22 Mar 5-step guide to information security and governance
The challenge of protecting business critical information has never been greater. Just last month we saw how quickly things can go wrong when businesses misuse people’s data or tread a very thin line between what is legal or not.
With an ever-increasing amount of personal and sensitive information, the rising number of remote and mobile sources, the different formats and value of information available, there is no question that organisations’ have to do everything they can to protect customers’ information.
On the other hand, the rising costs and financial penalties for failing to comply with information security regulations can have a huge impact, especially if you’re running a small business. The new General Data Protection Regulations come into force next month – are you ready for GDPR?
Earning your customers’ trust by securely managing their private information is essential
Your customers place a lot of trust in you to protect their personal and private information. Securing their information throughout the document lifecycle doesn’t have to be a chore; there are lots of secure document management systems that will secure data from initial contact to data destruction.
Five best practices to realise the benefits of information security governance
1. Define information access based on user credentials
Access to business information is best governed by role-based authentication of individuals or groups. It is normally possible to set permissions at the document or folder level, as well as by application, by device or by function, for example fax, copy, scan and print. With the right authentication process in place, such as passwords or ID card validation, you can effectively ensure the right people have access to information.
2. Extend security policies every corner of the enterprise network
Protecting the core of your infrastructure must be accompanied by adequate defences at the periphery, which is where business information often enters and leaves an organisation. It is therefore critical that this is not left unmanaged. Remote monitoring and reporting tools can assist in consistently managing diverse and distributed devices across the global enterprise.
3. Encrypting business data on devices
It’s not uncommon to overlook connected devices, such as mobiles and tablets, and access to open WiFi connections where there are very real threats to security. When someone accesses an open or public WiFi network, data such as user IDs and passwords are stored. It’s important to have secure encryption as standard to ensure there is no risk that this data can be hacked. With the interconnected world we live in there are many areas of the business that need protecting, including scan to email functionality, PDF password encryption and any data stored on the device hard drive.
4. Monitor security across the entire document lifecycle
A security policy that protects business-critical information must cover its input (when it enters a company), movement throughout the business, output (when the information leaves a company) and storage, including secure scheduled destruction. Administrators in organisations need to be able to oversee the entire document lifecycle and should be able to track and record all activities at each of these stages. Make sure there is an audit trail that includes traceable information that contributes to compliance reporting and alerts you to potential information security threats.
5. Secure destruction of information on the device
Did you know that printers, scanners and copiers retain information in their internal memory of all the information they process? As a business, you need to the ability to overwrite stored business information so that it is unrecoverable or irretrievable. As part of GDPR, it will be a requirement to show proof that this type of information has been effectively destroyed from printers and multifunctional devices – including the print drum and internal memory.
Would you like to know more about the hidden threat that most of our clients overlook? Read our blog GDPR and data cleansing now.
If you would like to learn more about securing information and ensuring compliance with new legislation, just fill out the form to the right to download your copy of our Security Solutions report.