As the CEO responsible for the day to day operation of your organization, what happens to your retired hard drives that contain data about your customers, employees and your company’s personal data?
Why is the disposal of your retired (old hard drives) drives put on the bottom of the list of importance or un-importance when it comes to end of life data security. In fact in most cases your old hard drives will sit in storage until someone discovers them or needs extra office space and thinks, gee maybe it’s time to get rid of them. This chore in some cases is delegated to the junior person(s) in the IT department who thinks he is saving the company money by turning it over to a third party with the lowest bid, who in some cases just decided to get into the hard drive data destruction business because they have been shredding paper documents
Your old hard drives are the most overlooked items and the most under-protected assets within your organization, when it comes to data security for your customers, employees, and your companies trade secrets. What happens if there is a data breach and its discovered that it came from one of your old hard drives.
Well your board of directors will not be very happy, you could fire your CIO and put all the blame on him ( which has happened). Customer relations well there could be a loss of customers, along with possible lawsuits and government fines.
Your CIO has to work with the budget he was given, so the disposal of those old hard drives is not really a priority. Why? Because like most businesses today, your CIO is too busy trying to keep up with the latest malware, ransomware and whatever else that is trying to hack into your systems along with the upgrading of an obsolete OS or apps along with the replacement of servers until the next budget.
You have heard the stories and seen the statistics time and time again about the costs of a data breach and of course the old saying it can’t happen to me.
…. the average per capita cost of a data breach in Canada is $250 and the average total organizational cost is $5.32-million.
There have been companies that have kept their old hard drives in storage for over eight years and have no record of those hard drives whatsoever.
1. As soon as a drive is removed from service; record the make, model, drive capacity and serial number of that hard drive along with the day, date time it was removed from service. The reason for removal and the name of the person(s) who removed it.
2. Make sure that you always know the exact number of hard drives you have in storage and whether they are kept on-site or at an off-site location
3. Only the CIO and two to three employees should have access to those retired hard drives and only with permission from the CIO.
4. Your old hard drives should be secured in a room specifically designed for securing those old hard drives and other storage devices including a surveillance video camera, especially if you are storing a large number of hard drives onsite.
5. Do not keep hard drives longer than you have to. Infact destroy them immediately. Ask about our rackmount crushers.
6. Do not turn your old hard drives over to a third party for disposal until they are either wiped or destroyed on-site with an employee who can verify the drives have been either wiped using Secure Erase or overwrite mode before turning them over to a third party for disposal.
7. Before an employee leaves your company make it mandatory that the hard drive from their laptops are turned into the company for data removal or destruction and any other devices such as cell phones supplied by the company.
1 (705) 943-3403