Data Privacy Risk Assessment Print

Do you know who's watching your customer data?

Are these scenarios happening in your environment? Are you sure? These four scenarios use fictitious names and organizations, but these data leaks are very real.

  ABC Bank installed a new customer information kiosk in the main branch lobby six months ago. Customers now use it to check account and loan balances, as well as to request new check and other services. The kiosk is connected via a VPN to the bank’s remote data center across town. During the installation, a temporary 30-day VPN certificate was used to secure the data communications over the link. A permanent certificate was never configured. For over five months, customer information has been sent over the link in clear text without anyone in IT being aware of it.

 

  Sharon, a Credit Union loan officer, is launching a direct-mail promotion with Acme Marketing, a 3rd party partner. She needs to get member information to them by close of business today. The Credit Union’s email server fails and IT does not know when it will be restored. Sharon begins to panic but, after thinking about it a bit, she decides to use her personal web mail account. She proceeds to attach to her email a spreadsheet that contains personal information including Social Security and account numbers on more than 100,000 members. Acme receives the data and Sharon meets her deadline, but huge amounts of customer data was put a serious risk, and multiple regulations were violated.

 

  XRayZebra Federal Credit Union provides supplemental life insurance through an affiliate, Acme Life Insurance. The credit union provides data at monthly intervals to Acme Life so they can solicit new members to buy insurance policies. XZCU does not have a VPN set up with Acme Life; instead they place a CSV file containing names, addresses, dates of birth, and Social Security number on the credit unions FTP server so that Acme Life can get the data as needed. The server is password protected, but the data transferred over the link is not encrypted.

 

  Harold in the main office of 51rst State Bank’s audit department instant message Janet, at the branch office across town, that her email (secured) containing the account information that he needed was missing some entries. Harold needed only 5 more customer account records so he could finish-up and call it a day. Janet looks up the records for the customers that Harold needs and sends that sensitive information through the open IM session. Harold goes home on time, but places customer data at serious risk by circumventing secure network practices.


Case studies prove that the majority of organizations that conduct a risk assessment are, in fact, leaking customer information. The statistics on these data leaks are represented by the following pie charts:

Find out all the statistics and detailed cases. Download your copy of the whitepaper “Safeguarding Sensitive Data in the Financial Sector: Fight Fraud and Identity Theft by Stopping Data Leaks”

 

A small percentage of risk assessments conducted show egregious violations that, frequently enough, often end in disaster. Find out with certainty if your sensitive customer information is leaking from your network. Make sure it doesn’t happen on your watch.

Intrusion will conduct an on-site risk assessment of your data leak issues and present the analysis to you in a risk report. To qualify for a no-charge risk assessment, please send your request via email to: This e-mail address is being protected from spambots. You need JavaScript enabled to view it