What Level of Document Security Do You Need for Your Business?

By | January 17, 2012

Documents are a necessary part of the operation of your business. Today, many of the documents that pass from employee to employee, business to business and business to client are stored on a computer or linked to a network so they can be shared and accessed by those who need to view these documents. Unfortunately, these documents can also be accessed by individuals who are not authorized to view them. This can leave your business vulnerable.

Determining the Level of Security You Need

The level of security you need depends on who will be viewing your business documents on a regular basis. If it is exclusively you and your fellow co-workers or employees, you need a different level of security than if you are allowing documents to be viewed by people outside the physical confines of your business. Make a list of who you want to have access to your documents and the common methods you use to disseminate information between employees, other businesses, clients and customers. Ask yourself the following questions:

• Who can view your documents and how?

• Are your documents available through your business’s intranet or more widely available through the Internet?

• Do you allow access to your documents on your company’s website through password protected access for company employees?

Information Contained in Your Documents

The most important part of determining what level of security you need is the type of information typically contained in your company documents. If your company files contain sensitive employee information such as Social Security numbers, medical information, insurance information, and other private information you should consider a high level of document security. Legally, you are required to offer a certain amount of protection when it comes to personal employee information. If you are not sure who can access your company’s information, go for a higher level of security to avoid potential security issues.

Do You Want to Let Users Change Information?

Decide how interactive you want your documents to be when they are viewed by either your employers or clients. You can choose security options that allow the user accessing those documents to make changes or you can choose a setup the prohibits any changes being made to documents, except by those authorized to do so.

Peer-to-Peer File Sharing

Peer-to-Peer technology is common among many businesses these days, but has poses some risks. P2P technology makes it easier to share document and video files. It can also be used to conduct phone conversations. Files can be accessed by anyone who joins the network as long as they have the correct software. P2P can be a good way to share information quickly, but poses an increased security risk. There are ways to minimize security risks associated with P2P file sharing.

• Delete sensitive information that doesn’t need to be saved in this way.

• Restrict where files containing sensitive information can be saved.

• Reduce or eliminate the use of PSP file sharing on certain computers used to access and store confidential or sensitive information.

• Monitor your company’s network for unauthorized P2P programs.

• Block access to P2P programs by creating network firewalls or perimeters.

• Train all employees on how to properly use file sharing software.

Monitoring Your Network

Even if you choose to ban P2P programs, those accessing your network may still make an attempt to install them. Therefore, it is important to monitor your network on a regular basis for suspicious activity. Consider using administrative security controls to block who can access network sites. Sites can be filtered based on URL, file name, IP address or content. Install tools that keep track of all files installed on your network. Review your activity logs on a daily basis to scan for any unauthorized activity.

Protecting Sensitive Information

Regardless of how your documents are saved or stored on your network, you still need to develop a plan for protecting sensitive information. Restrict location where files containing confidential or sensitive information can be saved or copied. Network servers can be configured to create barriers to certain information. This allows for more widespread use of P2P file sharing programs since these programs do make it easier to share information to effectively run your business. Avoid using file names that make it clear what the file contains, especially when it comes to sensitive information such as employee files.

Establish a clear policy when it comes to document security at your business. Make sure all employees are aware of this policy and follow it anytime they post or access documents. Clearly define your security needs. By evaluating your needs you can establish a level of security that allows you to run your business without constantly worrying about security threats.

Guest Post Author bio

Stacy Gianakura writes for Brainloop, a company specializing in creating a highly secure workspace through secure online document sharing, information rights management, and other data protection services using the highly secure Brainloop dataroom environment.