How IT Asset Managers can Prevent Data Breaches (a recorded IAITAM 2022 session)
Posted in Blog
Data storage and sharing are increasing so rapidly and changing so quickly that keeping up with “what’s being stored where” is complicating in-place processes developed to prevent data breaches.
A more comprehensible translation of that number is to multiply 1 trillion gigabytes by 175. That’s a zetta-ton of data to keep an eye on. And the perfect setup for a data breach.
And that’s why it pays to be prepared.
Preventing a data breach: Know where data is being stored
It’s not just the explosion of data, it’s tracking the storage of all sensitive and regulated data. Knowing where your data really is (as opposed to where you think it is) starts with a few simple questions:
- What assets are storing data? What devices are sharing data?
- Where is the data coming from? And going? What known and unknown (perhaps automated) data backup systems are in place?
- Are your vendors holding your data? And where are they backing it up? How are they destroying it? (Are they?)
It’s the labyrinth of responses and knowledge gaps combined with the untracked and undocumented that will make IT asset hardware with memory storage your Achilles heel.
“40% of tested IT equipment still contained personally identifiable information (PII) of the original owners of the hardware.”i-SIGMA (NAID)
Preventing a data breach: Enlist a stakeholder army
To gain a 360-degree view of all data generation, accumulation, storage and dispersal with an organization, it’s more than just the IT asset manager. Look for contributions from outside vendors and a myriad of departments within your organization: purchasing, legal, facilities, IT and planning departments.
Their knowledge and input of what equipment, devices and assets are bought, in use, in storage, on loan or on the horizon is the necessary foundation for an all-inclusive, fully-covered plan for risk reduction.
Preventing a data breach: How important are data privacy and security to your business?
Data security is a top-down initiative. There’s no superhero IT asset manager who can manage all the devices, vendors and processes without full alignment and engagement throughout the organization. That means that data destruction and data center decommissioning budgets have to be allocated and regulatory compliance has to be understood.
While there is no singular US law governing data privacy and security, there are few businesses, agencies or organizations that do not fall under one or more regulations concerning data privacy: HIPAA, FCRA, FERPA, GLBA, ECPA, COPPA and VPPA. The combination of completely avoidable legal liability, fines, reputation damage and market share loss are key incentives to taking data security seriously.
A data breach prevention action plan for reducing risk
If your goal is to have a comprehensive data destruction program, the recording of Guardian Data Destruction’s recent IAITAM ACE presentation Uncommon Places Your Company Data May Be Stored (and Waiting For a Breach) is a good place to begin.
In less than thirty minutes, Brendan O’Byrne, Guardian’s Enterprise Services Manager walks IT asset managers through six loaded categories of hidden data sources. His very practical checklist and action items will help you determine if your data destruction program needs a tune-up (or an overhaul).
If you need additional help or have a question about a specific type of data-holding equipment or processes and procedures needed for an effective data disposition plan, contact us. As the undertakers of the IT world, our job is to ensure that the disposition of any IT asset is secure, compliant and absolute.
Additional resources about data security and privacy
Guardian, as an onsite data destruction service provider, is often the last line of defense. Even with client-provided device scanning, inventory spreadsheets, serial number verification lists and audits, we are vigilant in our search for missed memory storage. Sometimes it’s something obvious. Other times it’s hidden or sneaky and a total surprise to the client. Often, it’s an IT asset that’s so innocent and everyday that it’s not even considered smart enough to be a risk (printers and copiers, we’re talking about you).
Four out of five corporate IT asset disposal projects had at least one missing asset. More disturbing is the fact that 15% of these ‘untracked’ assets are devices potentially bearing data such as laptops, computers and servers.Hardvard Business Review
Peruse this list of 30 common places your company data is stored (and waiting for a breach).
If you’re working with a data destruction provider, understand the value of NAID AAA Certification.
Get advice from 5 experts who contributed to our weeklong series about data privacy: John Shegerian of ERI, Melissa Graham of SHI International, Eric Ingebretsen of TES, Joe Marion of ASCDI, Christian Foster of CircleIT and Eric Dorn of Sipi Asset of Recovery.
We also recommned
Selection criteria for logistics service providers (LSPs) and transporting your IT assets
When you’re evaluating a new IT logistics provider, what criteria are you using? If you need white glove packing, chain of custody, serial number capturing, …
9 mini case studies: calling an audible when a data destruction or data center decommissioning the project scope changes overnight
Benjamin Franklin was quite confident when he stated, “Nothing is certain but death and taxes” but through years of experience, Guardian can confidently add another …
15 compelling reasons to switch from hard drive shredding to data erasure
For IT assets with hard drives, extending the life of hard drives by switching from physical destruction (shredding, degaussing, mutilation) to erasure or wiping is …
Stay in the know
Get relevant information right in your inbox
We do not sell or share your information with anyone