According to a study by IBM, 24% of data breaches are caused by human error. Some of these breaches are the result of phishing attacks or poor device protection, while others are the result of routine document mismanagement. In other words, a large chunk of data breaches are the result of specific human behaviors. So, what if there was a way to eliminate human error from the equation?
That doesn’t mean that people wouldn’t create, edit, and share documents. They would. But rather than use time to think about good data archival or sharing practices, they could focus on their core tasks and work that requires human interaction.
So How Did We End Up in a Situation where Humans Are the Weakest Link?
To really understand how we got here, we have to go back to a time long, long ago — before computers.
Before computers, we had a file room full of paper folders and a file clerk to manage the archive. This clerk, this person, knew where everything was and what it related to. This person knew which personnel could access which information. And they had their own systems and methods for making sense of everything that’s there.
When we introduced network drives and folders, we brought the file room into a digital space, but we left out the clerk.
So now it’s up to staff to control and govern information. And this is precisely where the problem lies. Businesses need an information controller, and luckily with modern technology, this controller doesn’t have to be human.
Remote Work Calls for Even Better Control
Now that work is increasingly remote, the need for control over how documents are found, accessed, edited, shared, and stored is bigger than ever. It is much harder to holler at a colleague to ask about a document now that you no longer share the same workspace.
And because people are people and will resort to the path of least resistance, it is vital to enforce good document management practices. Personal file-sharing solutions can lead to data leaks. Sharing documents as email attachments cause versioning chaos. And saving duplicate versions of a document makes it impossible to know which version to trust, or where all these duplicates are stored. And this all will happen if you don’t provide easy-to-use tools to automate and guide document management protocols. These versioning and duplicate document problems can be a nightmare for compliance strategies, for example — all of which could be avoided.
Information Management as the New File Clerk
One way to control how staff behaves is to create protocol and procedure, and train staff on the importance of information security and proper information management.
However, another way is to leverage technology and specifically information management technology to automate how people behave and interact with information. With this approach, staff doesn’t have to think about good data archival or sharing practices, and instead they can focus on their core tasks and work.
Information management not only provides governance for sensitive content, but it is the bedrock solution that mitigates how staff interacts with information. And when the system automatically manages the information the way it’s supposed to be managed, it means that staff doesn’t have to make decisions or think about how to manage a document, or where to save it. Instead, they can focus on their core task.
In short, these systems set the parameters for how staff stores, accesses, shares, and manages documents and other content according to established company standards. Organizations can do this with the help of features that set up retention policies, automate editing and approval processes and other workflows that support business processes. User and access rights can be easily controlled with metadata, and version control and audit trails become easy and automated.
Want to learn more about information security and information management? Check out this webinar, where Teemu Myllykangas from F-Secure spotlights the recent security risks propagated by an increase in remote working. Then, I share some incredible insight on the role of information management in organizations’ information security strategies.