Data at Rest is any data stored on media that is overlooked when assessing a security risk posed by a particular device. This means that every device, including servers, computers, smartphones, tablets, etc., used by your employees may have sensitive, hidden company or customer information stored on them.
Improperly Disposed Assets Create Data At Rest Risks
When they’re not disposed of properly, these devices and the data stored on them (or, data at rest) can pose a security risk to both your company and your customers.
For example, in 2013 the Target data breach was enabled because the thieves were able to gain access to the IP addresses from air conditioners. According to Bloomberg Businessweek: “They probably used credentials of an HVAC vendor to get into Target’s network, spending weeks on reconnaissance to install malware programs.”.
Would you Expect a Large Company to be Hacked via an Air Conditioning System?
Who would have expected that the air conditioners, which had an IP address for monitoring, would be a portal for what happened? Hackers stole information for more than 40 million credit cards and personal data for over 70 million customers. “Target was hit with over 90 lawsuits related to the massive data breach and spent over $61+ million as of responding to the attack and $18.5 million to End Data-Breach Probes” according to the article. All of this because of the HVAC system.
It's Important To Qualify ITAD companies in More than Just Destroying Data
In asset recycling and asset disposition, vendors are traditionally qualified based on their proficiency in erasing or destroying hard drives, but they are not evaluated on their ability in finding hidden media. This is a massive data security blind spot in the industry.
Don't Wait till a Public Event and Or Crisis Hits to Mitigate Data in Transit Risks
It often takes a public event to bring awareness to issues like this. For many years, copier machines were transitioning from analog to digital, but no one was paying attention to the danger posed by the sensitive information that was being recorded by the digital copiers. It wasn’t until 60 Minutes ran a piece about how hard drives were being harvested from off-lease copiers with all the data intact that companies became aware of the problem.
If that can happen with hard drives on copiers, and the focus is on erasing hard drives, can you imagine all the other sensitive information that’s leaked out that no one is aware of?
Data At Rest as Part of our Daily Lives
The truth is, data at rest is a part of daily lives. It’s used in almost all of the computers and devices that make our lives easier — everything from smartphones to HVAC systems and many other things in between. Every day, new intelligence is being added to more and more products, and with that intelligence comes sensitive information that in the wrong hands can wreak havoc to any company.
Ask The Right Questions to Mitigate Data Breach Risks and Other IT Security Risks
You need to make sure that you’re asking the right questions in your RFPs when it comes to finding data at rest to prevent your risk of liability, ensure your company’s security, and protect your customers.