Don’t let data breaches happen to you
Security breaches happen many different ways. Some organizations spend time, resources, and capital to protect data in their live networks – but neglect data security measures on their retired hardware.
IT asset disposition (ITAD) security measures are a step you shouldn’t ignore.
Negligence is a mistake you can easily avoid. Atlantix can show you how – and our MindSafe™ security offerings will protect you.
Data Security Factors
Look anywhere and you’ll see thousands of articles and guides preaching to you about how to prevent cybersecurity attacks. It seems we all know the importance of trying to keep intruders out of your IT infrastructure.
But what about the data safety risks when you retire your IT assets and they leave your organization?
Whether you’re moving to the cloud, virtualizing in your IT infrastructure, or doing a routine refresh – every project will create surplus technology you will need to move out of your environment. And IT asset management (ITAM) is a critical part of your overall technology strategy.
According to a recent article titled, Discarded IT Can Hurt You, the IT assets you’re getting rid of “may contain information such as:
- Application IDs
- Links to secure sites and information
- Personal data
- Financial data
- Healthcare information
- Private information
- Data on friends and relatives
- Intellectual property”
What would happen to you and your organization if the kind of information in the list above leaked?
Everyone knows to not let intruders into your network, but what about those IT assets leaving your building?
They also contain the data those intruders are trying to access!
There are a number of risks associated with data leaks, from financial, to judicial, to compromised reputation.
Your clients, customers, students, or patients rely on your organization to protect the personal information they share with you. Breaking this trust can have serious negative effects on your organization.
These hazards include:
- Loss of business/customers/students/patients
- Damaged reputation and costs of repairing it
- Costs of fixing the breach and implementing new initiatives
You don’t have to look hard to find horror stories about what can go wrong when IT asset disposition is done incorrectly.
Here are some examples from recent articles:
This article shares cautionary tales about how mistakes have cost the companies a total of nearly $1.23 billion and counting.
This article reports on how six unencrypted hard drives containing protected health information for 950,000 individuals went missing.
The title speaks for itself and reminds us that protecting physical devices is just as important as preventing cyber attacks.
Don’t be fooled into thinking only large businesses are targeted for data breach. This article shows how organizations of any size, across all industries, can be targeted and subsequently hit with huge fines.
We all prepared for the launch of GDPR, and now we’re starting to realize the breadth of its potential financial impact on data security.
This article cites research predicting data breach costs will grow at 11% each year.
According to this article, IT security budgets now average $18.9 million and the average cost of enterprise data breaches has risen to $1.41 million. Staggering numbers and a reminder that security flaws are simply unacceptable in today’s business climate.
As these articles make abundantly clear, you can’t afford any weakness in your security strategy.
If you don’t take into account data security in your IT asset disposition practices, you’re putting your organization at a huge risk.
In order to truly understand data security regulations, it’s important to know the regulating bodies, standards, and acts involved.
Here is a list of the main regulatory standards associated with or affecting data security:
From the PCI Security Standards Council:
“Guidance for maintaining payment security is provided in PCI security standards. These set the technical and operational requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.”
From the U.S. Department of Health & Human Services:
“Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.”
From the U.S. Federal Trade Commission:
“This Act… adds provisions designed to improve the accuracy of consumers’ credit-related records. It gives consumers the right to one free credit report a year from the credit reporting agencies, and consumers may also purchase, for a reasonable fee, a credit score along with information about how the credit score is calculated.”
From the U.S. Center for Disease Control:
“The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.”
“The Sarbanes-Oxley Act of 2002 is a federal law that established sweeping auditing and financial regulations for public companies.
Lawmakers created the legislation to help protect shareholders, employees and the public from accounting errors and fraudulent financial practices.”
From the U.S. Federal Trade Commission:
“The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.”
This helpful resource will help you fully understand the laws imposed in your state of business, no matter the size of your organization.
It's important to remember that a well-devised IT asset management strategy can alleviate your worries. Proper IT asset disposition services will ensure your data is secure and that you won't risk the repercussions involved with data breaches.