Best Practices for Electronic Document Management and Security - Part One
Security is always top of mind at DocuSign, just as it is for our customers. Here are industry best practices to protect your electronic documents and the digital information you exchange with others:
Share data wisely
The information you share via a smart phone, tablet, laptop, or desktop has tremendous value—and that makes it an attractive target for many people, including businesses, competitors, criminals and even countries conducting industrial espionage. Information posted out to the public internet is catalogued and referenced by search engines, making it easy to find by everyone and anyone. Documents posted to the internet for one purpose can be copied, posted elsewhere, linked and even altered by others for other purposes you never intended and beyond your control.
What to do:
- Know that data has value. Protect other people’s data to the same degree that you want your own information protected.
- Cleanse documents you post by removing any information and links you do not want exposed or exploited.
- Remember: Sometimes seemingly inconsequential data becomes valuable when aggregated with other data, causing exposure about you, your organization, or a third party.
Manage documents with care
Only make documents public if that is your intent. Once publicly posted, your information is visible to viewers, collectable by digital tools and search engines, and may be sold or traded by others, including hackers, other organizations, countries, and organized crime.
What to do:
- Don’t post private document content to the internet.
- Label your documents as public if you intend them to be viewable, extractable, and the information available to be repurposed. While this does not in and of itself protect the data, it conveys that the information is intended to be consumed by a wide audience.
- Educate others you interact act with as to the value of data you’re exchanging and encourage them to label and safeguard data as a manner of habit.
- Obtain permission of any organization or person referenced in the documents you’re posting to ensure they are appropriate for public consumption.
If you want to restrict the information to only those authorized to access it over the Internet, make it difficult for people to readily access website information without validation. Requiring authentication is an industry-standard practice, as is tracking who has accessed information and documents via authentication.
What to do:
- Use authentication methodologies that can provide reasonable measures to ensure that the people accessing your data are authorized to do so. The stronger and more complex the authentication, the greater the protection provided.
- The authentication method should only be sent over a secure session and should be a hash or encrypted value that is not stored as a clear-text password that can be stolen and re-used to impersonate you.
- Validate there are audit trails of who has viewed and accessed the data and monitor those audit trails to ensure only proper access is being granted.
- Monitor for successful and unsuccessful authentication attempts to verify that only authorized people are accessing the documents.
As information security is ever-important, keeping up-to-date with the latest best practices can reduce risk and give you peace of mind that your data and documents are protected to the highest means possible. Read more about DocuSign’s Security & Trust.