Avoiding a Data Breach with Proper Data Destruction Programs
It’s a common misconception that eradicating data on a hard drive means that all the data is gone from the entire device. In reality, data is likely still lurking around on the phone, copier, or computer. This hidden data is also known as embedded data or media. Embedded data is any data that’s stored on media that is easily overlooked when assessing a security risk posed by a particular device. This means that every device, including servers, computers, smartphones, tablets, etc., used by your employees may have sensitive, hidden company or customer information stored on them. When they’re not disposed of properly, these devices and the data stored on them (or, embedded data) is ripe for a potential data breach, which can pose a security risk to both your company and your customers.
A data breach can often have devastating consequences, including millions of dollars in financial penalties, damage to your reputation with customers, clients, and the public. Also, depending on your industry, you can find yourself in trouble in terms of regulatory or compliance status.
Planning for data destruction needs to be an integral part of every organization’s data management and IT asset management programs. Data destruction is the process of removing information in a way that renders it unreadable and irretrievable. Devices today are extremely resilient. Data can often be retrieved from devices that have been burned, crushed, or submerged in water. It’s actually quite difficult to permanently get rid of data, but it’s necessary to protect your company.
Here are some things you need to think about when it comes to managing your company’s retired IT assets and the data they contain:
- Track and safely store retired devices and media that have confidential data on it.
- Maintain an inventoried list of all of the items and keeping them locked up with limited access.
- Destroy media properly before it leaves your facility.
Proper identification and inventory of embedded data-bearing devices is an essential first step. You need to define, in advance, how you will eradicate data on devices at end-of-life, including all of the specific process steps and associated costs. You need to ensure that you have a documented, quality assured process in place. This includes making sure that you train and certify the people performing the tasks in this process.
In asset recycling and asset disposition, vendors are traditionally qualified based on their proficiency in erasing or destroying hard drives, but they are not evaluated on their proficiency in finding hidden media. This is a huge data security blind spot. You need to make sure that you’re asking the right questions of your vendors when it comes to finding embedded data to prevent your risk of liability, ensure your company’s security, and protect your customers.
The number and diversity of computing devices and increased upgrade cycles have made IT Lifecycle Management a laborious undertaking that’s prone to mistakes. Make sure that you understand the risks of improper IT asset management.
About Brass Valley
Brass Valley is an IT Asset Lifecycle Service provider and industry leader in client protection practices. Our combination of processes, products, documentation, and insurance help prevent off-network data breaches, giving your organization the best platform of protection available today. We work with clients and industries such as financial services, healthcare, and the Fortune 1000 where protection of sensitive information is a high priority. To learn more about Brass valley, visit www.BrassValley.com.