Perspective: Best Practices for Fleets’ Contract Security

[Stay on top of transportation news: Get TTNews in your inbox.]

John is freaking out. Last night, a disgruntled employee hacked into the company’s top-tier contracts and quickly caused a firestorm online. The CEO wants to know how this happened.

Contract security breaches like this can result in severe and high-profile consequences for a business, especially in today’s hyper-connected world. In this scenario, just imagine the potential legal, financial and brand liability problems John’s company is facing.

Image


Donaghy

Transportation and logistics businesses face similar risk. All too often, their contracts are scattered in file cabinets, on individuals’ hard drives or in shared folders — all exposing the business to significant risk.

Given the stakes for a business, contract security should always be a top priority. Listed below are six best practices fleets can implement to increase contract security:

Centralize Contracts in a Secure Location: It’s not uncommon for transportation businesses to store contracts in shared folders across multiple locations and formats. However, centralizing your agreements in a password-protected and cloud-based repository is the most important step toward secure contract management. Not only will it keep your agreements organized, it stores them safely and reduces the risk of them being accessed by the wrong individuals. It also allows you to securely access any document at any time from anywhere on any device.

Implement Role-Based Security: Another challenge with storing contracts in multiple places is that it’s impossible to govern tiers of access to them. Once you’ve centralized your contracts online, you’ll be able to set role-based permissions for enhanced security. This allows someone to read or write certain document or contract types but denies them access to others that would be inappropriate to edit. It also prevents unauthorized users from seeing or editing contract details. Think of it as commercial driver licenses for contracts. You wouldn’t let a Class A CDL holder operate a Class C vehicle carrying hazmat cargo, right?

Ensure Contract Data Is Encrypted: An important best practice to protect your contracts from unauthorized users is to encrypt all document data. You’ll want to encrypt information both at rest and in transit using the latest encryption standards. Data at rest refers to any data that is stored within your contract management system. Data in transit refers to any data that is being sent externally to or from your contract management system to a user or another application.

Leverage E-signature Capabilities: The most time-consuming part of any contract process is getting approvals, especially for those chasing down paper-based signatures. Electronic signatures are a best practice to get documents signed faster. More importantly, however, e-signatures are more secure than paper ones. They have been legally binding for more than 15 years thanks to the ESIGN Act of 2002. E-signatures carry a digital record about who, when and where a document was signed to ensure authentication and help with audit trails.

Collect Data Through Secure Forms: Many organizations still rely on e-mail to request contracts and capture required data to create them. This often leads to incomplete or incorrect information, which adds time and creates risk. E-mail attachments also are the most common way hackers infiltrate corporate networks with malicious software. With predefined and encrypted intake forms, team members can quickly and accurately submit an existing contract, request the creation of a contract, and — if they have the authority — instantly create a contract. This ensures the integrity and security of data captured for your contracts, eliminates the need for double data entry or chasing down missing data and minimizes mistakes.

Utilize Top Security Standards: Many organizations in the transportation industry are moving to software as service-based business applications — including those for contract management — to make their processes more cost-effective and efficient. When hosting your contract-related and other business data in the cloud, it’s critical that the cloud infrastructure vendor supports SOC-2 Type 2 and other strict security standards. This means they’ve gone through rigorous, third-party auditing procedures to ensure the privacy, security, confidentiality, availability and integrity of your data. In other words, they are experts in keeping your business information secure.

As John learned the hard way, the number of security breaches and malicious hacks continues to skyrocket, and those in the transportation industry face as much risk as anyone. Contracts are the backbone of your business, so increasing security around them can help prevent serious financial, legal and brand risks and give you greater peace of mind.

Timothy Donaghy is the chief technology officer of contract management software provider Contract Logix, heading the development and maintenance of the company’s suite of products. Contract Logix enables legal, procurement, financial, sales and administrative professionals to manage their contracts efficiently while minimizing their legal and financial risk.