The unauthorized exposure of a company’s proprietary content happens all the time. When it comes to preventing this exposure, most company leaders assume they need to prioritize guarding against external threats, such as hackers. But the reality is that internal threats—both intentional and accidental—are far more likely to be the culprit.
Let’s evaluate a few recent, high-profile examples of accidental exposure from internal personnel using the organization with more leaks than the Titanic: President Trump’s new administration. Remember a few months ago when Press Secretary Sean Spicer tweeted out a series of mysterious characters—twice!—that looked like the password to his account? It really could’ve been his password. Or, he may have been trying to send a randomly generated code used during two-factor account authorization to Twitter and ended up accidentally tweeting it. It’s also possible that it could’ve simply been a “pocket tweet” (the Twitter version of a “butt dial”). Regardless, this slip-up put the security of an official social media account associated with the White House at risk of hacking. At the very least, it became the subject of many jokes.
There’s also the incident where prospective Department of Homeland Security Secretary Kris Kobach had his picture taken with President Trump while holding a document titled “Kobach Strategic Plan for the First 365 Days.” The document is legible in the photograph and lays out strategies related to border security and immigration. The press and the rest of the world—including people who we’d rather not see such sensitive information—got an eyeful. Oops.
OK, so it’s impossible to save employees from themselves all the time, especially when it comes to social media and the printing out and carrying around of documents. These examples are more related to best practices.
But now let’s use another example to show how easy it is for employees—or, in this case, users—to mistakenly access and expose sensitive information using a structured content environment, and how easily it could’ve been prevented.
Users of Microsoft’s document-sharing service Docs.com discovered that they could use the search feature to access anyone’s uploaded files. Because the default setting for uploaded files was “Public,” any information—even birth dates, emails, phone numbers, addresses, and passwords—was available to all users of Docs.com unless a user changed the setting on their files to “Private” after uploading. Unfortunately, many users didn’t remember to do this.
Indeed, the ability of unauthorized users to access content they should not be able to access (known as inappropriate content permissions) is a common problem at many companies.
How vulnerable is your company?
The risk of lawsuits, lost revenue, breaking federal laws and regulations, and incurring fees and other penalties—including jail time—are ever present if certain content is released to unauthorized audiences:
- Executive confidential information (including mergers and acquisitions, and other regulated activities)
- Intellectual Property (IP)
- Medical records and other proprietary employee information (including disciplinary and employee-investigation records, and Social Security numbers)
- Accounting and financial documents and records
- Confidential customer information
- Legal documents (including contracts and case records)
Your company should have safeguards in place to protect against internal threats to information security. With OpenText Content Server and capSpire’s Privilege Security Management (PriSM) solution, you do.
PriSM provides a technical structure to help you better manage content while filling in security gaps in OpenText Content Server.
PriSM offers three main benefits:
- Content permissions can be granted or restricted at the granular rather than the global level—even down to individual objects. System administrators can dictate which employee groups or departments, and which individual employees within groups or departments, can access certain content. No one else can access this content.
- Content permissions can be filtered for system administrators who would otherwise have global access. For example, searches made by a system administrator can often pull up sensitive content they shouldn’t have access to, such as employee information. (Sound familiar to our Microsoft Docs.com example?) PriSM protects administrators against themselves and prevents rogue activity.
- Content permissions are made more visible. This eliminates confusion about permissions when users share content or move files. Users can easily see the permissions assigned to the destination location and can decide whether to move the information (accepting the permissions), move the information but keep the permissions from the source location, or to NOT move the information. Users no longer have to make unsafe assumptions about security and put content at risk of unauthorized exposure.
For more information about how PriSM can protect your company’s proprietary content, we encourage you to view our PriSM On-Demand Webinar or check out our slick sheet at your convenience. You can also email us at firstname.lastname@example.org.
capSpire provides the unique combination of industry knowledge and business expertise required to deliver impactful ECM business solutions. Trusted by some of the world’s leading companies, capSpire’s team of industry experts and ECM consultants empower its clients with the business strategies and solutions required to effectively manage and utilize documents and optimize the business processes they support. Whether they use OpenText Content Server or Microsoft SharePoint, capSpire ensures the success of its clients and helps deliver the maximum return on their ECM platform investment. For more information, please visit www.capspire.com.