The Intralinks HR Security Series is a monthly blog series authored by Michal Kimeldorfer, Executive Vice President of Human Resources at Intralinks, created to inform HR professionals about the importance of information security when handling confidential files and provide best practices for secure collaboration.
So, when was the last time you opened up a password-protected file? Today? This week? My guess is that, if you’re in HR, the answer could be measured in hours – not days or weeks.
There are three main problems with this type of antiquated technology. The first is that important information is “owned” by individuals rather than by functions and therefore isn’t part of the corporate memory. Second, passwords can be easily shared or stolen – and weaker ones can be hacked – making documents vulnerable. And finally, there is no way to control or track the history of a document’s development.
Let’s break these three problems down further.
Problem one: What do I mean by a corporate memory? Sometimes called an organizational or institutional memory, it’s the accumulated information and collective knowledge created during the existence of a corporation or organization. Corporate memory is important to manage because it is created by individuals – individuals who will ultimately exit the business. Employees who leave and take PASSWORDS with them are also taking DOCUMENTS with them.
In an earlier post, I shared a personal experience: I joined an organization where I wanted to access historical compensation data for the past five years. One particularly important file was password protected. No one in the department had the password, and the person who had created the file was no longer employed there. That information left with the individual, rather than staying with the company.
Problem two: We had to get IT to break into that compensation document, which gave them access to confidential information not intended for consumption outside HR. A real issue with password protection is that you lose visibility into who has the password and has accessed the file.
Problem three: Because the people who worked on the file were no longer with the company, we lost all insight into the development of the document. All changes had been made directly on the document, so earlier versions and any annotations or commentary were saved over and lost.
The bottom line is that outdated systems like password-protected files no longer work. So why are they still around? Given the pace of business today and the competing demands on the HR team, I believe the honest answer is that, because they seem easy to use, they appear to increase productivity. However, by adding risk and reducing visibility into user access history and development, password protection systems actually hamper productive data and file sharing.
Good news! There are better options out there. Options that can enhance both productivity AND information security. Here are just a few of the data security tools out in the market today that I think will interest you:
- Information Rights Management (IRM): Granular access controls allow you to set exactly who has access; and detailed reporting ensures there is no unintended sharing.
- Secure mobile file access: It’s a mobile world and modern HR teams need the freedom to work wherever, whenever.
- Download/Print controls: Share information without giving it away. You can decide if people need permission to download or print a document or if they can just look at it for reference.
- Workflows, comments, tasking management: Replaces the “reply all” button and keeps the dialog around a confidential document secure. Great for anything that needs approval from multiple parties (e.g., board approval, compensation committee approval, etc.).
Thanks again for joining me in this discussion. Please let me know your thoughts on this topic. I can be reached at firstname.lastname@example.org, on my personal LinkedIn page, or on any of the Intralinks social sites.