Without proper security measures, document imaging systems can be a weak link in network security. According to InfoTrends, there are more than 30 million printers and multifunction scanners in the U.S. and many of them are connected to computer networks. Networked scanners are just as susceptible to malware and hacker attacks as computers and they could be used to steal sensitive information.
Consider, too, that according to a study by Xerox and McAfee, 54 percent of employees don’t follow IT security procedures. And 51 percent of employees say they scan and print confidential information at work.
These are all good arguments for outsourcing your document imaging to a secure third-party service. However, if you are going to manage your own document imaging and storage, be sure to take some basic precautions.
There are basic three components to securing paperwork using a document imaging system: managing conversion, using authentication, and controlling access. Here are some of the basic precautions to consider when securing your digital documents:
Paper to E-file Conversion
The first step is converting paper documents into digital files. If you are using a third-party document imaging service, then your worry is making sure you have a secure means to delivering both paper files and electronic files to your service provider. Using reliable courier services and secure file transfer should be more than adequate to secure data in transit. The real problem is when you start dealing with on-site document imaging systems to convert paper to e-files.
Converting paper documents to digital files uses the same basic procedure offices have used for years to make photocopies, but instead of a copier you are using a document imaging system. With today’s multifunction devices you can even scan directly to digital formats that are easier to distribute and access, such as scan and email, scan and fax, or scan and file. These functions are controlled by sophisticated document imaging software that manages both conversion and file handling, so you can program the system to use specific file naming and storage protocols to help protect sensitive data.
Many of these applications also integrate directly into document management systems like Microsoft SharePoint. If you configure your document imaging system to integrate with the network document management platform, then the document management can help you handle document security.
Authenticating Document Access
If your document imaging system includes using a shared device, such as a departmental scanner, you want to be sure you have a means to authenticate network users who can access that device. Using your existing network security system along with password authentication will help secure your documents imaging process.
Most multifunction scanning devices are protected by a single-user logon function that gives authenticated access to the scanner and lets users convert, store, and share documents. If you have a network document management system you can use it to control user access rights, such as the ability to share files via email.
Another advantage to using password authentication for document imaging systems is that it creates an audit trail. The activity log keeps track of who uses the system and the documents what they scan and where it goes. This isn’t only useful for security but can provide administrative information, such as billing system usage to specific clients or departments.
For extra security, scanned documents can be encrypted before they are emailed or sent over public networks. Encrypted documents are sent to the recipient and a password or decryption key is sent separately to unlock the file.
Securing Network Devices
Be sure to secure the document imaging system itself to restrict access. At the very least include password protection so only authorized users can scan documents. If you use a dedicated logon for the imaging system then you can restrict network access, so unauthorized users can’t use the scanning system to browse the network or open unauthorized directories.
You can apply other security measures to lock down the document imaging system. Making sure the scanning software boots on workstation startup limits access to the network in the event of a reboot. You also can lock down application access using password authentication to lock the task bar.
And there’s physical file security. Make sure the scanner workstation doesn’t have floppy disk drives and be sure to disable USB and external access ports. Handle all routine administration tasks such as software updates and device driver installation using secure network access.
These are just some of the procedures you can apply to secure your document imaging system. What’s your biggest concern with regard to securing company paperwork? Do you feel office security protocols are adequate? Would you rather outsource document scanning and management to make sure sensitive information is safe?