The IT Industry’s Dirty Little Secret: Most Data Breaches Occur Off-Network
Headlines such as those involving the NSA and data security privacy are seen daily and are usually related to online activities. The dirty little secret is that most data breaches are occurring off-network.
Off-Network Devices can often contain proprietary internally developed software, network access information that could be used by hackers to identify network routing information and other passwords, confidential client information like social security numbers, patient information, personnel information, and trade secrets.
For example, a phone system may have user information on it, a copier may have copies of your most sensitive data stored in its hard drive, networking devices contain IP addresses and passwords that could allow an outsider to penetrate your network.
Below is a list of some of the types of equipment that will go off-network at some point in their lifecycle – some of which you may never even thought of:
When they’re not disposed of properly, these devices and the data stored on them (or, embedded data) can pose a security risk to both your company and your customers.
Here are a few questions companies need to think about in regard to their IT assets:
- What becomes of decommissioned technology?
- What are the legal requirements when you retire this equipment?
- Do you have a process for determining what data is on these devices?
- How do you securely and properly dispose of these devices?
- What could you prove in a court of law and would your proof be sufficient to be admissible?
If you don’t know the answers to these questions, you need to start thinking about them in order to reduce your risk of liability, ensure your company’s security, and protect your customers.
You can read more about this topic by downloading our full Legal & Security Risks in Management and Disposal of Off-Network Technology whitepaper here: http://bit.ly/SecurityRiskWP