August 30, 2016

Studies Show Hard Drive Security Has Never Been More Important

“In this world nothing can be said to be certain, except death and taxes” – and cybercrime.

Cybercrime and the cost of data breach have become permanent risk factors today for all size organizations.

In the Cybercrime Global Economic Crime Survey 2016 by PwC, cybercrime rose from 4th to 2nd place on the most-reported types of economic crime list. Reputational damage was the most damaging impact followed by legal, investment, and/or enforcement costs.

According to the Cost of a Data Breach 2016 report by Ponemon and IBM, the likelihood of a data breach involving a minimum of 10,000 records was estimated to be approximately 26% over the next two years.

In the report, the average cost of a data breach in total increased from $3.79 to $4 million for the 383 companies surveyed across 16 industries in 12 countries. The average cost paid for each lost or stolen record containing sensitive information increased from $154 in 2015 to $158 this year.

There’s now a concern that the mobile workforce will increase data security vulnerabilities – and challenges – even more.

More workers than ever are using laptops, smart phones, USBs and other devices outside of the traditional office environment. The International Data Corporation has forecast the U.S. mobile worker population to reach 105.4 million and account for nearly 72.3% of the total U.S. workforce by 2020.

How can an organization better protect its digital data?

Policy

  • Create a culture of security throughout the organization so that security is second nature for everyone.
  • Participate in threat-sharing programs – the Cost of Data Breach report showed that this could reduce the cost of a data breach.
  • Limit the type of documents that can be removed from the office.

IT Safeguards 

  • Utilize firewalls, use encryption, and activate passwords on all devices.
  • Access other data loss prevention controls such as endpoint security solutions (this also reduced the cost of a data breach in the Ponemon study).
  • Incorporate all new forms of electronic media into the organization’s information security policy.

Training

  • Schedule on-going training so employees understand best practices for protecting digital confidential information.
  • Provide specific training to the mobile workforce. Best practices include not leaving mobile devices and USBs s in vehicles, hotels, coffee shops, etc., using secured networks, protecting passwords, locking devices, and being mindful of apps installed.

Physical Security

  • Regularly clean out storage facilities so that obsolete electronic devices are not stockpiled. Even if devices are wiped or information is deleted, special software can be used to recover data.
  • Protect visible information on screens from passers-by.
  • Implement a Clean Desk Policy.
  • Turn off computers when finished using them – otherwise, they’re connected to the Internet and are vulnerable.

Information Destruction

  • Before securely destroying hard drives, back up data and transfer files.
  • Destroy all unused hard drives using a third-party provider that has a secure chain of custody and confirms destruction.

Destroying obsolete hard drives does not mean that materials cannot be recycled too. A best-in-class information security partner will provide secure recycling too.