The Age of Data
In 2017, The Economist published an article entitled, "The World's Most Valuable Resource is No Longer Oil, but Data" which made the saying, "Data is the new oil" more commonplace.
Businesses today are reliant on data analytics to make important and strategic decisions.
Gartner defines 'Data and Analytics' as: The management of data for all uses (operational and analytical); The analysis of data to drive business processes and improve business outcomes. Achieved through more effective decision making and enhanced customer experiences.
In IT, big data is important to gain deeper insights, facilitate decision-making, and process automation.
In Finance, digital assets that are uniquely identifiable could help organizations attain value.
Data breaches and cyberattacks continue to rise because of data's increasing value. New laws and regulations expect businesses to invest in proper infrastructure to protect their most important asset — their proprietary data.
6 Pillars to a Strong Data Security Strategy
Strategize for an effective data security plan in your business's blueprint
- Meet Legislative Standards: The starting point for any information security strategy is to meet legislative and regulatory standards.
- Instill a Culture of Ownership: Ensure that information security is part of your work culture. Data protection is everyone's responsibility, not just the CIO.
- Protect Your Assets: Protect all data and information that comes through your business. It must be treated as important as any business asset.
- Treat Your Devices as 'At-Risk': Protect all data on any removable devices, storage media, and mobile as they should be regarded as potential breach risks.
- Maintain an Inventory: Keep a close inventory of your company's important digital assets and monitor its chain of custody.
- Don't Underestimate Human Error: Know that a data breach can happen because of outsider and insider threats. Your employees could potentially cause a breach through ill-intentions or even classic human error.
What Happens to the Data in Your Media Devices?
Your equipment has a lifespan.
All of your IT equipment, hardware, software, and varied devices have a lifespan. They either have short lifecycles, require regular maintenance and upgrading, or are no longer relevant. You'll need to have an IT asset lifecycle plan as part of your core strategy to protect the sensitive data your devices carry.
Gain peace of mind by ensuring that any data stored in your hard drives are completely erased and 100% irretrievable. That will guarantee your valuable data does not fall into unwanted hands.
Is 'Delete' enough?
The common misconception is that you can "permanently" delete data using minimal means. Many assume simply deleting, emptying 'trash', or reformatting a hard disk is enough. Although the files no longer appear on screen, it does not mean they cannot be retrieved using readily available forensic tools.
The Covid-19 pandemic and data breach news have pushed the need for compliant security solutions to the forefront. As an IT asset lifecycle partner, we understand your need for answers. And we know how this can be an overwhelming and confusing time for any venture, both in its short and long-term effects.
What to Include in Your IT Asset's 'Department of Defense'?
When looking for data security solutions for any business, the more common security solutions includes platforms, apps, and encrypted software for the following:
- Mobile
- Cloud Data
- Data Encryption
- Email
- Hardware Security Modules
- Web Browser
- Payment Services
All of the above are necessary to help protect your day-to-day transactions and communications, especially in the short-term. However, when strategizing your business for long-term security and growth, you'll need to plan ahead and apply big picture thinking. The data security solution that would fall in this category is holistic enterprise data protection.
3 Key IT Asset Lifecycle Management Processes
Here are key processes you can introduce into your business strategy:
- Audit your IT assets regularly
- Securely erase and destroy data
- Have a responsible disposal plan
Audit Your IT Assets Regularly To Monitor Your Equipment's Chain-of-Custody
Conducting a regular audit is critical to help you evaluate and validate your assets. An IT asset audit is one form of data loss prevention. If your assets are not accounted for, it could do more harm than good to your business.
You can quickly evaluate your equipment's value depreciation and lifecycle. Doing so regularly will aid your accounting processes, protect from unauthorized access, prevent theft, and monitor for quality control.
Avoid Unauthorized Access by Erasing or Destroying Your Storage Devices
Following the latest security standards, you should aim to Clear, Purge, and Destroy to ensure all of your stored Data is completely removed and non-recoverable.
The National Security Agency (Neuberger, 2020) recommends incorporating a holistic data sanitization practice where devices are physically destroyed, degaussed, or securely erase stored data, and remove all external labels, markings, including internal activity logs.
Have an Ecologically Responsible Disposal Plan in Place
Sustainable methods are more than simply recycling. More often than not, irresponsible disposal practices throw high-risk and high-value IT assets at unsecured facilities, i.e. landfills and scrapyards.
Rotting waste from landfills create methane, a greenhouse gas that is far more potent than carbon dioxide. The gas leaks, enters the atmosphere, and contributes to global warming. This pollution can be avoided altogether by working with certified ITAD vendors who can supervise the downstream processes.
The Data Breach Scandal That Affected and Cost Millions
Morgan Stanley's (ongoing) Lawsuits for IT Asset Disposal Mistakes
Morgan Stanley faced 2 class-action lawsuits alleging negligence and invasion of privacy. They have repeatedly failed to properly decommission their IT assets in 2016 and 2019.
According to the OCC, the bank failed to do the following:
- Failed to adequately assess risks associated with decommissioning its hardware;
- Failed to adequately assess risks of subcontracting the decommissioning work;
- Failed to exercise adequate due diligence in selecting a vendor and monitoring its performance;
- Failed to maintain appropriate inventory of customer data stored on the decommissioned hardware devices.