How Contract Management Software Helps Prevent Internal Data Theft

In contract management, data is one of the most valuable assets for any company. That’s why more and more enterprises are ramping up on preparing against a wide variety of external efforts to acquire internal data. However, sometimes the threat can come from within. In February 2018, Richard Rizika, a former vice chairman at CBRE, the largest commercial real estate company by market capitalization in the world, stole proprietary information and trade secrets totaling nearly half a million digital files.

To learn more, read our Introduction to Contract Management eBook.

Rizika illegally downloaded half a million documents, including rent rolls, stacking plans, contracts, marketing plans, and financial information, from the company’s password-protected online database with the objective to start a competing real estate practice called Beta Retail. Let’s address how contract management software can help close security gaps in your enterprise and prevent data theft like the Rizika example.

Leverage User Permissions

Very few team members require an admin or editor level of permission. With user-based permissions, your contract management software becomes a key way to limit the access to data. Granting the right person access to the right data must be an ongoing effort.

For example, any real estate broker would love to have access to all rent rolls from existing property management clients from your enterprise. The reality is that only the appropriate real estate administrators should be the ones with such access. Access to these documents and contracts related to those accounts has to be carefully determined. Contract management software allows you to customize access to sections of your contract library and determine level of permissions (read-only, editor, or administrator).

Auditing these permissions on an ongoing basis is necessary to catch intentional or unintentional intent to access “off-limits” contract data and create “Chinese walls” between business lines.

Monitor Log of Data Access

Besides limiting the access to data, contract management software can also track the who/when/where of data access, which can raise red flags when properly monitored. As part of an ongoing audit, the administrator needs to be on the lookout for unusual activity and notify management about suspicious activity.

According to court records, the team from Rizika started illegally downloading files as early as June 2017. If proper monitoring had been in place, CBRE could have had enough time to catch the ongoing large downloads of sensitive corporate data.

By addressing activity early, employees become aware that there truly are security systems place and may be completely deterred from engaging in illegal downloads at all.

Use Secure SaaS for Off-Site Access

Ongoing access to contract data increases the productivity of your team. Instead of having sales staff or contract managers have to wait to get back to the office to get started drafting a contract, they can get to work right away from anywhere with just an Internet browser and connection.

Still, that access should be within the standards and legal requirements of your industry.  For tips on evaluating whether contract management software vendors are meeting these standards, view “Must-Ask Questions for Contract Management Security.”  This short video outlines how to evaluate whether a vendor can hold up their end of the bargain when it comes to securing your data.

Limit Access to Storage in External Drives

Companies of all sizes are known for just keeping copies of their contracts in external drives and some copies on CDs that are stored in safe places. While this is a practice that hedges against worst-case scenarios, it also creates opportunities for internal data theft. According to court records, the data from Rizika was being stored on CDs after the download.

This is why more and more enterprises are limiting the amount of data that can be transferred from company-issued computers or laptops to external hard drives or thumb drives. Some enterprises are even more stringent and completely prohibit that practice requiring employees to share data through established ways with the password-protected server environment.


Despite the benefits of using a database or software that enables your employees to have access to large amounts of contract data, providing unlimited access without any rules is not advisable. You should choose not only the software best suited to your enterprise but also the right vendor who can help you configure your system to the needs of your enterprise.