Personally identifiable information lives on the networks of the largest enterprise to the smallest office and...
all types of businesses in between. Without proper protection, it's just waiting to be exposed by carelessness, ill-intent, malware or another threat.
Much of information security's focus is on protecting personally identifiable information (PII), and for good reason. We are approaching 1 billion PII records exposed over the past 10 years.
PII -- such as Social Security Numbers (SSNs) and credit card information -- can live practically anywhere on the corporate network. It can be in Word documents, Excel spreadsheets, PDF files and even text files such as application logs. These sensitive assets are dubbed "unstructured information" because they're not in a database, and many organizations don't have PII security measures in place. It's there for the taking -- viewing, copying, deleting -- and when something bad happens, companies may never know about it.
Tools to improve PII security
Companies can't afford to be unaware or underprotected. The first step toward fixing security issues is acknowledging the problem. The good news is there are great free tools -- such as SoftPerfect's Network Scanner, Microsoft's ShareEnum and vulnerability scanners such as Nexpose -- IT administrators can use to find open shares that leave PII unprotected on Windows workstations across the network.
Here's an example of SoftPerfect Network Scanner's findings:
The various open shares are listed as manila folders with red exclamation points in the IP Address column on the left, and the share permissions are under the respective Shared Folder columns on the right.
Admins should run these scans on their network segment(s) with domain authentication to see what other users see. There are a couple different configuration options available for seeking out open shares in SoftPerfect Network Scanner, including options to enter in Windows credentials:
Once the scanner finds the open shares -- especially the ones that grant full rights to the Windows Everyone group -- admins can use Windows search or a tool such as FileLocator Pro to find instances of PII in files on the open shares. This is based on search queries such as "SSN" or specific regex entries for whatever file types admins search for. For example, here's a search for "SSN" in FileLocator Pro:
Taking this approach to uncovering PII security gaps is sort of a poor man's data loss prevention (DLP); it's just a start. Many shops need a full-fledged DLP system, cloud access security broker, or both to fully inventory and protect sensitive unstructured information.
Keep in mind that there's likely as much intellectual property to be protected in the enterprise and it's at risk in the same ways as PII. However, for whatever reasons, many executives and their legal counsel foolishly believe that contracts and other legal-based protective measures are enough to keep that information in check. Don't forget about sensitive information in databases that may be exposed as well, in SQL Express instances running on random workstations, for example.
Be sure to look in all areas of the network for the many various sensitive assets. Regardless of any specific nuances, make finding and protecting this information on enterprise desktops a top priority.
More on PII and privacy retention
Are passport numbers PII?
How to keep PII out of access logs