Insights hero banner (short)


Bringing our best ideas and thinking to you.

  • Blog Post
  • Business Strategy and Process
  • Information Management
  • Information Management
  • Information Management and Data Strategy
  • Information Management and Data Strategy
  • Information and Analytics Consulting
  • Information Governance
  • Digital Risk and Security
  • Records and Document Management

Blog Post

November 11, 2016

Share this page:

Information governance minimizes the risk of a data breach

By John Desborough

Given the frequency with which we hear about cyberattacks, security breaches might soon begin to lose their news value. Despite this, many security professionals acknowledge that at some point a security breach will happen, so organizations need to focus on minimizing the impact 'when' it does.

Email security - start here

From a data security standpoint, email security is the first layer. Many firms are already deploying best-of-breed email security solutions to prevent infiltration of malware and rogue email scams into the network. So, email security systems not only help establish best practices around people and processes, but in the event of a human error, also ensure that the technology steps in to protect the data and the organization.

A tightly bolted down email and document management system - the core layer

Cyber criminals are upgrading their arsenal, often faster than most organizations. Therefore, should hackers break into a firm's network, an email and document management system can prevent them from gaining access to business-critical information. The issue of course is that not all firms deploy such solutions. In failing to do so, they are invalidating any security measures they may be taking to protect their organization and its data.

Where firms deploy best-of-breed email and document management solutions, on the other hand, all the data is stored in the system and accessible only through it. Information is shared via links, so even if criminals gain access to those links, they will not be able to access the documents due to the security applied to them at electronic file, sub folder, individual document and email level. This is further enabled by applying file encryption based on a set of rules for critical data including client information, business area, employee information and such. This is especially pertinent for complying with data protection regulations.

Even Law firms are not immune

In the UK, QBE, which insures more than one in 10 law firms in England and Wales, says that approximately £85m has been stolen across the legal market in the past 18 months. While we have not seen comparable statistics for Canada reported in the media, one can only assume that Canadian legal firms are facing similar challenges.

In summary: Integrated email security and email and document management processes facilitate information governance, which must form a key part of firms' overall security strategy.



John Desborough is a Director, Consulting and Technology Solutions at MNP. He is an accomplished business solutions program manager and business transformation architect with 30+ years in the information and technology consulting domain. John has extensive background in information management and governance with both public and private sector clients on a global scale. Drop John a line to discuss this topic in more detail: [email protected]