Documents need to be protected from several kinds of threats ranging from accidental erasures through malicious virus-caused deletions to power surge caused corruption. Whatever be the cause, if business data is lost (and cannot be recovered) it can have a serious impact on the business.
1. Access to the computer systems, desktops, laptops and servers, can be restricted as a first of level protection. Only authorized persons with authentic user IDs and passwords will then be able to access each of these systems.
2. Access to files and folders can also be with different privileges. Some users will be able only to read the document and will not be able to make any changes. Others will have full rights to read, change and even delete the files.
3. Operating systems and databases typically allow granting different levels of permissions to different classes of uses, such as owners, system administrators and employees with specific roles. Using these tools, employees are restricted to the data that they need to work with, and assigned only the rights that they need to work.
4. Training employees in working with computer systems and electronic files is also important. While data losses have mostly been associated with employee actions, not all these actions are malicious. Some can result from ignorance or carelessness. Training and monitoring can reduce the incidence of such accidents.
5. Incidence of malicious employee actions can be reduced by maintaining audit trails that keep track of who accessed which document and when, and what changes were made during each access A responsible officer then monitors these trails for unusual activities.
6. Threats to your documents come not only from employees but also from external sources. Viruses, hackers and identity spies can all attack your system over computer networks (or through removable media). Antivirus, firewall and antispyware programs can help prevent, detect and heal documents from such attacks. Application vendors also issue patches to their applications to plug security loopholes, and these must be installed as they are released.
7. Programs such as antivirus software cannot just be installed once and then left to themselves. You have to maintain them by keeping them up-to-date to handle all the latest threats. Even though automatic updates are usually done, you still have to keep an eye that everything is up-to-date.
8. Data backups, done systematically and in an up-to-date manner, helps restore data that happens to get lost, say owing electrical fluctuations or system crashes or natural disasters like floods, as well as the ways indicated earlier.
9. Authentication is another relevant issue. If documents are altered during their transmission, what the recipient sees will not be what the sender sent. To prevent such alterations, documents can be encrypted so that they can be opened only by a recipient with the relevant de-encryption (decryption) key.
The increasingly critical issue of document security has led to the development of standards for ensuring information security, such as the ISO 27002 standard. Documents face threats from many quarters and different kinds of security measures are needed to guard against each. Standards like the above can give you a clear idea of the issues and specifics.