Data can exist in many formats and it's easy to focus on one area while at the same time ignoring another. In this article we put the spotlight on common situations where both your paper documents and digital documents could be the source of a data breach, which in turn could result in a significant fine.
Scenario 1 - Unauthorised Data Replication of Paper Documents
Often, it's assumed that data breaches due to documents "going missing" or being stolen are due to the physical removal of the documents. However, it's easier and far less risky to replicate the data and move it onwards digitally.
Smartphones have great cameras these days, and documents can be either photographed or captured using a scanning app - there are loads to choose from and they will even convert the images to pdfs and upload to the cloud in a matter of seconds. In no time at all, data has left your company, and nobody is aware.
Another route out of the building for documents is via the photocopier. Most photocopiers/multi-function printers have a scan function, and this often incorporates a scan to email option. Once again, in a matter of seconds documents can be replicated and off to the outside world.
Removing paper documents from your organisation and working digitally is the first step to locking down your sensitive paperwork. Just because your documents are digital though, it doesn't mean the threat has been removed. It's a good step forwards, but ultimately the only way to fully protect your documents is with a Document Management System such as eView or DocuWare.
Scenario 2 - Paper Documents Lost or Stolen
We've all read the articles that go along the lines of MP leaves folder full of confidential documents on a train. Here's a classic from 2008 courtesy of The Daily Telegraph and another from The Guardian in March 2017 - The documents found their way to the Daily Mirror. On top of this, theft is almost as common - a locked box containing top secret documents was stolen from the car of Marcus Beale, a counter terrorism police chief's car in June 2017.
Clearly these are high profile cases that have made the news, but the damage can be equally bad for a company of any size. Once again, had these documents only existed in a digital format, these high-profile incidents would never have happened.
Scenario 3 - Total Loss of Documents
Although a total loss through a fire or flood isn't a data breach in itself, it would be a serious headache and could easily mean a failure to comply with GDPR rules. One example of this would be a right to access request - if your documents don't even exist, how would you fulfil the request? Quite simply you couldn't, and you'd have a serious problem and most likely face a fine.
Scenario 4 - Digital Documents can be easily accessed and shared
Digital documents are generally viewed as being more secure than paper documents. Reasons for this include the ability to password protect documents, user access control on network drives the documents are stored on, file encryption and most importantly the documents aren't physically accessible.
Unless your IT infrastructure is watertight though, there are also negatives to digital documents and vulnerabilities that can be exposed. Firstly, unless your access to the documents is 100% locked down you may find documents can be printed or emailed. Often IT Administrators end up with more access than they really need and are trusted not to abuse this position. Senior Directors are also often granted more access than is really required. Storing documents on a network drive isn't a secure approach and certainly isn't a document management system.
eView and DocuWare
Running a paperless environment with a digital document approach is only fully secure if the documents are locked down in a document management system such as eView or DocuWare.
eView and DocuWare give you immediate and controlled access to the documents you need. As the digital documents are held in a secure database, they can only be accessed through the system and not via network drives. This means users can be set up with specific access rights with the movement and amendment of documents fully logged. A complete audit trail comes as standard with retention periods being controlled from day one.
For further information contact: firstname.lastname@example.org