In any organization there is overlooked information that is never noticed and no one ever thinks about. It includes, among other things, handwritten data that exists on forms, contracts, and a variety of everyday business documents. But this information can represent a treasure trove of opportunity for computer hackers who are paying attention, and are looking to steal sensitive and private data. Handwritten annotations, comments and data entry fields often contain social security numbers, account details, addresses and phone numbers that can translate into great prospect and profit for cyber-thieves.
Cyber-Theft on the Rise
Consider just a few of the recent news stories that warn that the risk of cyber-theft is growing. In December 2013, just weeks before the year-end holidays, cyber-thieves stole personal and financial information from at least 12 million shoppers at Target, the well-known discount retail chain. Just a few months later in March 2014, Michaels, the nation’s largest arts and crafts chain, suffered a similar data breach; criminals got away with account information of nearly 3 million customers. At Neiman Marcus, hackers raided information relating to 1.1 million customer accounts.
Organizations can no longer afford to ignore the risk of handwritten content, especially as demands for improved information governance increase. Organizations must design and adopt ever more advanced threat protection solutions and strategies that leverage new technologies and approaches. One way to do that is through automatic redaction. Advanced capture systems have field level redaction capability that covers up certain types of content before it is entered into an archive. Some go a step further with the ability to perform a look-back analysis that recaptures and redacts sensitive data that has been overlooked and could result in increased exposure and risk. These automatic redaction capabilities enable more comprehensive privacy and data security strategies that boost information governance overall.
How do you know what you don’t know…and how it is hurting you?
Not every bit of information contained on every document needs to be archived and imaged. For example, you may want to capture and identify a social security number on a contract or authorization form, but once that information is entered into a line of business system it may not make sense to store it an image repository. Indeed, the social security number may have no remaining value in terms of archive, but it certainly will present a significant risk if a security breach should occur. And a 20-year-old image archive may indeed be a tempting target for hackers. Automatic redaction is therefore an important capability because it gives organizations the tools and the ability to effectively address and manage the risk of sensitive data, and implement thoughtful strategies to protect that information from data breaches and cyber-attack.
Learn more about capturing and protecting sensitive information in the strategic white paper The New Information Governance Paradigm: