When it comes to data security, documents matter. Most organizations have invested in tools that enable them to securely manage their sensitive documents. They are struggling, however, to compel employees to use these tools consistently and correctly.
Throughout the IT industry, actual document management and security practices fall seriously short. Malware-infected files frequently penetrate networks and sensitive information often falls into the hands of unauthorized users.
Despite the pervasiveness and widespread use of mobile devices, many organizations lack mobile device management (MDM) capabilities and few enforce their bring-your-own-device (BYOD) policies.
Document Security by the Numbers
According to Accusoft’s “Closing the Document Management Awareness Gap,” study, 90 percent of security teams have some kind of document management system in place, complete with policies and training programs. Only about one-third, however, provide specific security training related to document management.
Roughly another third reported that sensitive documents had been compromised due to poor security strategies, and 43 percent acknowledged that employees don’t always comply with policies. Another 43 percent ranked downloading infected files as a top document security challenge, while 37 percent cited unauthorized sharing of sensitive information was the biggest obstacle and 19 percent said accidental document deletion as the most serious challenge.
The study, CIO Insight reported, surveyed 100 IT managers and 250 additional IT professionals.
Public Awareness Lagging
The public — including your employees — has been slow to grasp the need for document management and security. Until a few years ago, most people associated data theft primarily with personally identifiable information (PII), especially financial data such as credit card numbers. Intellectual property and other corporate assets didn’t cause as much concern.
Only recently have high-profile data breaches introduced the public to the risks and consequences of compromised confidential or sensitive documents. As this awareness grows, training in document security may become more widespread and have a greater impact.
At the same time, the challenges to document management are growing on the technology front — especially due to the now-pervasive presence of mobility and widespread bring-your-own-device (BYOD) practices. About three quarters of organizations have a BYOD policy in place, but only half enforce it at the most basic level by requiring approval of employee-owned devices before they can be used on the job.
Beginning to practice these security policies is a good first step toward corporate and document security. However, there is no single magic-bullet solution to the challenge of establishing and enforcing effective document security and management policies. But that doesn’t mean it’s impossible. Document security is primarily a matter of will, not capabilities.