Defend Your Documents: Why Your Organization Needs Better Document Control


Hacker threat

As discussed in our piece on legal security, law firms are under increasing scrutiny by both corporations and regulatory agencies. It’s all too easy to forget, however, that legal services isn’t the only industry that’s fallen under the watchful eyes of regulators, just as it’s easy to forget that one’s own employees can pose just as great a risk as a third-party vendor. In large part, this is due to the new-found prevalence of file sharing within the enterprise.

Documents containing data such as intellectual property, commercially sensitive data and financial information are being shared with increasing frequency both inside and outside the organization. On the one hand, this allows employees to better collaborate with one another and enjoy greater productivity as a result. On the other, it also presents a significant security risk for an organization that’s caught unprepared.

The problem here isn’t that employees are sharing sensitive files – it’s how.

File Sharing’s Position in the Security Paradigm

“Cloud sharing has become prevalent among many workers who want to share documents but don’t feel like using physical media to transport them” writes Cybersecurity and Digital Forensics Examiner Paul Kubler, speaking to Digital Guardian. “This may be because the files are large, USBs are restricted or email filters catch the documents. This can present a problem in collaboration. Companies need to find secure alternatives for their employees to share documents they can deploy at the enterprise level.”

“Without this,” he continues, “employees may use a plethora of free vendors or have numerous accounts, and none are being audited or monitored.”

Freed of oversight, employees can – and will – make mistakes. A 2014 study by the Ponemon Institute saw 61% of employees confess that they send unencrypted emails, fail to delete confidential documents or accidentally forward sensitive data to unauthorized recipients. The study also found that 50% of security professionals do not believe their business has the capacity to manage and control user access to sensitive documents, and that those organizations that do have file-sharing policies are not effectively communicating them.

Within your organization or without, a shared file will eventually find its way to someone who will misuse it. Whether the user responsible does so out of ignorance, malice, greed or frustration – likely the former – the end result will be the same. Sensitive information will fall into the wrong hands, and your business will be left to deal with the consequences.

Just look at what happened to DuPont. In the 1990s, a couple founded a small company that aimed to take advantage of China’s desire for a white pigment named titanium dioxide. DuPont’s employees sold the couple sensitive documents containing information on the pigment, which were in turn sold to a competitor owned by the Chinese government.

In order to avoid encountering a situation like DuPont’s, you must adjust how you secure your organization – security controls that authenticate users to file sharing servers and encrypt the files when downloaded are insufficient. Your security measures must instead follow your documents wherever they go, including third-party environments which your IT team, for all practical purposes, cannot control. That’s where WatchDox by BlackBerry comes in.

The Watchdox Solution

WatchDox provides DRM (Digital Rights Management) security to protect even the most sensitive documents from being leaked or misused – without inconveniencing the people trying to access them. Recently recognized for the second year in a row by Gartner in its 2015 Critical Capabilities for Enterprise File Synchronization and Sharing report, it allows businesses to safeguard their data without having to sacrifice an ounce of productivity.

Here’s how it works:

  • The owner of a shared document library chooses how and with whom they will share their files. No one else has access.
  • Depending on the policies set by the owner, users may be able to make and save edits to the original file on the secure server, save the file locally, forward it to other parties, make printouts, or any combination of the above. A typical security-conscious configuration only allows edits to the original secure server-based file, and prevents forwarding, local re-saving and printing.
  • User-specific background watermarks can be enforced so that anyone who misuses a sensitive document is immediately held accountable.
  • Securely shared folders are readily accessible on any authorized user’s device through WatchDox clients and plugins. They are also accessible through a web browser.
  • The DRM security capabilities are supported by Microsoft Office with a WatchDox plugin, and WatchDox clients are available for both iOS and Android devices. This DRM ensures that WatchDox files are always uniquely encrypted for each specific authorized user.

Defending yourself against malware and sophisticated attacks is all well and good, but don’t forget to protect yourself against smaller threats, as well. Given the right circumstances, an uninformed, misinformed or malicious user can cause just as much damage as a black hat criminal. Unless your business enforces a document-control policy of some kind, and supports it with a solution such as WatchDox, it will inevitably find sensitive assets falling into the wrong hands – if not due to internal employees, then due to a partner or vendor.

Want to learn more about how BlackBerry safeguards your security, or have a few questions about WatchDox? We recently hosted a leadership interview with David Kleidermacher, BlackBerry’s Chief Security Officer. You can view it (and other previous webinars) on BlackBerry Enterprise Webcast Central.

About Jay Barbour

Jay brings more than 15 years of security experience to BlackBerry where he serves as Security Director for the BlackBerry Security Group. He works closely with government agencies, strategic and carrier sales teams and key customers to champion security policy for BlackBerry mobile devices. Prior to joining BlackBerry, Jay was vice president of marketing at Intrusion Inc., and vice president of product management at Scansafe. Jay holds a degree in Engineering Physics from Queen’s University, Canada, an MBA from INSEAD, France, and is a Certified Information Systems Security Professional (CISSP).

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus