A prominent company donates over two dozen computers to an IT recycler. Little did they know the hard drives of the computers had not been wiped clean and within a few months one of the largest data breaches in the company’s history was revealed. The computers, discarded after a computer upgrade in the Human Resources and Accounting departments, contained personal information, social security numbers, and bank account numbers for over 15,000 current and past employees. Once the information was exposed, there was little the organization could do but to offer a public apology and help the victims prevent any further identity theft. However, months later over half of the sensitive data stolen was being sold on the black market to would-be identity thieves from all over the world.
Unfortunately, real data breaches like this happen to companies of all sizes.
Protecting your data throughout its entire lifecycle is key in preventing data breaches and avoiding sensitive data being released to the public. Data safety procedures must extend beyond the useful life of IT assets and be followed during asset usage, asset storage, and especially during IT asset decommission. Here are the top five ways you can be sure all sensitive data is handled appropriately to prevent a data breach.
- Teach employees how to safeguard IT assets in public
If you allow employees to take laptops or mobile devices home, be sure they understand how to secure assets. This includes what to do with old or decommissioned company assets that may be left unattended in their car or home office. When equipment is not being used, it is imperative that it is stored away and properly secured. Giving someone access, even to unused equipment can lead to an embarrassing data breach.
- Have systems in place to encrypt data
Using passwords that are linked to a computer system and automatically encrypted are the best way to keep data breaches from happening. Managing passwords throughout the lifecycle of every piece of equipment is key. Never store passwords in a place that is visible to others or share passwords via email or text for systems with sensitive information. Having password encryption can ensure that data is protected even after disposal, should files not be erased completely.
- Educate your personnel on the proper steps to take to erase files
It is important to keep in mind that the personnel using your computers may have a limited understanding of the steps to take to protect your company’s data. This is where having internal standards is key on how to use and secure IT assets is also essential. Teach staff how to deauthorize electronic equipment, especially prior to disposing of obsolete components. If you have proprietary programs or installed software on your decommissioned assets, be sure to deauthorize all accounts. This can prevent other people from hacking your systems or running software to access any personal data that may have been left on the computer’s hard drive.
- Work with a certified IT asset disposition provider
When it is time to replace obsolete IT assets and either recycle or resell them, having a system in place to secure and erase your sensitive data is a must. Proper protocol should always be followed to ensure that your company’s data is not compromised when old components are discarded or resold to others. Partnering with a certified IT asset disposition (ITAD) provider like XSi can ensure that your electronic components are wiped clean with disk erasure certifications, leaving no trace of personal or confidential information. A green ITAD recycler can ensure your computers are clean and take the additional measures to recycle, or help you to repurpose your assets.
- Establish protocols for decommissioned assets
The third party IT maintenance specialists at XSi recommend that you delete and wipe all sensitive files. This is especially true if the computers or electronic devices were once used to store social security numbers, identification images, tax and financial information, or anything that would be deemed a breach if made public. When partnering with a data erasure company, requiring all data protection services to be done on-site can be an efficient way to prevent your decommissioned assets from being lost, stolen, or otherwise tampered with. It is also good practice to record the model number of all decommissioned assets and keep track of where they are at all times and if they have been wiped clean. Letting an IT asset fall through the cracks can open your organization up to a significant data breach. Also, be sure to obtain a certificate of data erasure to ensure that all sensitive data has been wiped from all assets and factory settings have been restored.
These are just a few ways that corporations can prevent a wide-scale and embarrassing data breach from happening. Empowering employees with the knowledge of how to protect customer and company information can be the best safeguard your organization can take to secure data throughout the entire IT asset lifecycle. Donating, reselling, or other repurposing electronic equipment is essential to reduce e-waste, but keep in mind that it should never put your organization’s information assets or the personal data of your employees at risk.What precautions has your organization implemented to prevent a data breach? Share your ideas and comments on our Facebook page.