Your Biggest Security Threat May Be Sitting Right Down the Hall

by David Fletcher on February 24, 2016

Security threatMost companies say that their employees are their greatest assets. They are the lifeblood of the organization. They are what makes the business thrive.

They could also pose the greatest security threat your company will ever face.

There’s no way around it—employees must be entrusted with sensitive information to do their jobs. And therein lies the problem. With privileged access to confidential information, employees are perfectly positioned to do irreparable harm. Just one employee who steals one credit card number is all it takes to strike a financial blow to your company and damage its reputation.

So how can you best protect yourself from insider fraud? How can you ensure that none of your information is being stolen by even a single employee, especially when that information is stored on an IBM mainframe or AS/400 system? How can you secure your assets without having to modify systems and processes developed decades ago by people who are now retired?

An Easy, Low-Risk First Step

Remember, digital security wasn’t an issue fifty years ago when your mainframe applications were born. Back then it didn’t matter that data was displayed for all the world to see. But times have changed. Today, effective security requires a multifaceted approach. Luckily, there’s an easy, low-risk first step you can take to shield personal data from the wrong eyes. It’s called data masking.

Let’s say an employee is tasked with validating customers’ email addresses. To that end, the employee must access a mainframe screen that also displays a customer’s credit card number, social security number, home address, and date of birth—additional info the employee doesn’t need. What if you could mask all fields except the email address? If an employee can’t see a number, it’s of no personal use, right? This is how data masking works. It lets you display just enough for employees to do their jobs, but not enough for them to do any harm.

If you’re a Micro Focus® Reflection® customer, you already have the ability to mask data at your fingertips. Built right into Reflection is advanced and flexible technology that quickly masks any data on IBM host screens—without making changes on the host side.

Reflection data masking is accomplished through the use of Privacy Filters and Primary Account Number (PAN) Rules within the Reflection Information Privacy Tool. With this tool, you can mask any field or data type—of any field length, in any position—on the host screen. Reflection privacy filters and rules are stored at the user level, which means you can easily manage the same settings for different user groups (manager/supervisor versus end user).

Micro Focus has recently worked with several large companies to help them mask host data. Here are a few examples of what they were able to do using Reflection Privacy Filters and PAN Rules:

  • Mask an entire column of data.
  • Mask personal financial data fields.
  • Mask only the last six digits of a variable-length field.
  • Mask a data field that appears in multiple places on the same screen.
  • Mask data based on basic conditional instances—e.g., based on data fields or screen identifiers.
  • Mask data based on complex conditional instances—e.g., using if, then, and else type conditions.
  • Mask diverse PANs, including those with different lengths, prefixes, and dash positions.
  • Mask data that is displayed between two separate values.
  • Provide varying levels of visibility based on a user’s role or job function.

Filters and rulers

Reflection’s data masking capabilities are patent-pending and unmatched by any other terminal emulation client. They also provide a low-risk fix that you can easily implement right now. Is there any reason not to?

Visit Setting Up Information Privacy with Reflection Desktop to learn more about data masking with Reflection Desktop.

Previous post:

Next post: