Your next data breach: It’s not if, it’s when
We have all seen pictures of documents stamped “Top Secret” and “Eyes Only”. We’ve seen couriers carrying documents in briefcases handcuffed to their wrists. These are paper documents being protected so only the properly authorized can see them. So much attention is placed on paper documents that offices have invested in high security shredders. Some agencies and companies even use “burn bags” and others secure documents in locked receptacles for future shredding.
Protecting and shredding paper, in reality, is just a false sense of security. Focus needs to come off the paper and be directed at the source of the document. Unless it was handwritten, the document was generated electronically and in 99% of cases the data still resides on a hard drive or other media. The electronic media is where the focus needs to be, not the paper.
Today’s hard drives contain tens of thousands of documents, putting an overwhelming amount of information in a small and easily concealed device. Hard drives need to be treated the same way “Top Secret” paper documents are handled. Agencies and corporations must initiate proper safeguards, procedures and protocol to protect these data rich and vulnerable hard drives.
Many Federal Agencies, and private and public companies that recognize the risk of data compromise from electronic media direct their media to their internal IT department for destruction. Unfortunately, in many IT departments hard drives and other data containing media become orphans receiving low priority for data destruction. As a result of these lax safeguards, a high risk of theft and compromise exists. Having such a loose policy in place guaranties that data containing media will receive limited attention from a department that’s primary mission is not the destruction and security of retired hard drives and data containing media.
If you can’t trust your own IT department to protect your secure data, then who do you trust? Third party specialists are providing the solution, plus they offer several advantages to in-house IT procedures. Steve Chafitz, President of e-End, a Frederick, MD company specializing in secure data destruction noted that when using a third party, “It places the responsibly plus the care, custody and control of data destruction into the hands of professionals who have electronic data destruction as their primary mission. It also provides a verifiable, defendable and auditable record of the destruction of the data.” Chafitz also added, “We have found that most companies still focus on paper and they forget about where the data actually resides.”
Although most companies are aware of numerous federal regulations requiring them to safeguard and properly destroy electronic data, apparently many have not taken the time to implement proper policies to protect data stored on electronic media. Chafitz concluded, “Without proper safeguards, it’s not if, it’s when you will have a data breach.”