7 signs a data breach could be looming

Data breaches have made the headlines much too often lately and left many IT, legal and compliance departments to wonder how they would react to a breach.

But instead of reacting, you can proactively assess your risk of a data breach and work to solve any vulnerable areas during a self audit. Look to see if any of these red flags live in your data environment.

  1. Mystery data. Do you know the type of data located on every server, backup tapes and even hidden email files such as PSTs? Different custodians within the organization create and maintain different types of data at different levels of sensitivity. By not knowing who created what and where it is, it leaves the door open for files to get lost and fall into the wrong hands.
  2. Poor archiving. Do you practice value-based archiving or an archive everything strategy? The latter leaves your important, sensitive data lost among a network of junk. Data gets lost and forgotten about until misplaced.
  3. Duplicates. How do you manage your duplicate data and do you know where your duplicates are? It doesn’t make much sense to protect one document when hundreds of copies of it exist in the enterprise. Understand and manage duplicate data.
  4. Personally Identifiable Information. Does your sales or service team routinely handle credit cards, Social Security numbers or other PII? Could any of that information have been sent over email by someone who does not understand the risks? Audit your system for PII.
  5. Un-interpretable data. Un-interpretable data is data that belonged to an ex-employee and was created a number of years ago likely has little business value, but it is a compliance risk. It can no longer be properly interpreted in its original context. Jokes can be crimes. Misunderstandings can become lawsuits. How much turnover does your business have?
  6. PSTs. These sensitive little email files don’t live with the rest of the emails, often creating copies or mini archives that go unmanaged. Where do they live, who owns them and when were they last accessed?
  7. Executive data. How the former CEOs email is handled and how last summer’s interns email is handled should be dramatically different. Are they held in an archive on retention policies with a set expiration dates or still on the computer they used?

You likely recognized at least one flag that exists in your data center and if you found four or five, you’re with the majority of large companies. There’s help out there. Email info@indexengines.com for more information or visit: indexengines.com

Offshore data breach has dirty laundry flying

Offshore data breach has dirty laundry flying

The hottest story of the morning, and likely until the media takes North Korea a bit more seriously, is the exposure of secret files from offshore bank accounts held by some of the richest and most controversial people on the planet… and some ordinary Joe’s with a little extra cash, too.

Basically 2.5 million files were leaked from more than 120,000 offshore companies and trusts, exposing a lot of dirty laundry. The International Consortium of Investigative Journalists along with 38 other media partners collaborated to sort through this mess of cash transfers, incorporation dates and links between companies and individuals.

The whole thing leaves very mixed emotions. Data breaches are preventable, shouldn’t happen and causes a very concerned feeling that if it can happen to highly-sensitive accounts backed by tens and hundreds of million dollars – where else can it happen? (More on that later.)

There’s also the sympathy for the doctor, dentist, investor and other hard workers that were just trying to collect a better interest rate, not pay even higher taxes or are in fear of having their government take their money through no fault of its own. After seeing the going interest rates for Money Market Accounts, my sympathy is even higher.

The celebrities and big-name politicians, a little less sympathetic and a little less concerned – blame it on the Kardashians.

Then there’s the sense that cheaters/liars/thieves/crooks never prosper. The consortium allegedly uncovered laundering, organized crime and other financial indiscretions. According to the story, studies have estimated that cross-border flows of global proceeds of financial crimes total between $1 trillion and $1.6 trillion a year.

Now that we covered all the major facets of this particular leak, let’s get back to the concept of data breaches. What went wrong here?

Were documents not properly encrypted? Was this primarily older data that was stored away and forgot about? Could employees have let the information slip? How did this all happen?

Having seen a few data breaches in my lifetime, they are usually a result of one of a few things:

  • Data not secured properly behind the firewall, not encrypted, not kept where it’s supposed to be or it’s a duplicate that should not exist is easily leaked by people out to do nothing but access other people’s information for personal gain.
  • Data has become old and forgotten about. As other servers are upgraded, the one with information from five years ago remains untouched and become vulnerable. Sadly it’s quite preventable as long as you either protect the data or set the retention policy of old data to retire.
  • Data is being accessed by those in the company that should not have access to it. The data storage lacks proper permissions and records of who accessed what and when. This ability can be too tempting for some.
  • Archives meant to hold such documents contain everything, just in case. In doing that, data gets lost and forgotten about until leaked.

