Data Security
Don’t let data breaches happen to you
Security breaches happen many different ways. Some organizations spend time, resources, and capital to protect data in their live networks – but neglect data security measures on their retired hardware.
IT asset disposition (ITAD) security measures are a step you shouldn’t ignore.
Negligence is a mistake you can easily avoid. Atlantix can show you how – and our MindSafe™ security offerings will protect you.
Data Security Factors
|
ITAD: The Other Data to Secure
Look anywhere and you’ll see thousands of articles and guides preaching to you about how to prevent cybersecurity attacks. It seems we all know the importance of trying to keep intruders out of your IT infrastructure.
But what about the data safety risks when you retire your IT assets and they leave your organization?
Whether you’re moving to the cloud, virtualizing in your IT infrastructure, or doing a routine refresh – every project will create surplus technology you will need to move out of your environment. And IT asset management (ITAM) is a critical part of your overall technology strategy.
Find out how our MindSafe security services will protect your sensitive data.
According to a recent article titled, Discarded IT Can Hurt You, the IT assets you’re getting rid of “may contain information such as:
- Passwords
- Application IDs
- Links to secure sites and information
- Personal data
- Financial data
- Healthcare information
- Private information
- Data on friends and relatives
- Databases
- Intellectual property”
What would happen to you and your organization if the kind of information in the list above leaked?
Everyone knows to not let intruders into your network, but what about those IT assets leaving your building?
They also contain the data those intruders are trying to access!
Identifying Costs and Risks
There are a number of risks associated with data leaks, from financial, to judicial, to compromised reputation.
Your clients, customers, students, or patients rely on your organization to protect the personal information they share with you. Breaking this trust can have serious negative effects on your organization.
These hazards include:
- Fines
- Lawsuits
- Loss of business/customers/students/patients
- Damaged reputation and costs of repairing it
- Costs of fixing the breach and implementing new initiatives
You don’t have to look hard to find horror stories about what can go wrong when IT asset disposition is done incorrectly.
Here are some examples from some articles:
The biggest data breach fines, penalties and settlements so far
This article shares cautionary tales about how mistakes have cost the companies a total of nearly $1.23 billion and counting.
Hard Drives Lost, Affecting Nearly 1 Million
This article reports on how six unencrypted hard drives containing protected health information for 950,000 individuals went missing.
Stolen Hard Drive Contained PHI of 76,000 Texas Patients
The title speaks for itself and reminds us that protecting physical devices is just as important as preventing cyber attacks.
If the Data Breach Doesn’t Kill Your Business, the Fine Might
Don’t be fooled into thinking only large businesses are targeted for data breach. This article shows how organizations of any size, across all industries, can be targeted and subsequently hit with huge fines.
GDPR’s Big Moment Has Just Arrived – With a $228 Million Data Breach Fine
We all prepared for the launch of GDPR, and now we’re starting to realize the breadth of its potential financial impact on data security.
Rising Fines Will Push Breach Costs Much Higher
This article cites research predicting data breach costs will grow at 11% each year.
Data breaches now cost companies an average of $1.41 million
According to this article, IT security budgets now average $18.9 million and the average cost of enterprise data breaches has risen to $1.41 million. Staggering numbers and a reminder that security flaws are simply unacceptable in today’s business climate.
As these articles make abundantly clear, you can’t afford any weakness in your security strategy.
If you don’t take into account data security in your IT asset disposition practices, you’re putting your organization at a huge risk.
Don't become a statistic. Learn how MindSafe security services will protect you here.
Understanding the Regulatory Standards
In order to truly understand data security regulations, it’s important to know the regulating bodies, standards, and acts involved.
Here is a list of the main regulatory standards associated with or affecting data security:
Payment Card Industry Data Security Standard (PCI)
From the PCI Security Standards Council:
“Guidance for maintaining payment security is provided in PCI security standards. These set the technical and operational requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.”
The Health Information Technology for Economic and Clinical Health Act (HITECH)
From the U.S. Department of Health & Human Services:
“Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.”
The Fair and Accurate Credit Transactions Act (FACTA)
From the U.S. Federal Trade Commission:
“This Act… adds provisions designed to improve the accuracy of consumers’ credit-related records. It gives consumers the right to one free credit report a year from the credit reporting agencies, and consumers may also purchase, for a reasonable fee, a credit score along with information about how the credit score is calculated.”
The Health Insurance Portability and Accountability Act (HIPPA)
From the U.S. Center for Disease Control:
“The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.”
Sarbanes-Oxley Act (SOX)
From TechTarget:
“The Sarbanes-Oxley Act of 2002 is a federal law that established sweeping auditing and financial regulations for public companies.
Lawmakers created the legislation to help protect shareholders, employees and the public from accounting errors and fraudulent financial practices.”
Gramm-Leach-Bliley Act (GLB)
From the U.S. Federal Trade Commission:
“The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.”
Data Breach Laws by State
This helpful resource will help you fully understand the laws imposed in your state of business, no matter the size of your organization.
It's important to remember that a well-devised IT asset management strategy can alleviate your worries. Proper IT asset disposition services will ensure your data is secure and that you won't risk the repercussions involved with data breaches.
