Increasing Security and Compliance Concerns for Document Capture – Part 1 of 3
Think Your Scanned Images are Safe? Think AgainI’ll be doing three posts excerpted from an earlier AIIM webinar by Mark Brousseau and sponsored by ibml. The webinar is available HERE in its entirety to professional members of AIIM. Responsibility for this great content rests with them; I’m responsible for any huge editing gaffes.
About our guest poster: Mark Brousseau is a noted marketer, analyst, speaker, and writer with more than twenty years of experience advising leading providers of payments and document automation solutions. He is President of Brousseau and Associates, a full-service marketing PR and business development firm specializing in the payments and document automation arenas.
Ibml has an interesting white paper on this set of topics -- 9 Ways Your Document Imaging System Could Be Vulnerable to Data Theft and Compliance Violations - check it out HERE.
As we begin 2016, the biggest threat to your business probably isn't the proverbial competitor down the street. It's someone who wants to take advantage of your corporate information. We know that a growing number of businesses and government entities have already become cyber war victims.
- It wasn't that long ago that there were front page headlines when tens of millions of Target and Home Depot customers had their information stolen from those retailers.
- Just last March, health insurance company Anthem admitted that it was attacked. The personal information of as many as 80 million Americans was vulnerable as a result of that attack. 80 million -- that's one quarter of the entire U.S. population.
- Last Fall, the U.S. government's Office of Personnel Management admitted that their employee database was hacked. The bad guys got personnel data on millions of federal employees, including their fingerprints and their job applications. Think about what must be on those job applications.
- Even the people who are protecting us are not immune. Just recently, Juniper Networks -- these are the guys who make firewalls and network security equipment -- admitted that they were hacked.
2015 was the compliance and security wake up call for businesses, and 2016 needs to be the year you get your act together. You can't afford any more data leaks, lost patient records, or corporate espionage. You can’t afford the cost, the penalties, the fines, and the reputational risk that comes with these violations and data loss, and the impacts of data leaks are significant.
Two-thirds of companies say the potential impact of a data leak would be high. 13% of companies say the potential impact of a data leak would be disastrous. That's not so hard to believe when you consider what that stake from a reputational and financial standpoint. In fact, a lot of folks focus on the financial piece of this. According to studies, the average cost of a single data leak is $7.2 million. When you think about what Target went through with their breach, $7.2 million seems like table stakes.
These costs are only going to go up. Increased regulations, standards, and rules are raising the stakes. They're raising the potential cost and penalties that you could suffer if your data is lost or you have a compliance violation. Two-thirds of organizations see that ensuring the privacy of customer data is essential. Well, that's good news. Two-thirds of organizations also see that compliance with industry and government regulations is also essential. This is a big driver behind a lot of data capture system purchases.
In fact, 30% of organizations say that compliance and security considerations are the most significant business driver of document and record management projects. That's staggering; most assume it's cost efficiency and productivity.
PCI (payment card industry) compliance is going to take more and more of the headlines as corporate America continues to push harder and harder away from paper-based checks and toward electronic transactions. We're going to find that while many organizations knew how to safeguard check information, they really don't understand how to do the same in an electronic world, where it's easier for folks to intercept that information. That’s just the tip of the iceberg. There are 13,982 other regulations that are impacting businesses, all of them with their own cost and their own risk. Every day, there are people in Washington DC dreaming up more regulations about how to manage your data.
You've undoubtedly put in permissions and access controls, and you've implemented antivirus and malware tools. You've probably regulated the passwords your staff uses, so they can't use their birth dates or 123456 anymore. You've implemented perimeter security so that folks can't walk in and out of your front and back doors and literally take your information with them.
Despite all these investments you're making at the macro level, despite all the efforts that your IT department is doing on your behalf, there's a gap in your information security systems, and it is in the unlikeliest of places -- your document scanning and data capture systems. Your information on-ramp is leaving you vulnerable to the bad guys.
A typical document imaging system is creating four major vulnerabilities that substantially increase the potential for data theft and violations of information management regulations. In our next post, Mark will discuss the four risks of antiquated scanning systems:
- Not encrypting the data while it's in motion.
- Unsecured log files.
- Poor visibility into operator activities.
- Poor security management.
About ibml (sponsor of the original webinar)
ibml believes in the mission of AIIM to educate information managers on the key issues they face. The company provides intelligent information capture solutions that drive business process improvements. Combining intelligent scanners, software and services, ibml solutions automate the most demanding document applications in banking, financial services, healthcare, and government. ibml customers in 48 countries rely on its technology to accurately, efficiently, and - most importantly - securely capture and process millions of documents. If you want to learn more about ibml, you can visit ibml.com or contact them directly at email@example.com.