Policies and Beliefs Don’t Equal Security

Back to Blog

Policies and Beliefs Don’t Equal Security

“All our data is stored on servers.”

You hear this over and over again, but it’s almost never true. In fact, you can usually find legally protected data, including Personally Identifiable Information (PII), Protected Health Information (PHI) and business-sensitive data like payroll information, stored on desktops and laptops that aren’t encrypted. Often, the users aren’t even aware of it, and worse, the IT team doesn’t look for it since they believe the users are following policy and storing data on servers.

Sometimes, IT directors and senior executives are shocked to see their data being stored in unexpected locations like download folders, desktop folders or even in recycle bins. Blindsided CEOs often ask, “We have policies requiring data to be stored on servers. Why aren’t our people following our policies?”

The simple answer is that their data storage isn’t properly automated, their users aren’t properly trained, or worse, they believe their policies are being followed, so they don’t look for evidence of compliance.

How Network Detective Pro Helps

Using RapidFire Tools’ Network Detective Pro to run under-the-skin assessments that dig deep and look for data files is an ideal way to provide evidence of compliance. The Data Breach Liability Report shows you where social security numbers, credit card numbers, driver’s license numbers and banking information are stored, even if they are in PDF or zip files. The report also calculates the potential liability based on the amount of protected data using the cost per record identified in the respective annual IBM Cost of a Data Breach Report.

Are you having trouble getting clients to invest in protecting their organizations? Wouldn’t it be nice to show them their potential liability based on actual data? This figure is from a recent assessment performed for a non-profit organization.


Over half their potential risks were hiding on an unencrypted desktop computer that contained over 10,000 social security numbers — including those of executives responsible for funding cybersecurity. The organization felt they were safe since they had written policies forbidding protected information from being stored in an unencrypted manner, and requiring users to store data on server shares for security.


You can validate your role as a trusted advisor by basing your cybersecurity recommendations on facts gleaned from under-the-skin network scans, and showing prospects and clients that what they believe to be true, actually isn’t. Sign up for a free demo now to see how Network Detective Pro can help you to do all this and much, much more.

Tags: Best PracticesIT AssessmentsNetwork AssessmentsNetwork Detective