Risky business: hidden security vulnerabilities in an organization

Today, keeping PII and other sensitive information safe and secure is difficult enough. Yet doing it while staying compliant is a whole other issue. To improve security, your organization must understand the full scope of risk, including vulnerabilities you may have overlooked, to best quantify and mitigate those risks. Our new blog post to help you learn more.

It seems like data breaches or other security issues are always in the news today. Household names like Equifax, Target, TJ Maxx and Yahoo have all been breached and suffered substantial costs to (attempt to) rectify these very public examples.

Yet breaches continue to occur, even despite advancements in technology and much more investment in security products, services and personnel. While it may be true that the bad guys will always stay a step head, it’s also possible that many companies have not done enough to assess their overall risk.


Quantifying risk

Keeping information safe is one thing and is challenging enough. Yet doing it while complying with industry regulations (such as GDPR) is even more difficult. To improve, organizations should first assess their overall environment, including possible threats and vulnerabilities, and then attempt to quantify their overall risk exposure.

The result of this provides a risk-based framework that will help any company better communicate and collaborate on information security efforts. Such a framework can also help businesses design, monitor and measure specific goals for improving its overall security. Focusing on risk helps drive security priorities and decisions – all to help ensure that sensitive data is as secure as possible.


Steps toward risk mitigation

Once an organization has quantified and identified the impact of its security environment, it’s time to take steps to mitigate that risk. This often includes examining areas you might not first consider when thinking about security, such as paper-based processes.

For example, personally identifiable information (PII) can be accidentally exposed or unintentionally compromised every time a document or form is copied, scanned, printed, faxed or emailed. This can happen using an analog fax machine, multifunction printer (MFP) or even a mobile phone or tablet.

Paper output can be nearly impossible to track and control and is not completely eliminated by electronic processes. As a result, the risk associated with paper might be higher than you think.


What can be done?

What can you do to get started? When it comes to security involving paper documents (printing, scanning or faxing), make sure you address potential security vulnerabilities with questions like:

  • Can anyone (including a visitor) walk up to your copiers and use their functions?
  • Are print jobs ever left unattended?
  • Is your scan and print traffic encrypted?
  • Do you maintain an audit trail of print, copy, scan, fax activity: Does this include such information as who, what, when, where, and how?


Surprising security tools

What is clear is that your organization must control and protect both the physical and electronic access points of their MFPs. If this sounds intimidating, or you don’t know where to start, we have some good news.

Now document capture and workflow and print management solutions can help secure sensitive PII information by adding a layer of security and control to paper-based processes such as printing, even storing confidential information. For example, these solutions can authenticate users, control access to workflows and documents, help control documents with PII and other sensitive data and even maintain audit trails of all user activity.

If you’re interested in more information on security, please stay tuned for our upcoming article that will outline how any organization can rely on conventional technology (print, capture, PDF and OCR) to overcome its security challenges.

Overcome your own security vulnerabilities

See how Nuance provides complete control of documents and information to improve overlooked security vulnerabilities.

Learn more

Tags: , ,

Jeff Segarra

About Jeff Segarra

Jeff Segarra is the Senior Director of Product Marketing for the Nuance Document Imaging Division. He is responsible for the global team that delivers industry product positioning, messaging and content to help our customers around the world identify how Nuance solutions can meet their needs. He enjoys speaking and writing about business process improvement, The Internet of Things, document security, document conversion technologies and personal productivity. He has an MBA from Iona College, Hagan School of Business and has been working with software technology for 20 years. Jeff is an original New Yorker and, therefore, a staunch Yankees fan – in the heart of Red Sox nation.