Legal & Security Risks Part 1: Data Breaches & Prevention
Over the next few months we will be posting a blog series on Legal & Security Risks that relate to IT Asset Disposition. We’ll educate you on what they are, show you how to identify them, and inform you on how to protect yourself against them. This post is the first in an 8-part series.
According to a Ponemon study, 70% of data breaches come from off-network equipment. This is equipment that has been decommissioned, misplaced, or stolen. However, the vast majority of corporate budgets are spent on protecting on-line assets, although the law makes no distinction between on-line and off-line. Regardless of the network status, the company bears responsibility for protecting sensitive information.
The global market continues to demand better and faster access to the necessary information to respond to the market changes. Consequently, organizations are continuously implementing state of the art devices and deactivating “obsolete” equipment. In working with computers and data security for the last 30 years at corporations such as Allstate Insurance and as attorney for Research and Development at Motorola, we witnessed this process firsthand.
But what becomes of that decommissioned technology? What are the legal requirements when you retire this equipment? Do you have a process for determining what data is on these devices? How do you securely and properly dispose of these devices? What could you prove in a court of law and would your proof be sufficient to be admissible?
Every person within the organization must have an increased awareness of the threat to data security. The threat is real and takes many forms, including:
- Consumer fraud through identity theft
- Exploding corporate espionage intent on embarrassing your organization
- Disgruntled employees
- Organized crime
- State sponsored spying in search of financial and/or competitive advantage
Headlines such as those involving the NSA and data security privacy are seen daily and are usually related to on-line activities. The dirty little secrets is that most breaches are occurring off-network. Think about it; if you really wanted to acquire sensitive data, would you rather attack the company where they have their highest level of defense or would you rather attack where they are weakest?
In our next blog post in this series, we’ll explore the laws that govern the security of off-network devices, so stay tuned! And if you have any questions or concerns about data security for your business, please don’t hesitate to contact us.