Using ITAD and Data Erasure to Keep Your Company out of the Press
Data leak stories inspire terror in all but the most stoic IT executives. While data security measures are improving, data leaks are still a very real problem. 143 million people were left vulnerable when Equifax’s systems were breached from May to July of this year. Hackers had access to all sorts of sensitive personal information.
The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people.- Federal Trade Commission
This post will go over best practices for both data protection and data erasure, as well as some services which may help you to secure your data more effectively to ensure your company can avoid a costly data leak.
Identify Your Data
The first step in creating a migration plan and protecting sensitive data is to identify which data is sensitive in the first place. Data Loss Prevention(DLP) software, a vital component of most data protection strategies, is heavily reliant on data being sufficiently categorized and identified.
Organizing and Categorizing Data
Classifying enormous amounts of data isn’t anybody’s idea of a good time. No need to feel overwhelmed by the massive task at hand though, as it can be a gradual process. Start with the small modules and work your way to more crucial endpoints of the network. This will ease your employees into learning the process before a more comprehensive evaluation. A review of initial results is a good idea after the beginning steps are completed.
Encrypt Your Data
Encryption puts another layer of safety between you and hackers. If Equifax would have taken this extra precautionary step it would have made the data leak insignificant, as the data would have been rendered unreadable. If your data has been encrypted and the keys are secure, even if it’s stolen, the data is still safe. While encryption is far from impervious, it is still one of the better ways to secure your data and far better than not having encryption for sensitive data.
Encryption is best utilized at various points throughout your network, especially data at rest or in transit. With a solid encryption strategy in play, even more sophisticated hacking attempts can be turned away to avoid a data leak. The organization is also guarded against improper data erasure practices. Even if sensitive data is left on discarded drives and found by prying eyes, encrypted data will be safe from exposure.
Monitor Your Data
Monitoring data usage and transfer can alert enterprises to a breach before it ever happens. Most hacks are not rapid events. Target’s data breach took just under a month to complete, and Equifax’s took over two months. By monitoring existing, harmless data usage, it becomes easier to filter out the data usage that doesn’t fit existing patterns. Monitoring the movement of sensitive data is especially important to lend insight into potential holes in a DLP strategy. It’s also easier to ensure proper data erasure when the organization knows where critically data is housed. ITAM solutions can be useful for this.
The points where your data leaves the network are more vulnerable to attack and the biggest liability for causing a data leak. Bring Your Own Device (BYOD) is a growing policy, and it will only make endpoint management more vital, as every device adds another endpoint and potential risk factor. Use a DLP software which monitors and acts specifically at endpoints. Gartner provides an overview of the current best DLP softwares.
BYOD introduces a whole new element of difficulty. Device users can be strewn across different locations. They can also be using many different platforms to access your network. A central point of control allows a holistic view of your network, regardless of how many locations and devices are using it. Without it, a leak may take months to detect before anyone realizes that an endpoint was compromised.
Additionally, with all potential endpoints identified, data erasure for at risk employee devices is easier to maintain. Any at risk retired equipment can be committed to proper data erasure, not the trash can at home where it can end up anywhere and in the hands of anyone.
Secure the Human Element
With systems growing in security and complexity, the most vulnerable points are now the humans operating them, not the systems themselves. It doesn’t matter if you have the most effective key encryption system in the world if your employee hands the keys to the kingdom over to the hacker themselves. Consistently reaffirm the policies you put in place with your employees. Put responsibility in their hands to help other employees adhere to these policies and foster a culture of diligence in your company.
Don’t forget about the Junk
Consistent Data Security: The Best Prevention
Data security doesn’t end when your equipment is retired, sometimes even if you’ve already performed data erasure. Even data that has been “wiped” can be recovered if not every bit has been overwritten with a 0. Don’t spend years securing your data only to throw it out and be taken down by a dumpster diver because of sloppy data erasure.
Another point of vulnerability is during data center moves. During data center decommissioning or data center liquidation operations, it can be easy to lose track of data and expose vulnerabilities. It’s in your best interests to work with an ITAD company that has experience in data security when planning a data center operation.
Proper data erasure doesn’t have to be a hassle or an expense. In fact, Exit Technologies will pay you for your leftover equipment and wipe it with R2 certified confidence that even government agencies trust.
Have something to add? Let us know your thoughts in the comments below!