Hard Drive Destruction & Security
“In this world nothing can be said to be certain, except death and taxes” – and cyber crime.
Cybercrime and the cost of data breach have become permanent risk factors today for all size organisations.
In the Cybercrime Global Economic Crime Survey 2016 by PwC, cyber-crime rose from 4th to 2nd place on the most-reported types of economic crime list. Reputational damage was the most damaging impact followed by legal, investment, and/or enforcement costs.
According to the Cost of a Data Breach 2016 report by Ponemon and IBM, the likelihood of a data breach involving a minimum of 10,000 records was estimated to be approximately 26% over the next two years.
In the report, the average cost of a data breach in total increased from £2.37 million in 2014 to £2.53 million in 2015 for the 41 UK businesses surveyed. The average cost paid for each lost or stolen record containing sensitive information is now £102.
There’s now a concern that the mobile workforce will increase data security vulnerabilities – and challenges – even more. In response, organisations are increasingly implementing robust digital data protection policies such as hard drive destruction of any obsolete technology.
More workers than ever are using laptops, smart phones, USBs and other devices outside of the traditional office environment. 95% of C-Suites and 55% of SMEs now say their employees use some form of flexible or offsite working model.
How can an organisation better protect its digital data?
- Create a culture of security throughout the organisation so that security is second nature for everyone.
- Participate in threat-sharing programmes – the Cost of Data Breach report showed that this could reduce the cost of a data breach.
- Limit the type of documents that can be removed from the office.
- Utilise firewalls, use encryption, and activate passwords on all devices.
- Access other data loss prevention controls such as endpoint security solutions (this also reduced the cost of a data breach in the Ponemon study).
- Incorporate all new forms of electronic media into the organisation’s information security policy.
- Schedule ongoing training so employees understand best practices for protecting digital confidential information.
- Provide specific training to the mobile workforce. Best practices include not leaving mobile devices and USBs s in vehicles, hotels, coffee shops, etc., using secured networks, protecting passwords, locking devices, and being mindful of apps installed.
- Regularly clean out storage facilities so that obsolete electronic devices are not stockpiled. Even if devices are wiped or information is deleted, special software can be used to recover data.
- Protect visible information on screens from passers-by.
- Implement a Clean Desk Policy.
- Turn off computers when finished using them – otherwise, they’re connected to the Internet and are vulnerable.
- Before securely destroying hard drives, back up data and transfer files.
- Destroy all unused hard drives using a third-party provider that has a secure chain of custody and confirms destruction.
Destroying obsolete hard drives does not mean that materials cannot be recycled too. A best-in-class information security partner will provide secure recycling too.