By: Mark Brousseau on May 13th, 2016
Increasing Security and Compliance Concerns for Document Capture
Capture and Imaging | Information Security
Think your scanned images are safe? Think again!
As we begin 2016, the biggest threat to your business probably isn't the proverbial competitor down the street. It's someone who wants to take advantage of your corporate information. We know that a growing number of businesses and government entities have already become cyber war victims.
-
It wasn't that long ago that there were front page headlines when tens of millions of Target and Home Depot customers had their information stolen from those retailers.
-
Just last March, health insurance company Anthem admitted that it was attacked. The personal information of as many as 80 million Americans was vulnerable as a result of that attack. 80 million -- that's one quarter of the entire U.S. population.
-
Last Fall, the U.S. government's Office of Personnel Management admitted that their employee database was hacked. The bad guys got personnel data on millions of federal employees, including their fingerprints and their job applications. Think about what must be on those job applications.
-
Even the people who are protecting us are not immune. Just recently, Juniper Networks -- these are the guys who make firewalls and network security equipment -- admitted that they were hacked.
2015 was the compliance and security wake up call for businesses, and 2016 needs to be the year you get your act together. You can't afford any more data leaks, lost patient records, or corporate espionage. You can’t afford the cost, the penalties, the fines, and the reputational risk that comes with these violations and data loss, and the impacts of data leaks are significant.
Two-thirds of companies say the potential impact of a data leak would be high. 13% of companies say the potential impact of a data leak would be disastrous. That's not so hard to believe when you consider what that stake from a reputational and financial standpoint. In fact, a lot of folks focus on the financial piece of this. According to studies, the average cost of a single data leak is $7.2 million. When you think about what Target went through with their breach, $7.2 million seems like table stakes.
These costs are only going to go up. Increased regulations, standards, and rules are raising the stakes. They're raising the potential cost and penalties that you could suffer if your data is lost or you have a compliance violation. Two-thirds of organizations see that ensuring the privacy of customer data is essential. Well, that's good news. Two-thirds of organizations also see that compliance with industry and government regulations is also essential. This is a big driver behind a lot of data capture system purchases.
In fact, 30% of organizations say that compliance and security considerations are the most significant business driver of document and record management projects. That's staggering; most assume it's cost efficiency and productivity.
PCI (payment card industry) compliance is going to take more and more of the headlines as corporate America continues to push harder and harder away from paper-based checks and toward electronic transactions. We're going to find that while many organizations knew how to safeguard check information, they really don't understand how to do the same in an electronic world, where it's easier for folks to intercept that information. That’s just the tip of the iceberg. There are 13,982 other regulations that are impacting businesses, all of them with their own cost and their own risk. Every day, there are people in Washington DC dreaming up more regulations about how to manage your data.
You've undoubtedly put in permissions and access controls, and you've implemented antivirus and malware tools. You've probably regulated the passwords your staff uses, so they can't use their birth dates or 123456 anymore. You've implemented perimeter security so that folks can't walk in and out of your front and back doors and literally take your information with them.
Despite all these investments you're making at the macro level, despite all the efforts that your IT department is doing on your behalf, there's a gap in your information security systems, and it is in the unlikeliest of places -- your document scanning and data capture systems. Your information on-ramp is leaving you vulnerable to the bad guys.
A typical document imaging system is creating four major vulnerabilities that substantially increase the potential for data theft and violations of information management regulations. The four risks of antiquated scanning systems are:
- Not encrypting the data while it's in motion.
- Unsecured log files.
- Poor visibility into operator activities.
- Poor security management.
4 Ways to Protect Your Captured Data from Theft and Compliance Violations
About Mark Brousseau
Mark Brousseau is a noted marketer, analyst, speaker, and writer with more than twenty years of experience advising leading providers of payments and document automation solutions. He is President of Brousseau and Associates, a full-service marketing PR and business development firm specializing in the payments and document automation arenas.