The Frightening Impact of Theft, Loss, and Data Breaches

Posted by Frank Milia

Oct 15, 2013 7:29:00 PM

“Don’t panic, it’s only a data breach.”  Are those words that you would ever hear?  Certainly not, because when there is a data breach while panic may not be the optimal reaction it more often than not is the reaction. 

A data breach can cause shock waves through a company and even a community.  Just look to the example of Santa Clara Valley Medical Center who had to notify 571 patients that their information, including birthday, age, sex, and even specific medical results,  was compromised after a laptop had been stolen from their location in San Jose, California.  571 individuals concerned about identity theft and their information in the hands of criminals all because one laptop was stolen.  

According to information obtained by Symantec, theft or loss was the top cause for data breaches second to criminal hacking.  The study, done in 2011, revealed the combined statistics from theft and hacking resulted in over 200 million compromised identities.

Guys_On_HD

 

So if theft is number one and hacking is number two, it is safe to say that companies must defend themselves sufficiently against both aspects.  HR and the department heads of IT must consistently be planning and implementing procedures to mitigate risk from both loss and criminal activity.  From demanding that simple procedures be followed such as shutting down computers so passwords are required on start up, locking down offices after work hours, to training on the importance of keeping mobile assets secure everywhere they go, companies must arm themselves with every means possible to take care of data that is stored on-site at the firm.

As an IT Asset Disposal vendor operating since 1999 we have found that assets at time of disposal are at an increased risk to theft.  When assets are retired and not properly secured, stored, and accounted for negligence can lead to a low tech data breach in the form of missing, lost, and stolen media.

The first step to ensuring loss and theft does not affect your data security is to take accurate inventory of retired assets.  Once this is complete assets should be kept in a locked room or cage until sanitized or serviced by an approved disposal vendor.  For highly confidential media santization or destruction should take place prior to disposal of equipment. Receiving logs and inventory audit reports from disposal vendors should then be used to cross reference serial numbers to your firm's asset management records. Many companies may have excellent data sanitization processes but neglect the serious threat of theft prior to the completion of data destruction due to real estate, space, and other logistics obstacles.        

In the Ponemon Institute’s and Symantec’s Report "2013 Cost of Data Breach Study,"  the numbers regarding the costs associated with a data breach are frightening:

 

US Cost per Record:  $188

Average Records per US Breach:  23,647

Average US Data Breach Total Cost:  $4,445,636

Average Cost Due to Lost Business: $3,030,814

 

In response to these alarming figures companies can also mitigate risk by implementing a policy regarding data destruction using a firm that will monitor, guard, and provide proof of destruction through Department of Defense compliant data eradication methods.

The U.S. Department of Defense (DOD) has established a National Industrial Security Program Operating Manual that various Federal Government Departments must use including the Department of Defense, Department of Energy, and CIA. The program describes the methods and systems by which classified information must be secured. Through this data destruction protocol, information is kept secure from acquisition through destruction.

Disastrous results can be avoided through strict adherence to safety and security policies both on-site and after the sale of IT equipment.  Informing customers and employees of a data breach is the last thing any company wants to have to do.  Customers will be lost and employees’ trust will be diminished. To avoid these issues company heads must plan accordingly, take action, and choose wisely when selecting vendors to help with security needs.

 

 

Looking for More Info On Best Practices for EOL Equipment?

 


Download 5 Data Destruction Tips

 

more

Topics: data destruction, data breach, Computer Liquidation, hard drive shredding, IT Asset Disposition

World’s Biggest Physical Data Breaches: Visualized

Posted by Steve Bossert

Sep 18, 2013 4:43:30 PM

Ever hear of this thing called “big data”?  It is hard to visualize reams of information and how to make them useful, especially when it comes to understanding all the different kinds of data breaches and industries most effected. Creative engineers and information designers are helping the masses better make use of all this information available to us today.

There is an excellent project that the inventor of one of our favorite internet and mobile games has been working on that helps highlight this growing problem by illustrating just how much is at risk regarding data breaches.

What does this all mean?

Ever wonder how many recorded data breaches have taken place in the financial sector in the last five years?  Or, how about the number of records over 30,000  that have been compromised due to the theft of stolen media or a stolen computer?

zzzzzz

ITAMG helps our clients protect themselves from physical data breaches that often happen when desktops, laptops, servers and even printers are retired from active use. The healthcare, academic and financial industries make up a large part of our business.

