Guest post by Patricia Hill. Manager, Xerox MPS Insight Programs
Research and experience tell us that perhaps the most risky part of a document process might be the people who use it. Knowledge workers and other employees mean well, but they’re human. They make mistakes. They find shortcuts, so they can do more with less. And sometimes, they make document security decisions that put the firm at risk.
Here are just two examples of what happens when organizations put themselves in harm’s way from unsecured paper documents:
- In 2011, the U.S. Department of Health and Human Services, citing HIPAA, fined two hospitals a total of $5.3 million for improper management of paper records.
- A Florida bank agreed to pay the state $850,000 plus an additional $125,000 to a charitable organization after an employee stole records containing credit card numbers, bank account information and other personal data for 8.5 million customers.
Many more examples are just a Google search away.
Taking the Threat Seriously
This threat isn’t going away any time soon, so it’s clear enterprises must take measures to ensure safe practices all along their document infrastructures and processes. It’s no surprise that InfoTrends research has identified security as one of two main IT initiatives among U.S. businesses.
Fortunately, there are proven ways to mitigate the risks to document security. Recent posts on this blog have looked at ways to make device endpoints more secure. Here are some common security risks that knowledge workers face and recommended practices that can help employees keep business documents safe.
Print goes to wrong printer
User forgets printed document, leaving it abandoned at printer
Documents left on desk or in conference room
Compliance and information privacy
Documents misclassified or not labelled confidential
Slow transaction time waiting for signed documents
Clean desk policy
More Ways to Work More Securely
Here additional things to think about as you develop tighter security strategies for your documents:
- Document Repositories – Maintain one version of the truth. This makes it easy to find the latest version of a document and harder to use wrong or outdated information, which can be a compliance hazard.
- Print Policy – Make sure employees understand why print policies are needed (secure confidential information, reduce cost, protect the environment) and engage users in ways that make users willfully compliant.
- Document Classification – Documents containing private or confidential information must be clearly labelled and employees educated on what those labels mean and how to handle them. Publishers should learn how to secure documents in repositories that have appropriate authentication and access controls.
Ask Your Document Outsourcing Partner to Help
No one can afford to ignore the issue of information safety. Document security affects most industries – healthcare, finance, government, education, and more. According to another IT research study, 90 percent of U.S. organizations experienced leakage or loss of sensitive or confidential documents over the 12-month period studied.
Keeping document information safe takes awareness and effort at all levels, from end users to leaders who create the security strategies to the vendors who help enforce them. Document management providers can help enterprises and their employees keep information secure. Ask your provider what strategies they recommend for better document security.