• Back to blog

    How secure is your information? - Our 9 point risk assessment will help you find out

    on 15 June 2017


    Posted by Jacqui Hogan
    iStock 540849924

    With recent major security attacks, now is a good time to review the security of your own data. Like it or not, storing and managing data in the cloud still makes some people nervous. However, with good information security in place, storing data online can be more secure than storing your information on your own internal systems.

    If you are doing a risk assessment, here are some considerations.

    1. Choose carefully where you store your information

    In the past, organisations have been able to maintain the security of their data by storing it inside their organisational firewalls on internal systems. Once it moves outside these boundaries, it can become vulnerable to competitor hacking, governmental interference as well as general cyber-attack. Knowing your information is physically stored somewhere on systems in a ‘safe’ country, will give you greater confidence that it is safe from discovery by competitors or even overseas governments.

    Good practice:

    2. Manage who has access

    Ensure that your information is only viewed by those who have legitimate reason to do so, by thinking about what you need to share and who needs to have access to your documents. Consider whether you might need to offer levels of permissions to access content and decide whether you want to allow users to edit or only view content.

    Good practice:

    • Keep access simple - then people will remember it and not write passwords etc. down where others can see them
    • Make an access plan available that everyone can refer back to and understand
    • Don’t allow lots of offline copies of documents – all official documents should be in the shared folders, and non-official documents should be promptly deleted

    3. Plan your shared file structure

    Most organizations are inconsistent about the way they name and structure folders. While this may not be a problem when everyone manages their own files locally, it can become a major problem when those structures are shared. A key element of data security is knowing where your data is and making it easy for those with legitimate access.

    Good practice:

    • Keep documents with common compliance or retention rules together – then they are easier to archive or delete as a group
    • Name folders according to function, not ‘Bob’s folder’
    • Keep it simple - then people will remember it
    • Don’t go beyond 3-5 levels
    • Keep a plan that everyone can refer back to
    • Be consistent and don’t allow exceptions

    4. Have document naming conventions

    Organisations not only have problems with the consistency of managing folders, but with the consistency of naming documents. Left to their own devices, people will name documents in their own unique ways, which creates a major headache when searching for the documents later.

    Good practice:

    • Use names that are meaningful to everyone, but are not too long
    • Use names that enable documents to be uniquely identified
    • Name documents according to function, not ‘Bob’s file’
    • Don’t include information that is always present in the system you use e.g. with Glasscubes, the date, version and author are always present, so you don’t need to include them in the document name
    • Keep a plan that everyone can refer back to
    • Be consistent and don’t allow exceptions

    5. Keep track of your versions

    Having lots of uncontrolled copies of documents is a security risk.

    We’ve all had the experience of spending hours working on a document only to find that it wasn’t the latest version. Or, at a time when you need to make decisions quickly, finding you don’t actually know which copy of a document is the latest.

    Keeping your documents and other information in one place makes it easier to manage access. Version control will minimize the number of random copies floating about. Trying to do this manually, usually results in version mismatches etc. Any good online storage solution will do this automatically.

    Good practice:

    • Utilize the online system to manage your document versions
    • Be consistent and don’t allow exceptions
    • Use collaboration options like document read, notification, approvals and comments, which keeps everyone associated with the document for referral and auditing

    6. Create an audit trail

    Even if you are not required to have an audit trail for compliance purposes, it is good practice to do so. A good audit trail is important both for internal management confidence in your quality system and for any compliance requirements. It will also allow you to identify any unauthorized access.

    A good online solution should, if well implemented, automatically create an audit trail.

    7. Keep a secure archive

    Keeping documents longer than needed is a common problem on online systems. Documents are retained for too long, mostly because it is painful to purge the documents (paper or electronic) or simply because most people don’t know how long they are required to keep certain documents. Archiving documents makes it easier to find the correct current document, and keeps important historical data safe.

    Good practice:

    • Each industry has rules and regulations on how long your organisation must maintain a copy of your documents. Here's the easy way to manage compliance
    • Keep documents with common compliance or retention rules together – then they are easier to archive or delete as a group

    8. How secure is your internal data?

    When you review the security of your external data and information, this is a good opportunity to review whether your internal data and information is equally secure. There is not a lot of point having secure external systems, if you don’t have similar security for your internal data and information.

    9. Disaster recovery

    In the same way that having a good disaster recovery plan is important for your organisation and your data, check what disaster recovery plans your external data storage provider has too.

    If your external storage solution is secure, you might want to consider making it part of your own disaster recovery solution for your internal data. This is often more cost effective than identifying yet another offline disaster recovery solution.

    Glasscubes is a cost effective, easy to use, and secure collaboration tool for any organisation. Find out more about how it could help you take control of your information security +44 (0)20 3274 2310.