Quick Analysis

  • Academic & financial institutions seems to have tightened their security since the mid 2000 – or become less attractive targets
  • Gaming sites, cumulatively, account for the biggest data breaches
  • Healthcare is truly truly leaky – a very worrying trend – with over 50% of the breaches coming from stolen or lost computers
  • Accidental publishing seems to be a growing trend – recently with Facebook granting inadvertent access to 6 million records

David’s work can be explored here and the full range of ITAMG services offered that can help your organization not show up in the dataviz can be read about on the ITAMG website, our LinkedIN page or even our exclusive BBM Channel (C000D71D4).

more

Topics: IT Asset Disposal, data security, IT End of Life Strategy, data destruction

The Repercussions of the Poor Electronic Recycling Decisions of our Past

Posted by Frank Milia

Sep 18, 2013 4:35:39 PM

The government, corporations, and citizens in the United States have a higher awareness than ever before for the necessity to properly recycle electronic waste. Although there have been positive results from educating and regulating the electronic waste producers, collectors, and recyclers a great threat still remains.

In a recent New York Times article by Ian Urbina “Unwanted Electronic Gear Rising in Toxic Piles” the increased concern that electronic waste is being improperly handled is well documented. The article exposes a practice by electronics recyclers that promote their brand by deceiving clients with false claims of legal and ethical recycling procedures. In reality, these recyclers separate out valuable material and then stockpile, carelessly discard, or illegally export the remaining toxic waste

13737975_xl_electronic_waste

Cathode-ray tube (CRT) monitors and televisions are currently the largest threat to our environment from electronic waste. CRT products have a high cost of collecting, processing, separation, and of down-stream disposal of the toxic lead glass. Because of the high costs associated with properly dismantling and recycling electronic waste, the U.S. government has developed programs and incentives for recycling companies to collect and process the material. Many states also require manufacturers to provide “take-back” programs, which are typically contracted out to recycling companies.

Some recycling companies have taken advantage of these incentives and OEM contracts and are now stuck with product they cannot afford to process and in turn are abandoning warehouses full of electronic waste, land-filling the material, or exporting it illegally and then shutting down the business to restart under a new brand.

Ian Urbina claims that the federal government alone is disposing of 10,000 computers a week, and even many of their own disposal practices have been taken advantage of by parties who undertake fraudulent or illegal actions handling the waste. The burden of solving this problem is on the generators of the waste, all of us, to take the time to seriously investigate how our electronic waste is being handled.

There are some practices leading IT business decision makers can utilize in order to avoid contributing to criminally reckless recycling vendors.   Every IT department should have a written disposal policy that includes data security, environmental and social policy, a list of approved and qualified vendors, and methods for tracking the disposal of regulated electronic waste.

A qualified disposal vendor should be one that can provide verifiable data and tracking of the receiving, processing, and downstream recycling of material. Vendor selection should be made not only according to third party certifications (R2, ISO 14001, BAN etc.) but from evaluation of a vendor’s software reporting tools and transparent access to the recycling vendors’ processes, procedures, and physical facilities. Demand the same level of sophistication from an IT asset disposal vendor that you would from any other technology partner.

The past choice that some have made to utilize fly by night recycling outfits or select vendors without performing due diligence is one that will negatively affect our environment for years to come. The abandoned stockpiles of CRT monitors will be monuments to our collective poor oversight.

Today is a day to reflect on our past decisions and to pledge that we will do everything we can to ensure our electronic waste is processed in an ethical, secure, and environmentally sound manner.

more

Topics: IT Asset Disposal, IT services, data destruction, ITAD, data breach, technology vendors, education & tips, computer hardware

   

ITAD Guidance

Stay informed on important IT asset management topics.

Our posts focus on IT management, data security, and computer hardware from the unique perspective of IT asset disposal experts.

Subscribe and you will stay on top of:

  • IT procurement trends and analysis
  • Data security methods and best practices
  • Compliance tools and updates

Subscribe to Email Updates

R2-2013_Logo.png

Recent Posts

Visit our Main Site at: www.itamg.com