We don’t have any PCI data stored there! Are you sure?

Posted by The Neocol Team on Apr 7, 2016 9:33:27 AM

Just one of the common statements our DLP consultants hear on a daily basis, so what we are about to share with you, may shock you!


Most businesses think they know where their PCI data is kept!

When one of our data loss prevention experts begins a client DLP implementation project, one of the first questions we normally ask is “Do you know which systems and locations contain PCI data?”. Now 9/10 times the CISO or Head of Security will believe they know this, but time and time again we are finding that older systems/servers holding data are being forgotten about or overlooked, leaving businesses and their clients wide open to data loss and even data theft.

One such incident happened only a few weeks back when one of our North American based Smarter DLPTM  (Smarter Data Loss Prevention) consultants visited a well-known Insurance firm to discuss our data discovery and data security solutions. While conducting an initial inspection, our consultant asked their CISO about an older looking server; that was stood separately from the more modern equipment, to which he was advised: “It’s OK we don’t have any PCI data stored there.” Being the most common oversight we hear, our consultant decided to ask if he could conduct an initial data assessment on that server, before hooking up and going live on the more commonly used systems. Upon set-up and running a few simple tests, our consultant found thousands of unsecured highly sensitive data files, including credit card information, customer information, and email details, which to the CISO's shock had been sat there, posing an extremely large data protection risk for years.

The reason for this oversight had come about because the company’s CISO and his predecessor had been so focused on protecting their structured data that they had not even thought about the equal importance of protecting data at rest on this old system or about protecting the unstructured data, it also held. They were also unaware of the significance of protecting documents such as PDF’s and handwritten documents which are directly scanned into the system (documents such as signed agreements, customer information, personal health information, and financial details, etc…). One of the key reasons global organisations choose Smarter DLPTM is its ability to locate not only text-based documents containing credit card information but also locating handwritten credit card information.  Furthermore, Once handwritten or text documents containing credit card numbers are located the software is then able remediate by either applying redaction, tokenization or encryption.

 How do I locate unstructured PCI data?

Discovering and collating your unstructured data is an extremely time-consuming, costly and tricky task without the correct tools. However, solutions such as our Smarter DLPTM cannot only connect and be configured to your systems quickly and easily, they can also Discover, Secure, and Protect all file types (structured, unstructured, data at rest, or even data in motion) containing sensitive information in just a matter of hours. Furthermore, the industry leading PCI DSS compliant technologies utilised within the solution are not only fast but have no effect on the day to day workings of your business, meaning no unnecessary downtime or disruption to staff or business systems.

So ask yourself Do I really know where 100% of our PCI data is?  And is it effectively protected?


To find more about how Neocol can help your business Discover, Secure, and Protect its data, register for a free risk assessment by clicking the link below, or why not give one of our friendly sales team a call today.


Are There Gaps In Your Unstructured Data Security Program? Get A Free Risk Assessment


Topics: Unstructured Data, Data Security, Information Security