Aussie businesses warned of 'dirty document' threat
Aussie businesses warned of 'dirty document' threat
Sep 20, 2005: In the wake of the recent spate of document security breaches and inadvertant leaks of sensitive information both here in Australia andglobally, document management specialists Workshare has introduced a setof guidelines to help organisations ensure that the documents they produceand share electronically are secure, clear of confidential data and complywith internal policy and external regulations.
The company's "Five Steps to Document Integrity", which was launched byAndrew Pearson, Workshare's general manager for Asia-Pacific, atMediaConnect's Face the IT Media Forum in the Hunter Valley, has also beendeveloped to encourage companies to scrutinise existing data protectionand risk mitigation strategies. It is the first part of a global campaignto combat a phenomenon known as the "inside-out" threat, which is theopposite of malicious external threats, such as hacking attacks, whichcompanies' security strategies are generally set up to combat.
The release of the guidelines is timely indeed, given that it is only afew weeks since Victorian Premier Steve Bracks told the media that he was"sick and tired" of security breaches following revelations of incidentswhere classified files from the police database were inadvertently leaked.The most recent case involved a prison officer who upon applying to seehis police file received 1,000 files on other people who shared hissurname, which also included the names and addresses of victims andalleged offenders. While the breach was due to human error and was notmalicious, the damage it caused was far reaching, with major legalramifications.
"The inside out threat is still not understood or taken seriously byorganisations here in Australia," said Workshare's Andrew Pearson. "Theydon't yet comprehend the considerable technical and business risks theyface because they are focused on more widely publicised external threatssuch as viruses or hacking. But the threat from within has the capacity tocost businesses millions of dollars in lawsuits, lost business andunquantifiable damage to reputations."
The five steps are as follows:
- Understand the level of threat withing your organisation
- Conduct a risk assessment to understand the threats your organisation faces
- Develop risk mitigation policies based on document integrity classifications
- Configure and deploy document integrity safeguards
- Regularly audit risk mitigation results
"Many companies believe they have effective data governance policies anddocument integrity solutions. Frankly, many don't. Their policies areeflawed because the onus is on people to make manual document security andintegrity checks, rather than using effective technology to do it for themautomatically and transparently. We believe information integrity andsecurity are too important to be at the mercy of human error."
Pearson concluded: "Corporate governance is near the top of everyAustralian CEO's agenda. But what does this mean? In simple terms,corporate governance is a set of policies supported by processes. But whatare these policies worth if they are not enforced? There is also a fineline between governance and productivity. Too much governance greatlyreduces productivity. On the other hand, policy enforcement should neverprevent a person doing their job. In our view, enforcement should beautomated and transparent to the end user."
Related Article:
Confidential information at risk in run up to end of financial year