Understanding Secure Data Destruction
Disposing IT equipment may create high risk to your organization
You decided it’s time to finally upgrade your company servers. The old ones got removed, the new ones installed, and now they are already being used in operations. Everyone is happy and reporting improvements in critical application performance.
But wait, where did the old servers go? What happened to them, and more importantly, all the data? If you don’t know and have chains of custody documented, your organization could be exposed to data loss or theft, or worse, being held hostage for Ransomware by cyber terrorists. And you could face business continuity interruptions as well devastating regulatory compliance penalties. Heavens! Who knew getting rid of old equipment could cause so much trouble?
What Most People Don’t Know about Offline Electronics
Unfortunately, most employees have no idea what needs to be done with old equipment to properly ensure the safety of private and proprietary information. They assume that IT picks it up and simply gives them new equipment. Out with the old and in with the new replacement. But ask yourself these key questions which can impact what could happen to the information on your old equipment:
- Do you know for sure what happens to the data on older equipment when it gets recycled? You should have a log of what has been performed. You will need this ensure your data is safe and secure as well comply with any regulatory audit your industry requires.
- Why not Just delete the data off older systems before disposal? Because online and consumer-oriented applications often do not completely “wipe” the data, leaving traces of data that an expert thief can access.
Disposing IT equipment without following the latest industry standards that take into consideration the today’s significant risks associated with cyber security issues and data theft, can jeopardize your organization’s ability to operate securely. It can also lead to potential legal risks for failure to comply with regulatory laws covering theft and loss of privacy data.
Can your business afford to have all of its customer, partner, and vendor data held hostage by some crook? Or, face the news that your customers’ private information has been exposed to the world? Probably not.
Common Equipment Data Breaches
Costly scenarios are easily possible when you don’t know the best practices for securing data on devices. For example, here are just two common mistakes businesses make. A company simply throws its old printers out in the dumpster. How smart can these devices be? Well, many old printers, copiers, and faxes often still contain electronic proprietary data, from phone numbers to passwords, which anybody could easily retrieve and use. Another innocent-seeming scenario is companies giving away old laptops and computers to employees which contain privacy data and company network access details. Not only do these practices expose private information to the public but also opens the organization to legal and financial risks if the equipment falls into to the wrong hands.
Here are a few recent regulatory penalties applied to companies that failed to properly secure data as required by regulatory laws:
Morgan Stanley fined $60 million- Home Depot fined $28 million
- Target fined $7.4 million
- Big Lots fined $3.5 million
- Walgreens fined $3.5 million
- Dollar General fined $1.1 million
Proper Disposal of IT Assets
The Center for Internet Security (CIS) recommends how to properly dispose of equipment potentially containing private data. CIS Control 3.5 calls for “Securely dispose of data as outlined in the enterprise’s data management process. Ensure the disposal process and method are commensurate with the data sensitivity.”
Having a data disposal policy and teaming up with a reputable vendor that can professionally handle the end-of-life process for your older systems is a smart decision. This policy should define who oversees the process, what practices are employed, and it should include documentation and a chain of custody from the rack to the scrap heap, so you know everything about how the data has been handled. The key advice is to not leave your sensitive data to chance. Ensure the data is removed and properly document this has occurred.
We’ve got your back!
Since 1987, CCI Managed Services has been sharing its network management expertise with our clients. As part of our network security assessment, we can evaluate and make recommendations for improving your existing security policy. If you don’t have a policy, we can work with you to create one that effectively protects your organization from today’s data security risks – online and offline.
For further information about IT asset disposal and how you can properly secure your data, give us a call today at (603) 542-5109 or contact us online for a free IT assessment.
