on entity, department and document level as outlined below.

1. The entity rule: ensure the software can ‘group’ employees to allow easy access to information.

Organisations can use software to ensure the correct levels of access are allocated through the use of ‘groups’. The use of grouping provides ease of process management ensuring each employee is not provided access outside of their remit. The process of managing access protocols to a group of employees is far easier than managing each individual, and less prone to faults, ensuring continuity across the whole organisation. Additionally, the correct use of this system guarantees user level employees are easily defined by specific requirements, which assists the process of ensuring access is managed throughout the time of employment, and most importantly, once employment has ceased. This entity rule of tailoring group access creates data security peace of mind across the whole organisation.

2. The department rule: ensures that only the correct people from each department have visibility of information relevant to them.

Applying the entity rule to each department will ensure relevant employees have access and visibility to department information. A prime example of this rule is access within a human resources department, a department that exists in nearly every organisation and generally has some of the largest requirements for internal security. Systems allowing for restriction of access to areas of your network ensure this is correctly managed. As with the group-based system, this simplifies the process of managing access to each department’s information. For many systems, the added advantage of a zero visibility of items outside of an individual’s access assists in reducing the curiosity around information they can’t see. The use of the department rule provides compliance to each internal department’s unique requirements, regulations and policies.

3. The document rule: safeguards individual document control and incorporates an audit process to maintain secure data protection

The ability to utilise software to control access to documents provides confidence, but knowing you have the ability to control the ways in which an individual can interact with individual documents provides certainty. This allows for improved compliance, process management and data quality within your corporation. Individual document level access also provides an audit trail to identify the access and use of each document. Tracking user patterns at a document level provides visibility on user patterns and provides insight into process. The accuracy and ‘searchability’ of metadata against each document is critical to the ongoing use of any document management system. The document rule allows the organisation to track, manage and improve current information and access; providing confidence in the metadata captured against each document.

When adopting an ECM system, careful planning and the precise identification of each department’s requirements is critical to success. Once you have identified your organisation’s requirements you will then be able to accurately access which ECM system will work best for you and your organisation.