Dean Sappey, DocsCorp, Legaltech News
Organizations have focused on securing the storage of documents, but
little attention is paid to access and distribution of documents.
Document security is an ever-changing landscape.
As legal operations around the world continue to digitize at a rapid pace,
software providers are doing their best to keep up with new document security
risks that arise.
When evaluating document security in a law firm
or corporate legal department, there are generally four kinds of risks to
consider:
1. Operational risk, where efficiency is negatively impacted by
documents being lost, misplaced or simply taking too long find.
2. Monetary risk, where firms experience a financial loss or
penalty from documents being lost or misplaced.
3. Reputational risk, where lost or misplaced documents can harm
a reputation.
4. Security risk, where documents containing sensitive
information, such as client and employee details, are not properly secured or
end up in the wrong hands.
While employing an effective document management
system (DMS) is sufficient to address the more common issues, in 2017 it is
worth taking further measures against three main issues: multiple document exit
points, harmful metadata leaks, and hacking. The most obvious may not be
biggest danger.
While organizations have focused on securing the
storage of documents in their DMS and the location of that storage (data
sovereignty), little attention is paid to the access and distribution of
documents which are for legitimate purposes.
Multiple
Document Exit Points
There has been a significant rise in the number
of people using BYOD devices across multiple industries in recent years. These
devices represent a potential breach in network security measures. In 2017,
documents will be exchanged between desktop and mobile devices as well as
through servers and the cloud, making it difficult to keep track. Additionally,
while your firm may have security measures applied to an internal email server,
it is possible they are not compatible with a smartphone or tablet.
Even without using mobile devices documents are
opened, read, emailed internally and externally, and shared using any number of
file-sharing products. This is most easily compromised by sharing with the
wrong person—such as accidentally emailing the document to the wrong person or
sending documents without password protection applied.
Solution: Create guidelines around BYOD devices and
communicate these to employees to ensure correct use. Determine how many
document exit points exist within your organization and apply relevant security
measures to all of them. Ensure proper procedures are in place to double-check
the email address of documents being shared both within and outside the
organization.
Metadata Leaks
With multiple document exit points comes an
increased risk of metadata leaks. Metadata leaks can harm a firm’s reputation
and result in a loss of clients’ confidence. It also can result in lawsuits, if
identifiable information is exposed. To give an example of how it could
embarrass an organization; if “track changes” on a document aren’t wiped before
a document is released it is possible for opposing counsel to see every
collaborator’s name, comments and every change made to that document. Whilst
many organizations have implemented this process when emailing documents, very
few have considered other exit points, such as through file-sharing
applications.
Solution: Documents must be cleaned of metadata at
each and every exit point to eliminate the risk of a leak.
Metadata cleaning should be an automatic
process. Opt for a metadata removal tool that offers an email plug-in, so that
users are prompted to clean documents before they are sent outside of an
organization. Ensure the software application also is compatible with mobile
devices and the cloud, if necessary. Additionally, ensure that this same
metadata removal tool is activated when sharing documents via file-sharing
applications.
Hacking
As certain events in 2016—from the Panama to the
alleged hacking of U.S. Democratic party email accounts—demonstrate, prominent
and sophisticated hacking is ever-present. In the legal industry, it might be
in the form of denial of service, IP spoofing or port scanning.
Putting up barriers to hacking is vital to
protecting intellectual property and employee information. Additionally,
failing to adequately protect client documents from hacking will inevitably
hurt client relations and the firm’s livelihood.
Solution: Ensure there are sufficient firewalls
installed in your IT network. These firewalls are designed to prevent hacking
and unwanted or unlawful intrusions. They also act as a simple way to restrict
employee access to certain documents within your firm. Educate staff to
recognize suspicious incoming emails that could provide the access point for
hackers.
To protect your firm from threats against
document security you must determine which type(s) of risks could impact your
firm and then put into place the appropriate solutions. These solutions should
safeguard sensitive information from hackers while preventing embarrassing
internal leaks. In the legal industry as in life, it is always better to be
safe than sorry.
No comments:
Post a Comment