Too many hands in the PII
LIMIT ACCESS TO P.I
Personally identifiable information, or P.I.I, is any data that could potentially be used to identify a person or account. Examples include a full name, Social Security number, driver’s license number, bank account number, passport number, and email address.
Too many companies do not have a full understanding of the number of their employees who have partial or full access to their P.I.I data. The more employees you have with access the greater the risk of a Data Breach. I recently had a FinTech client who transferred money from their multiple client accounts to their main holding bank account. They were unaware that Sales and Marketing was sending unsecured emails to each new client with their main banking account and the routing number. They also had a client onboarding team also sending unsecure emails with their main banking account and the routing number. This is exactly the type of email that has been used in many bank fraud incidents. A large city in Florida had their payroll account hacked this way and millions of dollars were transferred offshore. They were not even aware of the hack until county employees complained they had not received their payroll direct deposit. A strong Data Loss Prevention (DLP) program could have these emails and other sensitive data from ever being sent outside the company.
Additionally, this also applies to your entire network. Every desktop, laptop,