Five Must-Haves for a Secure Document Management System

Every day brings news of a company that has experienced a data breach and the resulting impact it has on the company, its customers and employees. The information cybercriminals gain from these events is stored in the documents – paper or digital – that a company manages and stores each day. A secure document management system and strategy, although it may not prevent an attack, can thwart an attack, mitigate the losses associated with it and ensure regulatory compliance.

According to the Ponemon Institute’s annual Cost of a Data Breach Report, The global average cost of a data breach is $3.92 million, a 1.5% increase from the 2018 study. Good document management security policies can help companies stop or reduce the financial and negative public relations risks of a data breach. Here are five key things a secure document management system should have:

Limit and control access

Limiting access to documents and data on a need to have basis is a logical step in document management security strategy. Authentication requirements to view and manage documents should be put in place. Incredibly, it was found that at First American Financial Corp., in a breach that exposed 885 million records, no authentication was required to view the documents.

Authentication and usage controls should also be in place on any device that is used to capture, send or print documents. That would include any scanner, MFP, printer, PC or laptop, and mobile devices that have access to documents on a corporate network. User-specific permissions and access rights should be used across the network to manage and control who accesses devices and documents and what they can do with them. Controlling access at the document level can include using digital rights management, passwords or digital signatures.


Using an accepted form of encryption makes data more difficult for hackers to access. The Advanced Encryption Standard (AES) is used worldwide and makes multiple encryption passes to scramble data repeatedly.

It would take 500 billion years for a hacker, using brute force, to crack 128-bit AES encryption — a common encryption method used in many document management solutions and what the U.S. government says is acceptable for data classified as secret. Using 190-bit or 256-bit AES encryption schemes can provide even more protection. Additionally, other encryption solutions exist that can provide disk encryption, device control, email encryption, and more.

Determining what data or documents to encrypt is important. When encrypting data or documents the encryption should be in place whether the file is at rest on the network, in transit or when stored (locally or in the cloud).

According to the 2018 Global Encryption Trends Study from the Ponemon Institute, only 43% of organizations have an encryption strategy applied consistently across the enterprise. More than half of organizations do not seem to have a consistent data protection strategy.

Archiving and governance

Archiving files that are no longer used, but may be needed for retention requirements or compliance reasons, is another piece of a good strategy for making a document management system secure. Moving these files to a separate storage device or location makes them more difficult for cybercriminals to access.

Paper documents should be scanned and properly indexed to create digital files – preferably at the point they are received into the business. All archived digital files should be protected by the encryption and permission policies of the enterprise.

Governance policies and the discipline to follow them should be implemented to identify the type of documents to keep, when they should be archived and how long they should be kept until destroyed. Most documents do not need to be stored for perpetuity so following a document destruction policy is ideal protection for older data.


As part of a secure document management system, it is good practice to regularly backup those files that are critical to the running of the business. Good backup strategy forms the foundation for a disaster recovery plan.

Creating backups separate from the normal operating environment and network system allows a company to harden its data against attacks. The files in these backups provide recovery points if a cyber attack occurs on any given day. Multiple backups give multiple recovery points in case files in any given backup have been infected by malware or the victim of ransomware.

Employee and user training

The Ponemon Cost of a Data Breach Study found human error was the root cause of 24% of breaches, while system glitches caused 25%. Therefore, employee and user training must be done to make sure employees know to stay vigilant against attacks and that users understand, and follow, the authentication, encryption, and data/document governance policies put in place by the company. Regular education and audits will ensure that the technical security solutions for document management not exercises in wasted time and expense.

More than just selling and implementing document management solutions, solution resellers can provide added value to clients by helping them construct a secure document management strategy. Cyber threats continue to grow along with spending on security solutions. Helping clients spend and implement wisely provides a win-win situation.