The good news, all can be properly managed with knowledge of what exists, strong information governance policies and a tool to make it all possible.

Discover how to keep your name from appearing in headlines like this. Download Achieving Effective Information Governance through Data Profiling

Unmanaged, unstructured emails are a fire waiting to start

Over time, email piles up in massive servers, archives, even users desktops and it becomes like a matchbook underneath a child’s bed. Alone, it causes no threat and just sits there, waiting. They can go years and even a lifetime without ever causing a problem.

While no one would leave a matchbook underneath a child’s bed, as it’s completely unfathomable, few think twice about their email servers.

But, why such a visceral reaction to leaving a matchbook in a kid’s room? The matches are not going to burst in to flames, they won’t just spark old comic books and baseball cards, and matches are not the easiest thing to start – even as an adult. We take precautions because of what could happen if those matches got into the wrong little hands.

So why do we just hoard email on servers, desktops and even on legacy backup tapes when there are harmful matches among them? Within the millions of email are Social Security numbers, contracts, legal documents, regulatory compliance papers and emails that can no longer be properly interpreted. Like the matchbook, this dark data just sits there. They don’t just expose themselves, they don’t just jump through firewalls and they aren’t just going to send themselves.

Yet, all it takes is one set of wrong hands and a fire can quickly develop. Thieves search for personally identifiable information that can cause loss of customers, FTC interference and identity theft. Legal and regulatory documents can’t be found or end up in the wrong hand causing fines and penalties. Plus, don’t forget all the money needed to repair and upgrade fire walls and pay legal fees associated with breaches.

Just like a parent sets the rules, compliance, legal, IT, records managers or another guardian needs to set policies surrounding emails. Retention policies, containing both archiving and deletion policies, should be in place to govern data. One leading analyst group recently estimated that less than one percent of companies actively have and enforce an information governance policy.

Much of this goes back to the tools – how do you set policy around data when you don’t know what exists or where? It’s near impossible to understand unstructured data and uncover all those pesky, hidden PST files. But now the technology exists in the form of unstructured data profiling.

Data profiling, sometimes called file analysis, is a process where all forms of unstructured files and email are analyzed and the user is provided a searchable ‘map’ and comprehensive summary reports of the metadata including type of information that exists, where it is located, who owns it, if its redundant, and when it was last accessed.

Optionally data profiling can look beyond metadata and go deep within documents and email for content supporting eDiscovery keyword searches or even personally identifiable information (PII) audits for sensitive content such as Social Security or credit card numbers.

Not only does the technology exist, but it exists at a price point that makes it affordable to deploy, leaving no room for excuses why the matches in the email server and hoping the wrong pair of hands doesn’t find it. Even for those that don’t want to throw out or move the matches – it’s imperative that you at least know the matches are there so they aren’t left next to the comic books.

Unfortunately, many won’t find the motivation to find, expose and isolate the matches until after a breach, but those that see the proactive importance of simply knowing what data is being stored, visit http://www.indexengines.com/solution-data-profiling-assessment.html or contact info@indexengines.com

Data profiling webinar: Accelerating Time to Data

Data Profiling Webinar: Accelerating Time to Data

Discover how to make eDiscovery time and cost effective Identifying, culling and collecting online and offline ESI has grown exponentially as the volume of data has exploded.

But eDiscovery does not have to be a long, labor-intensive, expensive process – technology and streamlined workflows can accelerate time to data.

Discover more Wednesday, April 3 at 1pm – 2pm EST during an exclusive webinar focused on answering your most pressing eDiscovery and legal hold issues, including:

• Increasing defensibility while reducing the time to search and cull ESI
• Making legal hold archives flexible for multiple litigation events as queries and legal request change
• Reducing ESI identification time and costs through data profiling

Litigation support and archiving professionals struggle to meet tight deadlines and even tighter budgets for far too long.

Register now for this free webinar, brought to you by Index Engines and ACEDS, and learn how to keep your ESI collection and management costs in check while accelerating time to data.

