Why You Should be Concerned about Embedded Data
Embedded data is any data that’s stored on media that is easily overlooked when assessing a security risk posed by a particular device. This means that every device, including servers, computers, smartphones, tablets, etc., used by your employees may have sensitive, hidden company or customer information stored on them. When they’re not disposed of properly, these devices and the data stored on them (or, embedded data) can pose a security risk to both your company and your customers.
For example, the Target breach was enabled because the thieves were able to gain access to the IP addresses from air conditioners. According to Bloomberg Businessweek: “They probably used credentials of an HVAC vendor to get into Target’s network, spending weeks on reconnaissance to install malware programs.”
Who would have expected that the air conditioners, which had an IP address for monitoring, would be a portal for what happened? Hackers stole information for more than 40 million credit cards and personal data for over 70 million customers. “Target was hit with over 90 lawsuits related to the massive data breach, and spent over $61 million as of February 1 responding to the attack,” according to the article. All of this because of the HVAC system.
In asset recycling and asset disposition, vendors are traditionally qualified based on their proficiency in erasing or destroying hard drives, but they are not evaluated on their proficiency in finding hidden media. This is a huge data security blind spot in the industry.
It often takes a public event to bring awareness to issues like this. Another example: For many years, copier machines were being transitioned from analog to digital, but no one was paying attention to the danger posed by the sensitive information that was being recorded by the digital copiers. It wasn’t until 60 Minutes ran a piece about how hard drives were being harvested from off-lease copiers with all the data intact that companies became aware of the problem.
If that can happen with hard drives on copiers, and the focus is on erasing hard drives, can you imagine all the other sensitive information that’s leaking out that no one is aware of?
The truth is, embedded data is a part of daily lives. It’s used in almost all of the computers and devices that make our lives easier — everything from smartphones to HVAC systems and many other things in between. Every day, new intelligence is being added to more and more products, and with that intelligence comes sensitive information that in the wrong hands can wreak havoc to any company.
You need to make sure that you’re asking the right questions in your RFPs when it comes to finding embedded data to prevent your risk of liability, ensure your company’s security, and protect your customers.