Companies’ emails are a security nightmare
We came across this situation and a large number of companies have this problem. They have tons of emails sitting somewhere in their network drive that contain a ton of personal data.
What caused this?
Customers of this organization would email them sensitive personal data such as credit card numbers. Customers would send that information to allow the organizations to process payment for a product or service provided by the organization to their client.
Email has become a de facto storage place for organizations and that can be risky
Most of our work today is done by email and other communication forms such as chat/messaging. Email has become a defacto storage place for many people in organizations. So a lot of sensitive personal data sits in these emails.
Why is it a problem?
The problem arises because of privacy laws (PCI DSS which requires organizations to keep the payment information secure) and general security concerns. This data could be misused by internal employees, or by people who somehow manage to get access to the data from outside the organization.
The challenges of solving the problem
- Finding the data: There is a lot of data, with different file formats — emails, attached pdfs, images. Not trivial to find personal data. The data may be stored in a cloud environment or on-premise.
- Redacting the relevant data: Once the relevant data is found, secure redaction needs to be applied so no underlying data that is meant to be redacted is left. (This is not easy, as evidenced by several publicly shared cases of redactions which allowed people to find the underlying data)
- Keeping the email format so the emails can still be useful as a record: The organization might want to still use the email in its current system as a system of record. This means the emails that are redacted must retain a similar file format and form.
Finding the data requires being able to efficiently search for the data in large volumes of emails and attachments to the emails. At DocuVision, we use the latest technology to solve this problem.We provide the ability to connect to on-prem systems where someone can securely upload the emails to our DocuVision cloud-deployed service, and we can return the files to the right location on the organization’s server. We can also connect to Cloud storage or cloud-based email systems, like GMail or O365 to find the emails. Our solution can find and redact the personal data you care about in the email file you have. With the DocuVision solution, in a few clicks an organization can get rid of risky personal data in its emails/attachments, so it can comply with relevant laws and keep data secure.