Management ECM Excuse #8: Information security just isn’t at the top of our list. Yes, we lock the doors at night. And yes, we keep the HR files locked. And yes, we use passwords on our computers. But we need to be flexible. If people want to take information home and work on it on their home computers, that’s a good thing. We trust our employees.
Check out the video at http://www.aiim.org/excuse8.
Reality:
Trust is good, but in document circles, it should be practiced the way President Ronald Reagan did when he negotiated with the old Soviet Union. “Trust but verify,” he said, and the advice is as solid for securing information as it was for arms control. Knowing who accessed what, and when, is a big deal in compliance circles.
Further, good practice, if not always the law, requires that you maintain and review logs of all system and user activities. Sure, your employees may be long proven dependable. But what about the hacker who tries to break in over your VPN? What about the drug addict who steals a company laptop from a worker’s living room – and what about the fence who buys that laptop and all the information on it? At that point, no amount of physical security at your office is going to help, as the cat’s already out of the bag.
And by the way – there are other security breaches that have nothing at all to do with people. Consider the tornado, hurricane, or earthquake that breaks your outer office windows and scatters the contents of your files all over the neighborhood. How secure is that information then? For sure, your customers, your legal counsel, and your local, state, and federal regulators will want to know.
For more information:
AIIM training – http://www.aiim.org/training
AIIM research – http://www.aiim.org/research
Check out the video at http://www.aiim.org/excuse8.
