Device Security: Why Hard Drive Destruction is Critical
A few years back the BBC ran a story warning that the only way to stop fraudsters from stealing information from old computer hard drives was by destroying them completely. The warning came after a study showed thousands (22,000) of ‘deleted’ or ‘reformatted’ files were recovered from old computers purchased online.
The fact is there are software programs designed to help thieves extract data even after data has been electronically destroyed.
At the same time, there are other concerns that make secure e-media and hard drive disposal a critical aspect of device security.
Below are some common concerns everyone should be wary of:
Volume. There are more hard drives than ever in the workplace... in desktop computers, laptops, servers, phones, USB thumb drives, printers, copiers, and other equipment. In 2015, technology companies shipped more than 2.6 billion devices containing hard drives, according to IT research firm Gartner.
Internet of Things (IoT). Trend Micro reports that one in 10 enterprises are integrating IoT devices into the workplace to make work easier and more efficient. Gartner says that 4.9 billion network connected ‘things’, were in use in 2015, a 30% increase compared to 2014. But employee IoT devices, which transmit and receive data, are an attack vector for cyber criminals. Safeguards must protect the business and the individual.
Upgrades. Electronics become obsolete (and are replaced) within three or four years – and that affects BYOD security and other safeguards. According to the Consumer Technology Association, sales of mobile connected devices, specifically smart phones and tablets, represented just over 35% of the total consumer electronics industry revenue in 2014. Although revenue growth slowed down, unit sales continued to rise.
Privacy laws. Government privacy laws and industry guidelines require organizations to securely destroy confidential data at the end of its life. For example, in the U.S., at least 31 states and Puerto Rico have enacted laws that require entities to destroy, dispose or otherwise make personal information unreadable or undecipherable.
Cybercrime. Industry experts predict a continued boom in cybercrime. In terms of cost, the average consolidated total cost of a data breach rose 23% to $3.8 million in 2014 compared to the previous year. The 2015 Cost of Data Breach Study: Global Analysis from Ponemon also showed that the average global cost for each lost or stolen confidential record increased from a consolidated average of $145 to $154.
Responsibility. Data stewardship is a corporate priority and responsibility. The 2014 Data Protection & Breach Readiness Guide from the Online Trust Alliance reported that security-driven workplace systems and controls help protect against external trends like big data and cybercrime. For example, a document management process protects confidential information from its creation to end of life. At the same time, the 2015 Shred-it Security Tracker showed that 37% of U.S. businesses have never disposed of hard drives, USBs and other hardware that contain confidential information. A best practice: partner with a document destruction company that provides secure hard drive destruction as well as other security services and products for the workplace.
It’s important to understand device security and know your e-media and hard drive disposal process, to avoid being vulnerable to information theft – and costly data breaches.