As high-profile data thefts and losses continue to populate the news headlines, many companies dont realize that they already have a tool at hand that they can use to find and close at least one potential area of data loss. Is it an advanced security analytics tool? Nope, its just a simple, ordinary search engine.
Whether a search engine is pointed internally at portals and other intranet Web sites, or at the external company site, its busy indexing every page that is visible to users and the outside world. Basically, if the search engine can see it, then anyone can.
There have been many prominent cases where an outside group found sensitive data on a company site using the companys own search engine.
Take pre-emptive action to close this hole. Come up with a list of terms found only in sensitive documents, such as HR payroll numbers, internal planning documents and product plans, and then use this list as search terms on your site. You may be surprised at what you find.