By Nik Bars, Emily Winters and Hugo Cordier
Throughout the ages, sensitive information has been considered a precious commodity. Kings hired selected individuals to carry, deliver and protect this information, while ne’er-do-wells were out to obtain the information by whatever means necessary. In these digital ages, not much has changed. News stories about information leaks, hacking and ransomware are becoming more and more frequent. While all industries are susceptible, the entertainment industry is uniquely vulnerable because of its cultural and financial value.
Production offices process huge amounts of sensitive information every day and are, therefore, largely responsible for its security. Not only is there the intellectual property at stake, but also the personal information of a production’s cast and crew.
Luckily, you don’t have to be a tech wizard to protect your information from falling into the wrong hands. With a few extra steps, you can turn your production office into a fortress capable of stopping fire-breathing dragons from getting into your data (so-to-speak).
Take a sword to the paper trail. It’s a win-win-win.
Ancient scrolls may have had magic to protect the script on their pages, but these days have you ever come across a password protected piece of paper? Neither have we. When you print out physical copies of scripts and sides, these assets are prone to being lost, stolen, copied — burned to a crisp by aforementioned dragon — or shared with people who should not be reading them!
Going paperless isn’t just the environmentally responsible choice and a quick way to save some coin on paper (win-win), but when it comes to security, the less paper your production uses, the easier it is to ensure the information you are sharing is only accessible to the correct people (win-win-win!).
Working paperlessly grants you the ability to add additional security “spells” to the documents you need to share, like password-protection, watermarking and PDF-download prevention.
Seal your messages in wax; use the Principle of Least Privilege (PoLP)
When a king has sensitive information he needs to share with a neighboring kingdom, he doesn’t simply stand out on his castle balcony and announce it! He has a trusted ward who will deliver the message on his behalf, sealed in wax to ensure the message only falls on the eyes it is intended for.
The Principle of Least Privilege (PoLP) is the information security concept that an employee should have access to the least amount of information they need in order for them to do their job. In any business with sensitive data to protect, this is a simple, powerful and inexpensive security strategy that reduces the risk of information falling into the wrong hands.
And, this isn’t just about the information getting out, but also what could potentially get in to your systems. When using PoLP, it will drastically reduce the number of vehicles that viruses or malware will have to get in and do their damage. While you would hope that your colleagues all use antivirus protection and common sense when opening their emails or surfing the web, you never know what — or who — could be inconspicuously lurking on someone else’s computer when they enter your database. Bottom line: the fewer people who can access, the better.
Make sure your ravens are going to the right people and regularly update your distribution lists
While distribution lists are a gift from the gods for organizing your departments, it’s incredibly easy to ignore PoLP. It’s a breeze to click on a list and launch a document to everyone in a department like an unkindness of messenger ravens, but chances are there are a few people you could remove from the list. Ask yourself: does everyone on this list need this information to do their job?
Besides reducing the number of people you send information to, we highly recommend regularly checking and updating your distro lists as crew members come and go from your rosters. At SetKeeper, we sometimes receive messages from former crew members who are still receiving documents after they left a production because no one removed them from the distribution lists — a major security no-no!
Create a system to track who leaves or joins your production and when, and make sure your distro lists reflect the changes ASAP. Digital distribution tools and their convenient security features are only as good as the human users who send out accurate distribution lists!
Cast the spell of encryption on your devices
In any business where you are handling lots of personal, sensitive information — like working in a production office or with the king’s guard — it is crucial that this information is stored with encryption. Passwords are a great first line of defense but if someone were to steal your laptop and the hard drive was not encrypted, it wouldn’t be all that difficult for them to access what is stored on that drive by moving it to a different computer, using a USB key, or other nefarious methods.
Encryption is the process of scrambling data by using mathematical algorithms that can only be unscrambled with a key (password, cipher). Some newer laptops come with hard drives already encrypted but many still don’t, and it is in your — and your show’s — best interest to ensure this. Once encrypted, the only potential weak point to get the data on your drive is your password, so make sure it is extra-complex and you store it in a safe place.
The good news is that most new phones automatically encrypt your data as long as you’re using a PIN or password to access your phone, and it isn’t too difficult to encrypt your laptop’s hard drive if it isn’t already enabled. You can read up more on encryption here and how to do it yourself here.
These initial suggestions should bring you a long way to laying the foundation for your stronghold of a production office. Stay tuned for Part 2 of this topic, coming soon!
Have comments or ideas for other articles? Feel free to reach out to firstname.lastname@example.org and let us know what you think!