The Data Breach That’s 100% Avoidable.
Five Major Points Data Thieves Hope You’re Unaware of.
Written By Lisa DeMarco, CMO - Pupfish Sustainability Solutions
Originally published by HIA-LI for The Reporter on 07.16.2021
Whether you’re working from a corner office, home office, or a hybrid of both these days, you likely rely more heavily on technology than ever before. As a result, sensitive data such as social security numbers, bank account and credit card details, healthcare records, payroll information, and other privileged information is exchanged at lightning speeds and saved to the hard drives inside the computers, servers, scanners, printers, and other IT assets we use each day. While data-conscious organizations allocate significant budgets each year to safeguard data, employing costly security measures designed to defend against a cyber-attack, they often leave themselves and those who trust them with sensitive data, vulnerable to a catastrophic breach long after retired computer equipment is out of sight and mind.
It’s critical to understand just how valuable this data is to the criminals who know how (and where) to access it. These same cyber-criminals are counting on your lack of technical knowledge when it comes time to retire and replace the technology in your home and office. In fact, there are five major points data thieves hope you’re unaware of.
1. A data breach due to unsound data disposition practices is the one type of data breach that is 100% avoidable if the appropriate steps are taken, and usually costs less than $10-15 per hard drive to prevent. Penalties for improper data disposal have reached $60 million, imposed on an Investment Bank by the US Treasury Dept. for engaging in unsafe or unsound practices relating to information security and noncompliance; brought about by inadequate ITAD (IT Asset Disposition) policies and procedures.
2. Sensitive data isn’t just stored on laptop and desktop computers. In fact, cell phones, tablets, printers, scanners, copiers, and servers all contain hard drives or memory centers where data remains until it is effectively destroyed. These devices are frequently discarded at the end of their lifecycle, leaving a business vulnerable to an unforeseen data leak. Data thieves search for these items at curbside, in landfills and often purchase these retired assets from reckless resellers, hoping hard drive data has not been adequately destroyed.
3. Deleting and/or reformatting a hard drive only frees up storage space and does nothing to eliminate the data stored to the drive, which remains recoverable even after the equipment is retired.
4. Hammering, drilling, smashing, setting fire to, or even shooting at a hard drive or any other electronic media will not permanently erase data, even if it’s been deleted or reformatted. Unless it has been destroyed according to the strict data destruction guidelines set forth by NIST, the National Institute of Standards and Technology and NAID, the standard-setting body advocating for best practices in secure data destruction, that data remains recoverable and can expose your business to a catastrophic data breach and the substantial penalties attributable to it.
5. Businesses of all sizes, in every industry, must adhere to industry-specific regulatory compliance laws pertaining to data privacy and data destruction, in addition to some of the more general data privacy regulations such as the Identity Theft and Assumption Deterrence Act, and Payment Card Information Security Standard (PCI). These laws are in place to ensure sensitive data is properly destroyed, mitigating the risk of a data breach computer equipment has been retired. These industry-specific regulations include:
Financial Industry Regulatory Authority (FINRA)
Gramm-Leach-Bliley Act (Financial Services Modernization Act)
USA Patriot Act (Bank Security Act)
Sarbanes-Oxley Act (SOX)
Homeland Security Information Sharing Act (HSISA)
Health Insurance Portability and Accountability Act (HIPAA)
Health Information Technology for Economic and Clinical Health (HITECH)
Family Educational Rights and Privacy Act (FERPA)
A simple internet search will reveal just how easy it is to fall victim to a hard drive breach, perhaps your own sensitive data has been compromised in such a way. While we don’t have to look far for examples, these events are almost always avoidable and there are inexpensive measures that can be taken to mitigate the threat of such a breach. Partnering with an IT Asset Disposition firm like Pupfish Sustainability Solutions will ensure your business meets data destruction requirements, maintains industry-specific regulatory compliance, and achieves corporate social responsibility goals, mitigating your risk, shifting the liability, and providing you with the certification you’ll need in the event of an audit.
Providing Data Destruction, Electronics Recycling, and IT Asset Liquidation services, Pupfish Sustainability Solutions is a full-service IT Asset Disposition firm operating within Long Island’s rapidly advancing technology space. Offering seamless IT Asset Management integration, Pupfish partners directly with your Managed IT Service provider or operates as an extension of your own IT department to help develop or execute your ITAD Plan. Pupfish follows the strict data destruction guidelines set forth by NIST, the National Institute of Standards and Technology and NAID, the standard-setting body advocating for best practices in secure data destruction. All services are performed at their facility located in the Hauppauge Industrial Park and are never sent to a third party for hard drive sanitization, degaussing, or hard drive destruction. Pupfish understand the risks associated with a catastrophic data breach and invites clients to physically accompany IT assets to their Hauppauge location to maintain chain of custody and witness the data destruction process either physically or virtually.
To safeguard your data, ensure your business maintains industry-specific regulatory compliance, and achieves corporate social responsibility goals, or to learn more about data destruction and electronics recycling, call 631.403.1100 or visit www.PupfishUSA.com today.