Even those with established processes could unwittingly initiate a security leak if they rely on wiping or degaussing hard drives, or handing over their e-waste to an outsourced recycler. Worse yet, some organizations might be stockpiling old technology with no plan at all.
Despite the many public wake-up calls, most American organizations continue to be complacent about securing their electronic media and hard drives. Processes and protocols surrounding the destruction of electronic devices have been slow to adapt to new reality: that businesses large and small are increasingly dependent on digital information.
Congress is hoping to hold businesses accountable for the protection of confidential information with the introduction of the Data Security and Breach Notification Act of 2013, which will require organizations that acquire, maintain, store or utilize personal information to protect and secure this data. However, legislation only goes so far and American organizations of all sizes must be more vigilant to protect themselves from a data breach that could damage their bottom line, with the prospect of losing revenue, reputation or clients.
To mitigate the risk of fraud, businesses should consider the following tips:
Think prevention, not reaction. There is no one-size-fits-all data protection strategy. Develop preventative approaches that are strategic, integrated and long-term, such as eliminating security risks at the source and permanently securing the entire document lifecycle in every part of your organization;
Be security savvy. Put portable policies in place for employees with a laptop, tablet or smartphone to minimize the risk of a security compromise while travelling;
Protect electronic data. Ensure that obsolete electronic records are protected as well. Simply erasing or degaussing a hard drive or photocopier memory does not remove information completely—physically crushing the device is the only way to ensure that data cannot be retrieved;
Create a culture of security. Train all employees on information security best practices to reduce human error. Explain why it's important, and conduct regular security audits of your office to assess security performance.
"For every desktop computer, printer or mobile device purchased, there should be a secure disposal plan for outgoing technology," said Michael Collins, Shred-it Regional Vice President. "More often than not, those devices are loaded with sensitive company or customer information that is recoverable if the hard drives aren't physically destroyed."
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.