We’ve all read the headlines. Security breaches continue to shock us for their magnitude and reach—from reports on hacking of Democratic National Convention (DNC) email servers during the 2016 presidential election; to the reported theft of more than 1 billion Yahoo account holders in December.
The impact of a breach can be significant. And, not just for the clients—whose loss of personal information can make them vulnerable to financial loss—but also for the organizations who have failed to safeguard that information.
A Measured, Disciplined Approach
Digital security is complex and requires a multi-pronged approach. One part of this approach is provided by Enterprise Content Management (ECM), which many consider a “must have”—a foundational technology to safeguard sensitive digital content, while ensuring it remains readily accessible for day-to-day operations.
At the core of every ECM solution is a Document Management repository—providing a secure home and a structured approach for saving, managing, and governing digital content. Content in the repository is protected by system-wide security and varying levels of more granular security. The ability to securely access content anytime, anywhere by mobile devices is key, as is the ability to check out and securely share content externally in the cloud.
User Adoption is Essential
Solutions for securing content are only as good those who use them—and many choose not to. Hyperion Research tells us that in the average ECM-enabled legal organization, for example, only 70 percent of users actually use the system. The rest store content however and wherever they like—on desktops, in file shares, in unsanctioned, poorly secured cloud file-sharing repositories.
Ethical Reasons to Safeguard Client Content
Everyone gravitates to what is easy; to the path of least resistance. In the end, however, the decision to safeguard client content can be considered an ethical or moral one. Lawyers, in particular—regardless of whether they are employed by law firms, in government, or in legal departments of organizations across varying industries—have a professional duty to safeguard client content or “property”.
The American Bar Association, for example, requires that lawyers safeguard client property in their possession by holding it separate from their own property to prevent co-mingling (ABA, section 1.15). It is generally accepted that files and documents belong to the client, not the firm. In addition, lawyers must maintain client property in a way that is not only secure, but also readily available and retrievable over time.
Complying with Regulatory Requirements
ECM solutions are purpose-built to meet these fiduciary requirements, as well as applicable regulatory requirements—and not just for legal, but for firms in many industries. If employees don’t effectively maintain client information they may compromise ethical obligations to safeguard client property and also increase their firm’s exposure to compliance risk.
In the end, those firms will have a tough time demonstrating compliance with HIPAA. They’ll have difficulty securing documents in compliance with ISO 27001, Sarbanes-Oxley (SOX), and countless other regulations.
Client information is a valuable commodity and a growing target for theft. Hacking techniques are constantly evolving. Regulations are growing to protect that information. We all have an obligation to ensure the safe, secure management of client information, and with ECM solutions like eDOCS, securing content is not only possible, but easier than ever.
More information is available here.