Your presenter: Jim McGann. Jim is the Vice President of Marketing at Index Engines. Jim has extensive experience with eDiscovery and Information Management in the Fortune 2000 sector. He is a frequent writer and speaker on the topics of big data, backup tape remediation, electronic discovery and records management. He is a frequent speaker on Big Data management, eDiscovery, litigation readiness and data profiling.

Data Profiling: Bridging the Gap Between Legal and IT

One of the key challenges, as you know, is getting legal and IT to communicate. They have not had a common language – language that allows them to understand each other and build policies. This language is based on knowledge – knowledge of data assets. Without this knowledge they have nothing to discuss. Data profiling is the knowledge or language that allows IT and legal to communicate and build sound polices.

Check out this column on Bridging the Gap Between Legal and IT in Legal IT Professional

Protect your consumers’ data or have the integrity to admit that you can’t

More and more businesses are falling victim to data breaches, but are failing to report it to the people that have their identity and financial security at stake – their consumers.

According to an article on Inc.com, small businesses are reluctant to inform data breach victims of their information loss–even though laws in 46 states require them to do so.

“While more than half of American small businesses have experienced data breaches, only 33 percent of them notified victims of their personal information loss, according to a report released yesterday by Ponemon Institute, a Michigan-based security research firm.”

What are you really reading – 67% of companies that fall victim to data breaches have leadership in place that don’t care of about securing consumer breaches AND don’t have the integrity to tell their customers they don’t, not to mention that bank accounts, credit cards, social security numbers are now at stake. But if it’s not the business’ mortgage payment on the line, most don’t own up to it.

But I guess it’s human nature to deny, deny, deny. Remember the last time a spouse asked you where the dry cleaning was? Or when you forgot that birthday, anniversary or meeting? Willing to bet most responses out there where along the lines of “it wasn’t ready yet,” “I can’t believe the post office hasn’t delivered it yet,” “I made surprise dinner reservations,” or “my secretary forgot.” Some call them excuses, others – cover ups.

Realistically, no one likes admitting when they mess up, but hopefully when it’s a serious incident that affects the security and stability of other people they have the integrity to fess up and make it right. And if you don’t want to have to admit to exposing all of your consumers’ data, you better make sure it can’t be breached because denying one happened is illegal.

Denying a data breach can irreparably hurt a business’ image, cost them current and future customers, and open them up to lawsuits and legislative fines. But the technology does exist today to audit you system for sensitive client records so you can secure them – and it’s a lot more cost effective than what it will take to restore consumer confidence in your brand post-breach.

With a simple data profile, you can audit for unencrypted personally identifiable information (PII). Data profiling is a process where all forms of storage and document types are analyzed and the user is provided a searchable ‘map’ of the type of information that exists, where it is located, who owns it, when it was last accessed and what key terms are in it. This can be done on legacy backup tapes, servers and the unmanaged user data. How much easier would it be to prevent a data breach if you could find and remove the data that a hacker would be looking for?

It’s really that simple – would you rather have your company work to prevent a breach or have someone on the inside decide what to do after it’s too late?

Learn more about data profiling in this white paper or email info@indexengines.com for more information.

Webinar: Tame risk hidden in legacy archives

Join Index Engines and Vedder Price Thursday, March 14

Is old data jeopardizing your organization?

Massive volumes of content are created every day and as this content ages it fades into the background and becomes a challenge and a risk to manage.

Backup tapes represent a major aspect of this legacy data. They embody archives of user content, from sensitive email communications to critical contracts and agreements.

But there are innovative, automated ways to reduce legacy data, manage data risks and control costs. Find out more during an exclusive webinar presented by Index Engines and Vedder Price, Thursday March 14 at 1 pm ET. Register now.

It’s a real problem that’s costing organizations millions in litigation and eDiscovery costs. Stockpiles of hidden data contain unknown risk and liabilities.

Managing this data and ensuring it complies with current information governance policies is an ongoing, complex challenge.

This webinar will give real-world new approaches towards reducing legacy data, controlling its cost, and managing the content that can be enacted immediately. Register now.

Presenters
Bruce Radke, Shareholder, Vedder Price
Jim McGann, Vice President Marketing, Index Engines

Webinar: Deadlines, Defensibility and Dollars – eDiscovery Best Practices

Join Index Engines Thur, March 7th for this exclusive web event
We understand service providers face a growing challenge from their clients – the completion of more complex projects under stricter deadlines and budgets with less man hours.

