Tips for Reducing Risk of a Data Breach from Unwanted IT Equipment

Posted in Blog

Glenn Laga

Oftentimes, unwanted IT equipment is in a limbo, interim stage between usage and refresh or replacement. How can you minimize the risk of a data breach and potential litigation or embarrassment as you stockpile unwanted IT equipment?

• Don’t let old IT equipment or technology accumulate to a quantity or space that cannot be securely monitored and managed.
• Keep equipment destined for disposition in a secure area. We hear too many tales of servers missing from unmonitored loading docks, laptops going home with employees, and boxes of tapes and drives just getting lost in storage.
• Document every piece of hardware by tracking or scanning serial numbers and locations.
• Familiarize yourself with the law, your industry regulations, mandates and security guidelines.
• Educate equipment purchasers about the financial implications of security, privacy and environmental regulations when disposing of old IT equipment. You can easily build disposition costs into the initial leasing or equipment purchase plans.
• Understand “chain of custody” and how it affects your equipment getting safely from point A to point B. How does your equipment transition from employee hands or facility use to safely scrubbed or destroyed?
• Determine if your company has a “zero tolerance policy” for data breaches. Develop an asset management and disposition program that includes appropriate employee training, vendor selection and monitoring, IT security systems, standards, and accreditation.
• Review your contracts to understand your responsibility and contractual obligations. Do you return leased hardware with or without hard drives? Whose responsibility is it to ensure that equipment is properly wiped or destroyed?
• Assign responsibility to a single person or authority to maintain continuous oversight and records of your ongoing asset disposal program.

It is essential for all levels of your organization to understand that your business is accountable for the data stored on any of your unneeded IT equipment — even if it’s no longer in use or on your site. Your IT equipment VAR should be able to help you in the selection of an IT asset disposition vendor who can work with you to ensure that your data remains secure. Or, contact Guardian Data Destruction for additional information. We’re happy to help!