Twenty years ago, most employees just had a desktop computer and a landline in the office.
But the computer hardware landscape has changed dramatically – and as a result, so has business information security.
Today, everyone has a cell phone, a laptop or tablet, and often a desktop, even in a small business. They also use computerized systems to turn on lights and lock doors. With the rise of the Internet of Things (IoT), many employees are wearing computers in the office too.
It’s no wonder that hardware management was one of the emerging challenges for businesses identified by the 2016 Shred-it State of the Industry Report.
Small businesses especially are falling behind on policies and procedures. BDC Small Business Week, running October 16-22 across Canada, puts the spotlight on reducing these kinds of inefficiencies in the workplace.
Here are 5 security issues that affect hardware management and storage:
- Keeping track of data: Many businesses have no or only a partial system in place for controlling and tracking sensitive data, according to a 2014 Trustwave State of Risk Report. Schedule regular information audits to identify what confidential data your organization manages and where it resides. Then, implement document management protocols to improve business data security.
- Rise of Mobile devices: One survey by Bitglass showed that 68% of healthcare security breaches were due to the loss or theft of mobile devices or files. With the increasing reliance on mobile equipment, it’s important to have comprehensive protocols for protecting confidential information on all hard drives. Encrypt sensitive data whether in transit or storage, and provide on-going training so employees protect information and hard drives outside of the office. For example, never use public Wi-Fi for sensitive work information, always protect visible and stored information when travelling, and bring all digital media to the workplace for proper disposal.
- Old technology: Un-patched software is a huge security risk. Sometimes patches are simply not being applied or the manufacturer has discontinued support. The result is “an exploitable device in your network, waiting for attackers to use it to gain access to your data,” said an industry specialist. Implement a patch management program. If equipment cannot be updated, take it off-line and schedule secure destruction.
- Legacy Equipment: A lot of businesses stockpile old hard drives. But insider fraudsters may access them, the equipment may end being sent for (insecure) recycling, and/or it may be physically stolen. The Shred-it research showed that small businesses are more likely to wipe or degauss electronic devices in-house – but this does not guarantee that information is permanently destroyed. Data on old hard drives can be recovered with special software. Securely destroy old and broken-down hard drives.
- Destruction Protocols: Ensuring that legacy electronic devices are destroyed regularly is critical. But the research showed that 60% of small businesses dispose of hard drives, USBs and other electronic devices containing confidential information less than once a year or never. Follow best practices for data destruction, and partner with a professional destruction service for secure shredding.
Keeping work areas clear of clutter and vulnerable information will help reduce the risk of a damaging data risk.