But, there’s a solution we’d like to share with you.

Discover how to keep your cost and man power resources in line while completing projects on deadline with extreme accuracy during an exclusive webinar brought to you by Index Engines, the leader in high speed ESI collection and management.

In less than 60 minutes, you’ll uncover how eDiscovery Service Providers:

Deliver culled data that is de-duplicated and metadata filtered days ahead of their deadline and competition, expediting the culling process,
Secure the integrity of findings and make it defensible using a single interface that allows for unified identification and capture of unique ESI from multiple sources, and
Accurately predict cost by deciding on a pricing model – project, subscription or custodian based – that is the most cost effective for your business.

Register now for this complimentary best practices webinar, on Thur, March 7th at 2:00PM EST and discover how top eDiscovery Service Providers are developing their business by focusing on: deadlines, defensibility and dollars.

About Index Engines’ eDiscovery model
Index Engines’ high speed ESI collection and management platform makes the eDiscovery process time and cost efficient; enabling eDiscovery service providers to complete more complex projects under stricter deadlines and budgets with less man hours. With our best-in-breed integrated workflow, we concentrate on your Deadlines, Defensibility and Dollars.

Will out of context emails make your company look “scandalous”

The news of more leaked emails is making their way around the blogosphere, including one of our favorites over at Yahoo Finance.

Henry Blodget of the Daily Ticker brings up an intriguing point, no matter how many policies you put in place or how much you hope that your employees have common sense – ‘knucklehead emails’ still get sent out.

I call them ‘knucklehead emails’ because the ones I refer to have no malice associated with them, they’re just not well thought out, like joking about a gambling spree with the petty cash. Sure, to the writer it’s funny because there’s only $10 available and the recipient knows it, but to the outside reader one year later, not so funny. It’s completely harmless until taken out of context. (The ones with malice and cover-up attempt, that’s a difference topic for another day.)

Every company has at least a handful of “knucklehead emails” somewhere in their database whether it’s football pools (Gambling), the sending of a credit card number (PII violation), or the forwarding of a joke (Sexual harassment).

In today’s hyper-sensitive and over-regulated world, if those emails got out, yours could be the next company sharing a headline with the word ‘scandalous.’

The key to preventing these situations is being aware of what information exists and making decisions on it. After all, does your information governance policy really exist if there’s no one there to enforce it?

Understanding what exists by adding a data profiling policy to your information governance plan is a start. Parameters can also be set to start a defensible deletion policy for information that has no business value. The only thing a forwarded chain mail from an ex-employee that hasn’t been viewed in seven years can do is come back to hurt you. The harsh truth is, your email servers are filled with valueless emails waiting to find their way out in to the open.

Organizations need to be proactive to protect their consumers and themselves. The ‘keep everything’ policy does more than just inflate your storage costs, it puts you in line to be the next “scandalous” company.

For more information on protecting your company from “knucklehead emails” contact info@indexengines.com

Live in Chicago: Defensible solutions for reducing data accumulation and legacy data retention

Discover how to reduce data risk and cost Feb. 21 in Chicago

What: Index Engines and Esicon Consulting are holding a complimentary, live seminar “Defensible solutions for reducing data accumulation and legacy data retention”

Who: Index Engines, the leader in enterprise information management and archiving solutions and Esicon Consulting, an information technology and data management litigation consulting firm
Why: Many companies have legacy data on backup tapes that has been sitting in vaults 5, 10 or more years with the door only opening to put more tapes inside. Frighteningly, these tapes are full stockpiles of email servers and user documents that have not been managed according to the evolving legal and regulatory policies.
Now, technology has made viewing and accessing backup tape data possible without restoring systems or it becoming a time and cost burden, allowing organizations to proactively manage legacy data for risk and liabilities.

Who benefits: Legal professionals that want to reduce legal and organization risk and the costs associated with maintaining and adding data storage. (CLE: This program qualifies for 2 hours of general credit for Illinois attorneys)

When: Thursday, Feb. 21

Where: The Franklin Center, 222 West Adams Street, Chicago

Cost: Free

Register: http://go.indexengines.com/l/11252/2013-01-25/pwf2q
Contact info@indexengines.com for more information