Why it pays to be pessimistic about data security

Ben Mitchell, VP Global Commercial Operations at DocsCorp, advocates for a ‘glass half empty’ approach to data security and protection.

Generally, pessimism is not something I’d encourage. In many of life’s challenges, optimism can make it easier to cope and influence the outcome for the better. And, let’s face it, no one likes the person who, in every meeting, brings the mood down with a healthy serving of negativity.

An aversion to pessimism shouldn’t apply, however, to data security when your organisation is entrusted with people’s sensitive information. You cannot assume that your employees or contractors won’t misuse their access for personal gain or make innocent mistakes.

To truly protect and manage your information, a pessimistic security model is needed – one that assumes the worst so it can do the most.

Why now?
Prior to 2019, the business world wasn’t sure how far the enforcers of the GDPR would go in dishing out punishments. It’s been made clear in recent months that these regulators have teeth, and businesses that suffer a data breach could be stung with a multi-million pound fine as we saw happen to Marriot, British Airways, and Uber.

Inadequate data protection doesn’t just result in financial penalties – the cost to a professional reputation can be enormous and, sometimes, irrevocable. In this sense, to say it pays to adopt a pessimistic security model would be an understatement. It is the insurance policy against data breaches that every organisation needs.

The key component
In its extensive 2018 Insider Threat Report, Verizon included a list of more than 20 things a business should do to minimise the risk of malicious insider activity and human error. Their number one recommendation? Integrate security strategies and policies. When you take a holistic approach to data security, it means all the moving parts of your security strategy are working together, so nothing can slip through the cracks.

A smart, secure, integrated new solution
DocsCorp and iManage have partnered to deliver a unified security platform that can be leveraged at scale. It enables businesses to extend their internal document controls from iManage – who can and can’t see a folder or document set, for example – to all email communications. The benefits of this are two-fold: you reduce the likelihood of a data breach originating from inside your business, and you minimise how much data is impacted.

How it works
Using iManage Security Policy Manager, the user can define corporate information policies and ethical walls. These specify who can and can’t see, edit, and download documents relating to specific clients, projects, or matters.

Then, in the cleanDocs panel inside Security Policy Manager, users define the email addresses that are authorised to receive email communications related to that client/subject/matter, so that information doesn’t end up in the wrong hands.

Emails that breach policy are immediately stopped and flagged by cleanDocs. Users can correct the non-compliant component and send. Compliant emails, however, are sent without any delay.
Critically, cleanDocs acts even if there is no document attached since sensitive information could be in the email body.

This solution has a pessimistic security model baked in and will demonstrate to clients that your organisation takes security seriously. Sleep better at night, knowing that your data is protected against fraudulent activity and human error.

Register for the Ascertus Client Forum and find out more about this joint integration from Ben Mitchell during his TED Talk Style presentation.

Comments

Leave a comment

Your email address will not be published. Required fields are marked *