How Safe Are Your Files?

Picture this. You open up your inbox and see a name you know, with a document link you don’t.

The alarm bell goes off, doesn’t it? Even if you’re expecting that contract, invoice or banking document, you have a good look at what’s on screen before clicking on it. That is your human scam radar kicking in and it’s going to trigger more often as the world has embraced online information transfer during the pandemic of 2020.

Or how about getting a message, bill or reminder that wasn’t meant for you? When it arrives to your phone, inbox or through the letterbox, do you worry that the privacy of the intended recipient is compromised? My internal monologue goes “why am I getting this and who on earth is that?”

How often have you been in the office and seen a document on a desk, languishing in a printer or been handed one by accident which has personal information about a colleague? It makes you wonder about your own privacy and how problematic human error and paperwork are.

We all try our best to be careful about what we click on, share and download. But do you really know how to store and share documents securely?
In this blog, we take a look at some common mistakes and simple solutions to keep your vital information safe.

An image of scrabble letters spelling out the word 'email' — **Email is awesome but also insecure**: Image: Miguel á Padriñán c/o Pexels

Why we love email – and why we shouldn’t

Email is an incredible tool. The vast majority of us use it all the time to write friends, shop, pay bills, get news and to do our jobs.

But it can also be a risky business. With the world working online at a rapidly increasing rate, security breaches are on the rise and email is largely to blame. According to EY’s Global Information Security Survey, nearly 6 out of 10 organizations, 59%, have suffered from a “significant” security incident in the past 12 months. You can check that survey out here.

Individually, we have all received some fairly weird scam emails. They offer us vast sums of money from foreign dignitaries who only need you to transfer $100 now to get untold riches later (yeah, right). Sometimes messages look like they’re from banks or people we know, asking for sensitive information. These emails are indicative of bigger issues including hacking and phishing.

Let’s tackle hacking first. Email was never designed to be secure. Why, you rightly ask? Well, because when it was invented no-one thought it would need to be. So there’s no verification method to be sure that the person sending the email is really the person you think they are. Emails are not encrypted by default, and the encryption methods that are available are difficult to get right and seldom used.

Plus, with all of the different reasons we use our email addresses, it’s not hard to find one. They appear on lists which are sold and used for spam purposes. That’s why we get all of those annoying “involved in an accident that wasn’t your fault” emails – same for the phone calls.

Phishing is interception’s closest cousin. These are emails that look like they come from your bank with ‘important information about your account’ which ask you to click a link or enter financials, and ‘you’ve won the car of your dreams and all you have to do is send your information to claim it’. These emails are a volume game. They go out to huge numbers of people and only need a few to make simple mistakes in order to profit.

So called Spear Phishing is even nastier; directly targetting an organisation member with an email designed to fool them into making a payment, looking like it comes from their boss or the CEO. Because email has no verification method, impersonating someone else is easy.

And how about those targeted adverts? Have you emailed a friend about a holiday apartment, software package or coffee machine only to be bombarded with banner ads about the very item you were looking at, just the other day? Odd, isn’t it. That’s the crafty little robots your email provider uses to take your content and ‘tailor’ it to your interests. It can also seem like an invasion of your online privacy.

Digital Document Management Systems (DDMS) offer a big benefit when it comes to using email to share and store important information. Why would you email over an important file when you can securely store it elsewhere, with complete control over it (only you can edit it) and traceability? With DDMS like Hadageto, when you do share documents, you generate a one-off link with a timeframe and limited number of downloads specifically for the person you want to see it. And when they open it, you get an alert. Most companies won’t do business without DDMS now and customers feel much more confident when one is in place. We love email too, but let’s face facts, it isn’t able to meet our privacy and security needs.

An image of a smartphone saying hello — **Your phone knows everything about you**: Image: Tyler Lastovich c/o Pexels

Is your phone next to you while you’re reading this?

Yeah, mine too. We’re living in a world peppered with QR codes, two factor authentication, text appointment reminders and contactless phone payments. Phone calls, messaging apps and video chats have played a really important part in keeping us connected for years, more so during lockdowns and working from home, but there are some pieces of information that should never appear in a chat app or phone call.

“Can I have your banking info for the holiday deposit?” My friend wrote earlier this year.
“Not on messenger you can’t (winky face),” I replied.

A lot of the mistakes we make are down to sheer convenience. Your phone is next to you and you’re already talking excitedly about how much you need your holiday, so before you’ve had a minute to think, off goes the sort code and account number, into the online stratosphere.

Here’s a case in point. Did you hear about the ‘malicious’ photo (yes, photo) doing the rounds on messaging apps which can take over social media accounts if you save it? Forbes wrote about it here.

There’s a better way to do important things like share flight information, chase invoices and send out payslips. Why not log into your DDMS, pick up the document you need, set up who it’s going to, track when they get it and have proper peace of mind? Your recipient might learn something, too; that you take information security seriously and they should do the same.

An image of a carrier pigeon — **Carrier pigeons - once state of the art communication tech**: Image: MCLT c/o Pexels

Remember carrier pigeons?

No, me neither, but snail mail lives on and a picture of a pigeon is more amusing than a piece of paper. The art of letter-writing is totally charming, but it isn’t at all secure.

We have all received letters that have been opened. We’ve all had clients tell us that the invoice you posted two weeks ago never arrived. In the office, each of us has been handed a bundle of post with something meant for someone else lodged inside. It’s hard to avoid looking at what’s left in the office printer – it’s the only way to avoid picking up someone else’s documents – and it’s too easy to lose that contract or invoice you could have sworn was in your laptop bag.

Organising these documents is a headache. And no, putting them in a pile on the nearest table does not constitute organising (we all do it!) Finding important files when you really need to routinely involves going through every filing cabinet in the office and asking the person who handed it to you to provide it all over again, which still doesn’t account for where the original is lurking, or who has access to it.

According to HelpSystems, 83% of workers report daily struggles with version issues. It takes about 18 minutes on average to search for a document, and employees typically spend 30–40% of their time looking for information squirreled away in emails, documents, shared hard disks and filing cabinets.

A DDMS like Hadageto’s can propel you and your important information down the path to organisational greatness. You can tag your documents to make them immediately retrievable and group them by their nature. When you send invoices, you can track that they’ve been received and opened. You can even make notes on where the original hard copy document is stashed and get reminders to review, archive and delete documents which could have expired or been replaced.

But don’t just take our word for it. The current issue of the IRMS magazine (that’s the Information and Records Management Society) explores the psychology of cybersecurity and keeping your documents safe in a cool article you can read here.

Or, why not join us? You can get a free trial and a chance to win a luxury hotel break (nice surroundings to test our system in!) when you help us to make our product the best it can be by filling out our short survey here.