Encrypted Alphanumeric Keywords: Your organization’s safe deposit box

How many websites have asked you for your social security number this year? How about forms you have filled out and sent through the mail? Or scam emails?

We all know how important it is that social security numbers stay confidential, yet we must use these numbers so often it is hard to keep track of who has requested them, and for what purpose.

We put our faith in those we do business with every day, and trust they keep our social security numbers and other personally identifiable information (PII) confidential. We hope the organizations handling documents containing this information are doing everything they can to enforce a policy of least privilege – meaning that only those workers who need to see a social security number should have access to it.

Is your organization doing everything that it can to protect customer information? While complying with standards like HIPAA is a great start, it is by no means a signal that customer data is completely safe from the bad guys, and that the good guys can discontinue their efforts to strengthen defenses.

Defense-in-depth

A good security policy is multi-layered (think of an onion). If one layer fails, there are others in place. This is a concept that security professionals refer to as “defense-in-depth.”

One asset that is high on the list of attackers’ objectives is your database. A tactic they employ often is to steal or copy the target’s database, and then “dump” the information on a website that allows for pasting information anonymously.

If someone were to steal your database tomorrow, how confident are you that your customers would be comfortable with the way you store their information? Are you storing passwords using a strong cryptographic hash algorithm?

What about PII? Have you encrypted keywords like social security numbers in the database? You definitely don’t want to wake up one morning and find your customers’ social security numbers on pastebin.com.

Using encrypted alphanumeric keywords

Beyond the threat of someone stealing your database, there is also the concern of who is able to access this information in their day-to-day work. Do your support specialists need to see customer social security numbers? How about your HR generalists and recruiters?

If certain employees will not need access to this data, why make it available to them? Personally identifiable information should remain encrypted until accessed by a party with rights to see it.

At Hyland, we offer the ability for you to encrypt alphanumeric keywords. This robust security measure can provide you, your patients and customers with peace of mind. When you use encrypted alphanumeric keywords utilizing the AES-256 algorithm, they remain encrypted in the database and are not decrypted until a user with appropriate rights and privileges accesses them.

What if your users need access to documents that have been indexed with encrypted keywords, but you don’t want the encrypted keywords to be visible to them? No problem!

Using the security masking feature, the encrypted keyword values will be masked for all users that do not have rights to view restricted security keywords.

The financial consequences to exposure of PII can be devastating. By ensuring that private information is encrypted within your database, in case it becomes the target of cyber-criminals, everyone sleeps better at night. Especially your customers.

That’s a secret worth sharing.

Kate Barney & Josh Gatka

Kate Barney is Hyland's marketing portfolio manager for the healthcare industry. Josh Gatka has worked in Hyland’s Quality Assurance department for four years. In 2016, he assumed the role of Hyland’s Security Evangelist. His mission is to train and educate industry professionals on how to protect themselves and their organization from today’s advanced cyberthreats.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may also like...