Redundant hardware proving a data risk for businesses
As data proliferates within businesses— and across their devices— data sanitization is becoming crucial. Organizations without proper procedures or a long term plan to dispose of obsolete data and fulfill retention requirements are at risk of falling foul of cybersecurity flaws.
Organizations will not only suffer from the loss of sensitive data but also face vast sums amounting to millions of dollars, such as the fine faced by hospitality giant Mariott.
However, before CIOs and IT teams gather to devise the ultimate data-clearing plan, a survey of close to 2,000 senior leaders from the world’s largest enterprises showed 73 percent agree that the abundance of outdated equipment leaves companies vulnerable to data security breaches.
The growing concerns arise from the employment of inappropriate data removal techniques, keeping end-of-life devices, and failure to discard them within a suitable time frame and an absence of a record for outdated data.
Poor practices in data sanitization
About one-third of respondents have employed data destruction approaches such as formatting, overwriting data with free software tools or paid software-based tools without certification, manual destruction (shredding and degaussing) without an audit trail.
The listed approaches to a certain degree remove data and its residues but are still far from ideal, as it provides opportunities for data to be compromised. However, a minimal yet worrying four percent with no methods to sanitize data are at the highest risk.
Along with outdated equipment, stockpiling devices for cleansing in the future also increases the risk of a data breach. In the survey, 80 percent of all enterprises are found to have a stockpile of about 400,000 unused equipment. That’s about 272 devices per company, stored away and waiting to be cleansed.
Most importantly, many organizations are unaware of the exact number of devices on their premises and this creates an additional layer of risk. About half (57 percent) of organizations take more than two weeks before processing equipment.
In the end, the prolonged data cleansing procedure will leave the remaining data vulnerable and susceptible to security risks. Lastly, a poor practice of data wiping is not keeping a record of end-of-life asset trail such as the transportation to and from an offsite destruction facility.
YOU MIGHT LIKE
Can biometrics protect SMEs from data breaches?
An absence of record-keeping and verification place companies in a compromised position when external parties are in control of valuable assets. Statistics revealed 17 percent do not have an audit trail for end-of-life devices sent for data cleansing and 31 percent do not record the drive serial number.
The lack of monitoring in custody control means organizations are at risk of data breaches and non-compliance. As mentioned earlier, the absence of a secure and holistic data management plan is unimaginable at a digital era where data is a valuable asset.
Solutions worth considering
Organizations need to consider their risk tolerance when choosing a data sanitization method. Instead of making a 180-degree change in data cleansing, enterprises can consider exerting more control and presence in the process of handling redundant data to minimize the risk of a data breach.
For one, companies can keep track of device management by having a clear chain of custody in data destruction, such as using a certified data erasure service. Automation can also play a significant role when integrated into asset management solutions to increase efficiency and streamline data cleansing. Essentially, it reduces costs and risks of human error in leaving data in the open.
These measures aren’t a foolproof plan whereby risks of data breaches are completely eliminated. Instead, these are essential steps to lower the chances of a data breach and maintain the company’s reputation of handling valuable data and assets efficiently.
6 April 2020
3 April 2020