How to avoid a data security breach
1st February 2018
We are all aware of the increase in cyber attacks. Virus attacks on UK businesses alone increased by a massive 145% by the end of September 2017. Cyber attacks mean loss of productivity, and often means that the business’ most confidential data is exposed.
Data loss could be a massive blow to a business, but with mounting regulatory pressure around data protection (with GDPR imminent), any leakage of personal data could result in fines of up to 20 million euros, or 4% of annual turnover. It’s never been more important to get your house in order in terms of data.
But once you’ve sorted data security from a “cyber” perspective, there are other things you should think about. Data can be “physically” obtained, as well as virtually. And there are additional risks outside of day-to-day use and access. There are a number of scenarios in which your data could be at risk during, and after, the useful life of the hardware it’s being held on. There are steps to take and measure to put in place in these scenarios to help avoid a data breach. Here are a few “physical” data security risk scenarios and how to address them.
Risk: Data-bearing end-of-life hardware
Once your end-user PCs, laptops or server and storage hardware comes to the end of its useful life, and you look to replace it with shiny new kit, what happens to the old stuff? If it’s leaving your building, and even if it isn’t, you need to ensure that any residual data is erased or destroyed. We don’t just mean “deleted”. Data is recoverable. It should be erased or destroyed beyond recovery. The risks you run by not wiping end-of-life hardware of all data, and potentially releasing back out into the marketplace or to sit on a landfill somewhere are significant, and it’s essential to have the right processes in place to ensure this doesn’t happen.
Solution: Use a data erasure partner
Recycling your end-of-life IT has its own benefits, but this process should factor in data erasure and destruction too. Many IT recycling companies offer some form of data erasure, with the more equipped ones also being able to offer destruction, including hard drive shredding and crushing. You should look out for the ISO 27001 Information Security certification, as well as ADISA, and a mention of the use of reputable software such as Blancco to determine whether a company is well-equipped for data destruction. You should also ensure that you receive a data erasure report, in order to create an auditable trail of data processing.
Risk: Missing equipment
If your business is moving into a new office or premises, this will most likely involve the removal, transportation and reinstallation of a variety of IT hardware - from end-user devices to servers. This can be a pretty big job and requires careful planning and execution. The risk involved here is if the data-bearing equipment is not recorded and accounted for correctly, it could easily be misplaced in the move, and end up in the wrong hands. This leaves potentially confidential and sensitive data exposed to just about anyone who can get their hands on it.
Solution: Use a reliable relocation service
Some companies are able to offer a specialist relocation service for IT equipment, including PCs, networking, and more “heavy-duty” kit like server and storage appliances. Investing in a service like this ensure that you are not only covered from an inventory perspective - i.e. they will carefully document all equipment, whether it’s data-bearing, when it gets loaded on and when it gets unloaded - you are covered from a data perspective too. Part and parcel of the service is often some sort of data back-up, and erasure or destruction if necessary. GPS-tracked vehicles are also usually available to allow for full visibility and security.
Even if you’re well guarded against cyber attacks, it’s important to remember the “physical” aspects of potential data leakages too. One your data-bearing hardware is out of your sight, whether that’s because it’s end-of-life or it’s being moved between premises, without the proper processes in place, you could be at risk of it getting into the wrong hands. XPO IT Services offer both secure IT asset disposal and on-site or off-site data erasure and destruction. We also offer a full office relocation and dedicated data centre relocation service to ensure data-bearing hardware is moved securely between sites.
If you’d like to discuss data destruction or our relocation services, get in touch.