Data Breach Success Story
Everything we do for our clients is done with the intention of preventing data breaches and/or putting them in the best position possible to recover when something goes wrong. For best practices in IT asset disposition, we prescribe having an inventory list for assets that are decommissioned and sent to us to be recycled. When the reporting is received back from us, the client is encouraged to quickly reconcile and address any discrepancies. In adhering to this program one of our clients noticed a trend of missing equipment during their reconciliation process. Working with their security department they were able to identify where the IT equipment was “going missing” and unfortunately learned that employee theft was the cause of the discrepancies. They then were able to follow the employee and learned where he was selling the equipment. They subsequently recovered all of the stolen equipment and with it the confidential information contained on it. What this situation reinforces is:
- The process we recommend for tracking IT assets really works if it is followed properly.
- Contrary to popular belief, the 80/20 rule of data breaches says that 80% of all actual data breaches occur with off-network devices. Most organizations, when they think of data security, tend to think of the firewall to keep the bad guys from getting in but the reality is that since the majority of breaches come from off-network devices you really need to pay attention to how off-network devices are being managed so your sensitive information is not allowed to get out.
- Something is going to go wrong eventually so it makes sense to have systems and documentation in place that empower you to react in an effective manner when the “uh-oh” moment occurs.