17 Aug Policies and Beliefs Don’t Count as Facts
When a client says, “All our data is stored on servers,” they are usually wrong.
Yes, you read that right. It’s quite common to find legally protected data, including Personally Identifiable Information (PII), Protected Health Information (PHI) and business-sensitive data like payroll information, stored on desktops and laptops that frequently aren’t encrypted. Often, users aren’t aware of this, and even worse, IT teams don’t actively look for it since they believe users are following policy and storing data on servers.
IT directors and senior executives are then caught by surprise when they are told their data is being stored in unexpected locations like download folders, desktop folders or even in recycle bins. Blindsided CEOs often say, “We have policies requiring data to be stored on servers. Why aren’t our people following our policies?”
The three probable answers to this question are:
- Data storage isn’t properly automated.
- Users aren’t properly trained.
- Company policies let clients believe employees are blindly following the rules, hence they’re not compelled to look for evidence of compliance.
How Network Detective Pro Can Help
RapidFire Tools’ Network Detective Pro produces a Data Breach Liability Report that shows where Social Security numbers, credit card numbers, driver’s license numbers and banking information are stored (even within pdf and zip files). The assessment report also calculates the potential cost of liability based on the amount of protected data, using the cost per record identified in the annual IBM Cost of a Data Breach Report.
In a recent assessment, an MSP discovered that over half of a client’s potential risk was on an unencrypted desktop computer that had over 10,000 Social Security numbers stored on it, including those of the executives responsible for funding cybersecurity. This happened despite the organization’s policies forbidding protected information from being stored without encryption and requiring users to only store data on server shares.
Base your cybersecurity recommendations on facts discovered by under-the-skin network scans and assessments to show prospects and clients their sense of security is a mirage. Doing this will help you validate your role as a trusted advisor to retain business and grow your clientele further.
To learn more about how Network Detective can help you with assessments, sign up for a free demo now.