Document Management - White Paper (ID 5277).pdf Jul. 2014 | Page 15

Privacy of Company Information
Companies implement server firewalls and anti-virus solutions
to protect against potential security threats from the outside. Yet
research shows the biggest source of data tampering (as well as
the most financially damaging) comes from the inside.
According to respected industry research firm Gartner, company
employees are usually the culprits of unauthorized access
-- 70% of the time4. Perhaps more troubling, employee cases
comprise 95% of the breaches that cause a company significant
financial losses.
Placing company documents into a paperless environment is
the best method of gaining control over internal data security.
Talk of “data” in the context of information leaks makes one
think of only digital content, but actually 49% of the reported
access violations involve paper files, according to a survey by
Ponemon5.
Paper files are particularly vulnerable to information breaches
because it is difficult to know where a paper document has
been, who has seen it, or for that matter, whether it is missing
or just misplaced. Migrating to an all-digital format gives
companies a platform on which to establish effective security
controls.

The same Ponemon study also makes a distinction between
different types of digital data. ‘Unstructured’ data -- the files
scattered among hard drives, laptops, and servers in standard
Windows folders -- constitute the low-hanging fruit for data violators.
These unstructured files are not embedded into any kind of
document management system to track their usage or control their
access. People can view, copy, or delete content without anyone
knowing.
By contrast, a document management system will structure
company documents into a single system that logs the history of
user actions.
Structuring company files also enables password protection on
sets of important documents. An administrator can make certain
documents available only for certain managers (such as the head
of HR for personnel files) or for a whole department of users (i.e.,
engineers for CAD design files) and exclude others from viewing
or editing operational documents. The administrator can also
define access permission rules for recurring documents to ensure
protection is consistently applied to potentially sensitive material.
When managers have the ability to audit a trail of documen Ё