August 27, 2015

Hard Drive Security: Five Overlooked Devices You Need to Safeguard

When you think about data breaches, what comes to mind?

Hackers? Insiders? An old hard drive in storage?

While most people think of perpetrators, they often forget that any piece of equipment that contains a hard drive can increase the risk of a data breach.

Besides safeguarding against information thieves, “the challenge for organizations today is keeping track of the ever-growing mountain of new information being produced each year on any number of devices,” says a privacyrights.org paper.

Monitoring and managing the intentional - and unintentional - archives, and maintaining hard drive security, is also important. The Ponemon Institute identified five digital devices that are sometimes overlooked.

1. Old Hard Drives

Research has shown that many old hard drives contain confidential and easily recoverable information.

Most recently, a two-month study by the National Association for Information Destruction (NAID) found significant amounts of personal information on recycled computers that had been randomly purchased on public sources such as eBay.  

While wiping and deleting files are thought to get rid of data, the only way to ensure data is completely gone is to remove the hard drive from the device and securely destroy it.

According to information destruction leader Shred-it, 34% of IT personnel do not have a secure process for hard drive destruction. In fact, 46% of businesses stockpile hard drives.

To safeguard hard drives: implement a records retention and hard drive shredding schedule. Partner with a recognized information destruction company.

2. Copy Machines/Printers

Most digital copiers and printers contain hard drives, which store the image of every document that is copied or printed.

An example of a data breach is a U.S. managed care plan that was fined one million dollars in 2013 after a photocopier containing patient information was compromised.

When leasing or purchasing equipment, ask about security features or packages. Train employees good work habits – for example, never leave confidential information in the machine.

When trading in, selling or upgrading a copier, physically destroy the hard drive.

3. Fax Machines

Fax machines contain hard drives that store the data from each document they transmit.

A corporate fax policy should spell out safe usage procedures (such as use a cover sheet, and double-check the telephone number before transmitting documents). Set up the machine in a supervised area that is off limits to unauthorized persons.

Securely destroy the hard drive at the end of the machine’s lifecycle.

4. Routers

If a router isn’t configured properly, warns a blogger at sbomag.com, “pirates using your internet connection can slow down your connection and gain access to your confidential information.”

Password protection is an important IT safeguard.

“Data stored on digital devices such as routers must be securely destroyed to prevent it from getting into the wrong hands," said Larry Ponemon of Ponemon Institute in a post.

5. Mobile Devices

Many people only associate cyber threats with their PCs and neglect even basic security precautions on their smartphones. That's probably why this year mobile was ripe for attack, according to the Internet Security Threat Report 2015.

Emphasize technology safeguards, app security, and best practices in Bring Your Own Device (BYOD) and other mobile device policies.

Shredding outdated paper documents is also one of the best ways to keep confidential information secure. Find out how outsourcing these services will simplify the process and reduce your data breach risk.