The first step in fixing a problem is knowing that it exists. In each edition we feature a high profile data breach to show businesses how they can mitigate similar risks. This quarter we’re featuring Community Catalysts of California, Inc.
Community Catalysts of California, Inc., a non-for-profit organization who provides services and advocacy for people with disabilities and Veterans, learned that an unencrypted USB that may have contained client information was recently stolen from an employee’s residence. It is suspected that the stolen USB included names, addresses, diagnoses, date of birth, age, gender and/or telephone numbers for numerous current and former clients. No driver’s license, state identification, health insurance or financial account numbers were exposed.
What can you do: While USBs and other removable media, such as laptops or external hard drives, are convenient for their size and portability they can create significant security risks if not managed properly. According to the 2015 Shred-it Security Tracker 37% of US businesses surveyed have never disposed of hard drives, USB’s and other hardware that contains confidential information2. Considering how easily these portable devices can be lost or stolen, that translates into a lot of potentially confidential data that could fall into the wrong hands.
It is important the business leaders ensure their commitment to information security extends beyond printed material to include cyber security and the disposal of e-media and hard drives. As such, there are guidelines designed to safeguard the confidential information found on devices around the office:
- Perform regular clean-ups of storage facilities to avoid stockpiling unused hard drives
- Sign out all electronic storage devices, especially if they contain confidential data, to ensure they are being tracked at all times and never left for a passer-by to easily pick up
- Ensure employees lock their laptop to the desk and remember to lock their screen when they leave their desk
- Engage a third-party provider to destroy all unused hard drives including old laptops, smartphones, tablets and USBs
- Encrypt smartphones, tablets, external memory drives and laptops to ensure data remains secure even if the device is lost or stolen