Equifax Data Infringement
Given the magnitude of the recent Equifax data breach, IT professionals and compliance experts across the country are revising company data security standards and practices. Many are examining a variety of questions, including:
- What happens data when a device is retired?
- Do I still have responsibility for the equipment containing that information?
- How crucial is IT asset disposition (ITAD) in data security?
The consequences of not practicing proper security and disposal techniques are detrimental, not exclusively to the organization’s bottom line, but also for personal security reasons. IT professionals must ensure that all assets are properly decommissioned before being sent off for destruction. This is an imperative step in the IT asset life cycle, as failing to adhere to this process leads to exorbitant and dangerous breaches of confidential information.
Data Breaches are a Pricey Mistake
Re-establishing trust after an incident, such as data infringement, is especially challenging. Not only does it take effort to rebuild the reputation of the affected company, but there are tangible financial losses associated as well. Repairing any harm that has been done to public opinion is critical for regaining credibility, and restoring confidence in the business.
Data breaches have been a growing concern in the 21st century, impacting an estimated 5 billion users. The financial implications of these events can be severe, with the typical data breach now costing companies about $4 million. This figure represents an average of 25,575 records at an approximate rate of $150 per record.
Some industries such as the health care sector, are hit even harder due to the high cost of each record, $429 on average, according to the HIPAA Journal.
ITAD Processes
Once IT hardware has reached the end of its life, it must be destroyed in a way that is secure and compliant. This involves up-to-date security protocols, education for users, system updates, physical destruction of documents, data backups, and the proper disposal of all assets. Servers and hard drives may still hold confidential information, which needs to be safeguarded in accordance with industry regulations.
When it comes to ITAD operations, there are very specific mandates and standards that must be closely adhered to. The NIST 800-88, PCI DSS, and ISO 27001, are all security protocols for the disposal of digital media, such as hard drives. It is up to company IT managers to decide how exactly this data should be destroyed, determining a plan of action, and ensuring that is is carried out correctly.
Regarding data destruction, there are a few major factors that need to be considered. Firstly, it’s important to classify information according to its worth, legal requirements, sensitivity, and organizational needs. Then, businesses can look at the value of the information and IT assets in question, to determine which data destruction process is best for the company and its stakeholders.
Selecting an ITAD Provider
Data security must be the top priority when contemplating an ITAD service. However, asset disposition should also be seen as a way to optimize IT budgets. Just like its key role in preventing data breaches, the value recovery of IT assets ought to be utilized when budgeting and managing resources.
For those in need of an ITAD partner, it is essential to consider the following:
- Certification: Opt for a vendor certified by the National Association for Information Destruction (NAID), Phoenix.
- Competitive bidding: Look for organizations with extensive connections within the IT industry, so they can offer precise valuations on equipment.
- Compliance: Make sure that your chosen vendor comprehends your sector’s compliance regulations, and provides you with appropriate documentation upon job completion.
- Responsible disposal: All waste and scrap must be lawfully discarded, never exported or placed in a landfill.
Having a thorough comprehension of ITAD services can help one become an environmentally conscious citizen, fortify data security, secure a company’s image, increase ROI, and generate more profit for businesses. As technology continues to advance, it is critical that individuals and corporations utilize IT asset disposition services at the forefront of IT asset management.