05 May The New Rules for Protecting Unstructured Data
How many different places do you store work-focused unstructured data? For many people, handwritten notes, digitized ones in OneNote or Evernote, cloud-based storage systems such as Dropbox and Box, and productivity software is merely a partial list. This varies from person to person and department to department across most organizations.
Managing such disparate information is challenging enough, but securing it is even trickier. Many companies have established policies and procedures that govern access to structured data, but these often fail to extend to unstructured data. This can leave organizations woefully vulnerable to breaches from hackers, state-sponsored groups, and other rogue entities, who may seek to take advantage of the rising price of such data on the Dark Web and other recesses of the internet. There’s also the risk of losing a competitive advantage to unscrupulous competitors, who might gain direct access to your data or obtain it when your employees leave and join a rival.
Such issues are compounded by the increasing proliferation and variety of mobile devices and employees logging into company servers via unsecured networks at home, in coffee shops and in airports. Simply put, it’s more difficult than ever before to protect unstructured data and prevent unauthorized, third-party access to it.
So what are you to do? Simply throw up your hands at the Gordian Knot of information that has been created and resign yourself to hacks and breaches, and the potential fiscal and regulatory consequences? Not at all! Luckily there is some hope. First, your company should seek to establish policies and procedures similar to those that govern your structured data. These should include “bring your own device” and remote access standards, as well as guidance for employees on how to unify as much content as possible to reduce vulnerability.
Second, you should consider a compliance-focused add-on to whatever ECM or content/document management system you have in place. This can help you establish role-based and user-level access and viewing and editing privileges. It may also protect files when they’re at rest or being uploaded to a server.
Putting such systems, policies, and procedures in place not only protects your organization, preserves its competitive advantage, and helps it avoid hefty fines and other adverse regulatory consequences. You also owe it to your staff and customers (or the citizens you serve if you’re a government entity, patients if you’re a hospital/health, or students if you’re a college, university, or school) to protect their SPII, including Social Security Numbers, Medical Records Numbers, and Student Identification Numbers. With multiple news stories every month about a new data breach, those organizations who take steps to improve their data governance build loyalty and maintain trust, making it easier to keep existing customers and attract new ones.
As the old saying goes, “Prevention is better than cure,” and this certainly applies to how you move forward with your strategy to safeguard unstructured data.
Avani Desai is a Principal and the Executive Vice President at Schellman who has more than 15 years of experience in IT attestation, risk management, compliance and privacy.
To learn more about Shamrock’s Compliance Agent, which helps protect unstructured and structured data alike, and Shamrock’s other custom solutions for Perceptive Content, OnBase by Hyland and other enterprise content management (ECM) systems, visit our webpage.