Companies invest significant resources in externally-facing cybersecurity measures. With the focus on securing network perimeters, preventing malicious cyber attacks is the top priority for many companies’ data security initiatives. Other extra layers of protection, such as encryption, are also applied to data residing in the corporate network. These tactics are a great way to safeguard digital information, however, they’re not enough.

Popular headlines would lead us to believe that cyber attacks are the most prevalent (and potentially most costly) data security-related threat faced by businesses. However, the hard truth is that companies are actually 50% more likely to suffer a business loss from inadequate document governance than a digital data breach. According to IDC, more than 75% of large enterprises have suffered material loss (including compliance-related fines and costly audits) due to mishandling of documents.

What makes document data leaks even more unfortunate than cyber attacks is that they tend to be much more preventable, as the source of threats lie within the enterprise’s own walls. Malicious hacks require companies to counteract unknown and evolving external actors whereas internally-based document breaches can be simply stopped through better governance of known internal behaviors and risks.


Risks within Content

In virtually all industries, the creation of documents (both digital and paper-based) is essential to internal processes—whether putting together a sales contract, developing a project plan or specifying a vendor deliverable, for example. However, documents can represent an immediate risk to the business for any of the following reasons:

  • Accidental Data Leaks from Printing – Employees working in large offices might inadvertently send documents to the wrong printer or forget they printed them – leaving them vulnerable to interception by potentially unauthorized employees.
  • Human Error with Data Sharing – Workers sharing documents electronically might accidentally route or emails documents to the incorrect recipient, resulting in sensitive data being exposed, or other mishaps like missed deadlines.
  • Version Control – With no way for multiple employees to work on the same file simultaneously, workers defer to emailing different versions of the same document back and forth with other employees. This is not only inefficient but also rife with opportunities for oversights, such as edits being left out of final versions or clients being sent an earlier draft file. Operational errors like this are not only bad customer service but could lead to unintended profitability consequences.

Companies with document-intensive workflows have probably experienced at least one of the above challenges, but because they all seem minor compared to a major data breach, these issues are chalked as the price of doing business. In a vacuum, no single document-based data breach is likely to bring down a business, but the aggregate impact of fines, audits, and loss of business can ultimately put tremendous pressure on an enterprise. Fortunately, all of the above risks are avoidable.


Formulate Document Governance Strategies

The best approach to implementing document governance is to lay a foundation with protection of the metadata housed on documents (both physical and digital) being a clear priority. However, companies must not solely rely on their employees to safeguard data and ensure compliance.

In the above examples, human error was the driving force in the data breaches, and it is unrealistic to expect workers to not make mistakes while processing upwards of hundreds of documents per day. Companies must establish secure digital workflows with built-in automated security parameters to take the onerous task of ensuring security off of busy workers’ plates.

  • Digitize Paper Documents – Companies can ensure that all data residing in paper-based documents is more secure by converting these documents to digital files. There are document capture software tools on the market today that can “read” paper documents when scanned, identify key features like social security numbers or the word “classified,” and automatically redact information or encrypt the resulting file. These extra steps protect sensitive information while converting the document into a form more easily shared.    
  • Parameters for Routing Digital Files – To keep electronic files from falling into the wrong hands, businesses can set authorized destinations for all routed documents. This prevents employees from sending documents with recipients outside of their organizations (an example would be a government agency allowing workers to only route files to domains ending in .gov).
  • Collaboration Tools – There are PDF software tools that enable multiple users to work on the sale file simultaneously. This improves productivity, prevents any versions errors and better ensures clients are never sent unfinalized documents.
  • Secure Printing – Print management software holds print jobs in a secure queue until an authorized employee authenticates his or her physical presence at the device. This makes certain documents with sensitive information are never intercepted by unauthorized employees.


Make Document Governance Manageable

Many organizations see document governance as an overwhelming process. By supplying workers with the right tools and techniques such as those outlined above, companies can bring improved document governance seamlessly into daily processes. To ease adoption, businesses can also start with focusing on a sensitive-class of documents and then expand deployment from there.

Many companies are in denial about the dangers documents pose – believing error-prone, document-intensive workflows are too deeply ingrained in the business or the benefits of implementing better data governance are small in relation to the investment needed. This is misguided. Businesses can become significantly safer and more productive by implementing document governance strategies that enable secure workflows while maintaining high levels of worker productivity.