New tool finds PII hiding on corporate systems

The new Australian privacy legislation that came into effect on 12 March 2014 has increased the pressure on businesses to correctly collect, store, secure and dispose of Personally Identifiable Information. But does you business really know what information they are storing and where it is?
Ground Labs has released Data Recon, a Personally Identifiable Information (PII) discovery tool designed to find the data hiding on computers within your business.

"The risk of system compromise is always there – no system is impregnable," says Stephen Cavey, co-founder and director of Ground Labs. "By knowing where data is stored appropriate risk mitigation can be put in place".

Data Recon is similar to Ground Labs' other product, Card Recon. That application is able to scan systems for credit card information stored on computers. It has a big brother, Enterprise Recon, which can scan across a network. Card Recon and Data Recon can be run from a USB stick and executed to check a system.

Some of the results of those scans have been nothing short of stunning.

"One customer swore black and blue that there were no credit cards on their systems but Card Recon found over 100 million records. These were being uploaded by a bank through a secure channel unbeknownst to the client," said Cavey.

This is the challenge for businesses. Individuals often store sensitive data on unsecured systems without understanding the consequences. Data Recon can scan cloud-based systems such as Google Apps and Amazon s3 and can even discern information in images such as scanned, handwritten documents.

The Data Recon software gives a full audit of any PII and other sensitive information held within corporate systems. It uses search algorithms with an interface that can be configured to search for identifiers such as Medicare and health insurance identifiers, Tax file Numbers, passport numbers and personal names, home addresses and phone numbers.

Once the data is identified, companies can choose what actions to take.

“Many companies are not aware of the amount of personal information contained within their corporate IT systems, let alone whether it is all securely and safely stored and this often explains why large-scale data breaches have occurred so easily. Data Recon attempts to combat this threat by finding any personal customer information and ensure that it is both secure and compliant. One of the simplest ways to protect your customers is to know where sensitive data is held, permanently delete what you don’t need, and adequately secure the sensitive information that you need to store,” Cavey said.

The risks of customer data being accidentally or maliciously exposed are significant.

“Organisations can find themselves increasingly exposed to both reputational risk and real financial penalties by not adequately protecting personal data of customers," said Cavey.

Data Recon has been designed for international use to meet the privacy regulatory requirements of more than 50 countries around the world.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags dataData reconEnterprise Reconbig dataGround LabsAustralian privacy legislation

More about Amazon Web ServicesCSOEnex TestLabGoogleGround Labs

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place