BY DENNIS CHEPURNOV
Information security is often perceived as a highly technical and often futile pursuit. We can thank the entertainment industry for this – evil hackers who can break through any cyber-defences certainly make for an exciting storyline.
Sure, the risk to your information is very real. However, in real life, smart information management does not have to be complicated – it starts with common-sense practices and tools your organisation may already own.
6 steps for improving information security and compliance
- Dust off document management (it’s back)
Many of the features you need to improve for information security and compliance have been part of information management platforms for decades. Today, they are more relevant than ever:
- Version control is critical to defensible data processing and holds, ensuring that the right version of a document is processed or produced during eDiscovery
- Records and retention management automates the process of declaring documents as records, placing holds and performing retention tasks like automatic deletion or archival, which reduce exposure in case of a breach
- Automated data classification during capture allows organisations to automatically apply security, access and retention policies to documents
- Data masking and redaction enables automated masking of private or confidential information in documents based on business rules
- Enhance data protection at every state
Your organisation’s data can be vulnerable under various circumstances: when it is being used, when it is being stored, or even when it is moving between your systems. You can take certain precautions to improve data protection in each of those states:
Secure development lifecycle is a software development methodology that prioritises information security, ensuring that your software vendor reduces vulnerabilities in your systems and provides faster and more effective incident response
Data encryption adds an extra layer of protection to your data at rest, in transit or in use, making it unusable to attackers in case of a breach
Distributed disk groups and redundant configurations are commonly deployed to support business continuity and disaster recovery programs, and reduce or mitigate the impact of not only natural disasters but also ransomware and DDoS attacks
Access controls and group policies allow administrators to fine-tune access to information based on user roles or corporate policies
Password security policies and inactivity time-outs can be configured to ensure users pick strong passwords and don’t inadvertently expose sensitive data when they walk away from the terminal
- Detect confidential data outside core systems
Today, our business data exists across numerous systems and applications throughout the organisation. When sensitive information ends up in unintended places like file shares, email attachments and cloud storage, it creates significant security and compliance risks for an organisation.
A confidential information discovery solution can help proactively monitor for and remove confidential information from unauthorised locations across your organisation.
For example:
- Federated search enables monitoring across any number of systems, sites, applications, repositories, devices and hundreds of file formats
- Robust querying detects keywords, phrases and character patterns in files, attachments and metadata
- Automated search queries generate alerts when the system detects violations
- A flexible rules engine supports multiple departments and different compliance requirements
- Enable sharing and collaboration without compromising control
Organisations often have to share information with internal and external users, but doing so can introduce risks and vulnerabilities if the sharing system lacks enterprise security features. Enterprise-grade file sharing services like ShareBase by Hyland provide employees and partners with the file sharing and collaboration features they need while keeping your information secure.
A few of the ways it does so include:
- Robust access controls allow the use of corporate user accounts, SSO integration and easy transfer and revocation of access
- Data encryption and extensive data centre security protect your information
- Compliance with data protection and location requirements minimises compliance risks
- Automated sharing reduces errors and the risk of accidental exposure
- Streamline and automate compliance-related processes
It is well known that automation and system integration technologies help streamline processes and improve productivity. As an added benefit, they can also be a great ally in protecting information and reducing risk.
The fewer systems and hands that touch the information, the smaller the chance of exposure or breach. Here’s how automation and integration help:
- Workflow automation, robotic process automation and system integration automate the flow of information, reducing human touch to improve speed and accuracy
- System consolidation removes redundant and outdated systems that can introduce unnecessary vulnerabilities into your information management environment
- Case management tools standardise data handling processes and provide visibility and accountability
- Policy distribution workflows automatically distribute and track acknowledgement of security and compliance policies and can help prove due diligence during litigation or audits
- Simplify audits and eDiscovery
Many security standards, privacy regulations and litigation processes rely on your organisation’s ability to produce defensible logs and reports that can prove compliance and due diligence pertaining to information access and processing. Modern information management tools make it simple to configure and access system logs and reports.
Some tips include:
- Reporting and logging features of your information management tools can help you generate reports detailing user access and security, process health and changes to system configuration, repositories, user groups and permissions
- Advanced search tools can help find records based on index values, keywords, dates and other metadata and contents
- Auditing features provide defensible audit trails for user and system activity and can enable external access for auditors and regulators, reducing audit disruption to your staff
- Stay proactive
As you can see, taking a proactive approach to information security and compliance can start with technology your organisation likely already owns.