Document Security: Is the Real Threat Coming from Within?

Security Special Supplement

Document Security: Is the Real Threat Coming from Within?

By Special Guest
Sally Lopez, Content Manager, BPI Network
  |  December 15, 2017

Increased business complexity and the proliferation of shared documents increase the risk of information security breaches. Yet while news reports and shocking headlines may lead us to believe that these breaches are perpetrated by sophisticated cyber hackers, the majority of these security incidents stem from accidental leaks by employees who are struggling with document deluge coupled with a lack of proper document security protocol within their companies.

In a newly released report by the Business Performance Innovation Network titled "Getting Control of Document Flow: Exploring Exposure and Risk in Document-Related Security Breaches," around 60 percent of employees admitted that they had mistakenly sent out documents they shouldn't have at least once. And with the vast majority of survey respondents pointing to increased connectivity and proliferation of devices as the chief cause of document security challenges, it is especially worrysome that another 61 percent of respondents said their organizations lack effective document security measures.

The study indicates the No. 1 document security challenge, by far, is accidentally sending a confidential document to the wrong party. And with almost three-quarters of respondents saying their organizations produce sensitive or confidential documents on a weekly or more frequent basis, it is no wonder that the majority admit that they have mistakenly sent out documents they shouldn't have. While not all of these incidents make headlines, the impact of the accidental release of sensitive information is noteworthy in that is can damage reputations and create competitive risks, or even lead to lawsuits, lost revenue, lost time, and even job loss.

It is no wonder, then, that while 41 percent of employees are concerned about cyber breaches, more than six in 10 are concerned about accidental leakages. And with 81 percent of employees creating documents that contain sensitive information such as financial data, employee records, legal documents, contracts, intellectual property, and trade secrets, and 75 percent creating these types of documents weekly, there is certainly a basis for their concern.

Yet despite this mounting concern, only 31 percent of respondents feel their companies have an effective document security solution in place, and almost 44 percent say their company does not have widely understood policies and procedures to protect against information leaks associated with digital documents. And with increased business complexity, a surge in global partnerships and deals, more versions of each document before it is considered final, and greater compliance and regulatory oversight as just some of the contributing factors that cause the challenges experienced by these workers, it is no wonder that fully 90 percent respondents see significant security value in an easy-to-use technology that would allow them to track, update, and recall digital documents, and control access to them across local and global networks.

While the typical employee is producing documents in all forms on a daily or at least weekly basis, the PDF standard plays a leading role in document creation and distribution globally. This is especially true when it comes to sensitive documents that could cause the most damage if improperly shared, such as contracts and financial information. And in today's global connected marketplace, literally trillions of documents have been created in PDF format.

PDF solutions often provide valuable features, such as encryption and redaction, which can reduce security vulnerabilities. In addition, new technologies, such as those provided by the report's sponsor Foxit and its ConnectedPDF solution, can further the security of documents by making it possible for the PDF creator to control who can view and share the document, or recall a PDF document even after it has been sent, as well as track versions and remotely manage PDF documents. Yet while 90 percent of survey respondents said they are dependent on PDF solutions to do their jobs, only 16 percent feel their company has solutions in place that are "very effective" in protecting against the loss or accidental distribution of a confidential digital document.

Document security is a major unaddressed vulnerability in today’s enterprise. Close to half of all companies lack clear policies and practices to protect confidential and sensitive information from accidently or purposely being leaked? in the form of documents. Clearly, organizations should be doing more to help their employees protect high-value, confidential information. More needs to be done to communicate effective document security and data protection policies to employees, contractors, partners, vendors, and others. In addition, the right tools need to be given to employees to both prevent and mitigate leaks and accidental release of information.

Sally Lopez is content manager at BPI Network (www.bpinetwork.org).


Edited by Erik Linask
blog comments powered by Disqus