It is estimated that cyber crime will cost to $6 trillion around the world by 2021. It’s becoming difficult to keep up with the possible data security breaches that are looming around every corporation.
If we look at the Equifax data hack, we’ve learned that it’s paramount to protect customer’s information today. The public outcry is deafening, and the public is demanding something be done. University of Michigan Professor Erik Gordon, predicts Equifax’s settlement could be an upwards of $1 billion.
When we look at the meltdown from the perspective of Equifax, it could also be argued that they are a victim of a monstrous security breach. They did everything to could to keep information secure through the latest protocols available to them, and they invested heavily in data security, including hardware, software, and consultants to audit their procedures and install policies that keep hackers at bay.
Nevertheless, customer’s information was stolen.
Now, Equifax will have to pay over $1 billion for the data breach. The company did everything possible to block a breach, but still information was stolen from their systems.
Data breach via computer recycling
When it comes time to refresh IT equipment in the data center or office, the outdated equipment needs to be removed. What happens to the information stored on the equipment? Some companies erase drives internally, others hire a data destruction company to shred drives while others simply give the equipment away to an electronic recycler without any thought to the data.
In most cases, the outdated equipment has sat in an unsecured location such as an empty cubicle, office or even a corner in the warehouse awaiting data destruction. This is the time when data is most vulnerable. Being unsecured and obviously decommissioned, employees feel free to rummage through the pile. Laptops are taken for personal use or for gifts to family and friends. The information still resides on the computers creating a break in chain-of-custody and instant data breach.
Customer information is hackers for the taking:
1. Information is unsecured; no firewall or lock on the front door allowing authorized access to information
2. Employees take equipment for their personal use keeping whatever information resides on the computer
3. The information chain-of-custody is broken
Naturally, the public is infuriated that Equifax data breach exposed their personal financial information. What if it was found out that the company actually lost the data by carelessly giving old computer equipment loaded with customer information. Their anger would truly be justified.
What is a company to do to avoid an Equifax-like fate in the future?
1. Proper data destruction
2. Due diligence – NAID Certified
3. Written policies and procedures
4. Proof of destruction
The majority of the people reading this article will say, “it’s junk and nobody wants it.” That attitude is what makes IT recycling the weak-link in data security and the biggest liability to companies. E-Waste security needs to be an integral part of every company’s security features today.
You know the saying: One man’s trash is another man’s treasure. Don’t mistake your leftover IT equipment for trash today. It could end up being the treasure that destroys your multi-billion dollar operation. @