Most Companies Are Not Prepared for the Legal and Security Risks When it Comes to Their IT Assets, According to Brass Valley Whitepaper
Between 70% to 80% of data breaches come from off-network equipment — equipment that has been decommissioned, misplaced, or stolen, according to various studies. However, the vast majority of corporate budgets are spent on protecting online assets. What most businesses don’t realize is that the law makes no distinction between online and offline — the company bears responsibility for protecting sensitive information.
A recent whitepaper released by Brass Valley, an IT Asset Lifecycle Service provider, called Legal & Security Risks in Management and Disposal of Off-Network Technology, written with a leading Data Security attorney, digs into the little-known issues, risks, and consequences in the management and disposal of off-network technology, including: cell phones (especially Android and iOS devices); PCs, workstations, laptops; Tablets, iPads, and Android devices; Servers; Network switches and hubs; Office copiers and fax machines — to name only a few. The paper also provides guidance on how businesses can adopt IT management and disposal best practices.
These devices can often contain proprietary internally developed software, network access information that could be used by hackers to identify network routing information and other passwords, confidential client information like social security numbers, patient information, personnel information, and trade secrets. For example, a phone system may have user information on it, a copier may have copies of your most sensitive data stored in its hard drive, networking devices contain IP addresses and passwords that could allow an outsider to penetrate your network.
“We’ve all heard about the Target security breach because the theft of 40 million credit card numbers is what makes news, but what we really need to be talking about is the millions of computers, servers, and devices that are outside of companies’ networks. The dirty little secret is that most breaches are occurring off-network,” said Rocco D’Amico, President of Brass Valley.
“The potential consequences of not being able to prove due diligence in the protection of sensitive information can be severe. It is important to understand when a corporation’s liability can become a personal liability,” added CEO Brian Lovett. “The liability that can arise from breaches of data security is a growing legal trend where lawsuits are filed against companies when data, that is considered proprietary or is classified as personal identifiable information, is made public. When a customer, vendor, or patient is harmed through the misuse of their data, your company remains liable.”
According to Brass Valley, good security practices should remain in effect regardless of the fact that the device (system, component, server, etc.) has outlived its usefulness and is removed from the network.
It may seem overwhelming for already overtaxed IT departments, and in fact, many companies struggle with how to get started in addressing security for off-network devices. However, the paper highlights three simple steps companies can take to get started in the right direction:
- Conduct an IT assessment provided by an IT lifecycle management company. With this assessment, you will learn where you are exposed and how to close the gaps.
- Consult with an attorney experienced in data security and technology law to position your company as best as you can so you are prepared if something goes wrong.
- Consult with an insurance provider who is experienced in cybersecurity to make sure you have adequate insurance to protect you and your company if you have to make a data breach claim. The insurance provider can give you guidance.
You can read the full Legal & Security Risks in Management and Disposal of Off-Network Technology whitepaper here.
About Brass Valley
Brass Valley is an IT Asset Lifecycle Service provider and industry leader in client protection practices. We work with clients and industries such as financial services, healthcare, and the Fortune 1000 where protection of sensitive information is a high priority. To learn more about Brass valley visit: www.BrassValley.com.