Data breaches and contract data: Keeping contracts from prying eyes

Does the thought of data breaches of your company’s data keep you up at night? If it doesn’t – it should (sorry insomniacs!).

image of crime scene tape
Photo Credit: Alan Cleaver via Compfight cc

The Ponemon Institute and Symantec Corp. recently released their 2013 Cost of Data Breach Study, and the costs are truly staggering. In the US, the average total organizational cost of data breaches is a whopping $5.4 million – the highest of all the countries studied. That averages out to a cost of $188 per record.

As the Edward Snowden fracas has demonstrated amply, sometimes the biggest risk to an organization’s data security can come from inside – even if your business is in the business of securing secrets, like the NSA.

This is known in the security biz as “insider threats” – and insider threats (the loss or theft of data by internal employees) don’t necessarily have to be intentional or even nefarious. Sometimes it’s just the inadvertent access to information certain employees should not be viewing.

Now add to this state of affairs the practice of contract management – which in many organizations is non-existent. Contracts at many companies are highly decentralized, often residing across an entire network of company computers or in physical formats in files and folders.

Different departments track or maintain records in different ways, ranging from simply listing contract conditions in Word documents or in spreadsheets. Actual final-format contracts may be stored as PDFs across different managers’ and employees’ computers.

What you end up with is a real exposure to a security risk with that data. Now imagine what happens when mobile users take documents home, or download and view across unsecured networks – you add yet another layer of security risk.

Think of all the sensitive information in those contracts. Contracts aren’t just for paying X vendor Y amount – there are also strategic contracts that outline the relationship a company may have with key vendors or strategic partners. If that data is unsecured and “leaks” (even inadvertently) it may end up in the wrong hands.

And just because you may be paranoid, it doesn’t mean they aren’t after you! The “they” in that sentence is of course the real black hats: data-stealing hackers looking for key company information (bank accounts, routing numbers, etc.) and personnel information (social security numbers, salary info., etc.)

All of this makes centralized contract management a must-have when it comes to securing contract data. With a solution such as Contract Assistant, you can centralize all of that contract information in electronic records – then control access to those records among delegated staff.

Contract management administrators can (with the Enterprise Edition) set read/write permissions feature-by-feature, field-by-field, and user-by-user. Delving even further into customizing access in the Enterprise Edition, administrators can control which fields users can see, which they can edit, and which they can only view.

 The point is: contract management solutions are an easy first step to securing access to sensitive contract information. The centralization and controlled access of this information is a big organizational step to keep prying eyes from viewing contract information.

And by functioning as an app on a secure network, the data is like an extra safe within the bank vault of your company’s network security. And these days, enterprises need all the extra security they can get.