thumbnail image for blog post: Data Security 101

How Company Policy, ITAM, and ITAD Work Together to Keep You Secure.

Data security is a real and expensive threat that exists for all industries that manipulate or store data. The 2017 Ponemon Institute Study cites data breaches now cost US businesses an average of $7 million. These breaches are often accompanied by regulatory actions and fines that are extending past industry-specific regulations and into businesses in general.

When it comes to experiencing a data breach, it is more likely a question of “when”, rather than “if” for the majority of companies who access and store consumer information. But there's good news: there are steps you can take to save your company time, resources, and a considerable amount of stress.

How to Avoid a Data Breach

First, approach these potential data security pitfalls with a preventative attitude. Then, make use of the three core principles of data security to build a secure and reliable data security policy that will keep your organization’s sensitive data as secure as possible.

CORE PRINCIPLES OF DATA SECURITY

Effective data security relies on three core aspects of your business: company policy, proactive ITAM, and effective ITAD. Each of these aspects are equally important because no matter how a breach happens, its effects are the same in their severity. Careful consideration of these steps will help you build a secure and reliable data destruction policy that will help you avoid large fines, damage, time, resources, reputation, and loss of customer trust.

Establish Company Security Policies to Manage Employee Risks

The most efficient way to make sure your policies are effective is to conduct a risk assessment of your current state, create a security policy, and enforce that policy. Recommendations from an assessment will uncover your business needs and help establish policies for using, transporting, and storing data, allowing your organization to avoid needless threats. Accidental data breach covers the following types of security problems:

  • Misplaced laptops, external hard drive, or USB
  • Sharing sensitive email via fax, voicemail, or email
  • Improperly sanitized retired equipment
  • Improperly destroyed retired equipment

An important part of implementing a security policy is to train your employees to protect the data they have access to that may be at risk for a malicious data breach. Malicious data breach might refer to the following types of security problems:

  • Hackers mining for sensitive employee and customer information
  • Malicious employee misuse or profiteering
  • Theft

ITAM FOR DATA SECURITY

According to the Ponemon Institute’s 2017 Cost of a Data Breach Study, the average cost for each lost or stolen record containing sensitive and confidential information was $141 per record. Following careful practices will help you lower your IT cost and reduce security risks like those cited in the Ponemon study.

Information technology asset management is a set of business processes designed to manage the lifecycle and inventory of technology assets. It provides value by lowering IT costs, reducing IT risk and improving productivity through proper asset management. IT asset management (ITAM) has only existed as a formal set of business processes for a little over a decade, which is immature in comparison to typical business processes.

ITAD FOR DATA SECURITY

An easy target for malicious security attacks is off-network or retired IT equipment. If you do not proactively manage your end of life equipment, you are making yourself a target for a security breach. When you enter into the IT asset disposition process, you’ll need to select an option that fits your data security needs. You can choose to reuse, resell or recycle your equipment, but be aware of the risks involved with each option.

Clearing data securely destroys data and leaves equipment ready for reuse. Data destruction also assures the complete destruction of data and equipment with the added confidence of physical destruction. Because the return on investment can vary based on the equipment and the method you choose, choose a provider that can help you make the right decision.

Not all ITAD vendors are created equal, however. Look to government regulations and industry standards to help you select a responsible ITAD vendor. The right IT Asset Disposition vendor for you will answer all of your questions, lay out the disposition process clearly, and provide proof of industry and regulation certifications.


 

 

At SEAM, we specialize in risk mitigation surrounding end-of-use or end-of-current-use IT hardware and equipment. When a business needs to assess the current state of their IT equipment risks, SEAM can provide a consultative risk assessment and implement a secure IT Asset recovery and disposition (ITAD) program that guarantees complete sanitization or destruction of sensitive data in conformance with NIST SP 800-88 R1 standards. Contact us to get started.