Data breaches can strain an IT department’s resources to the edge, and it’s in every company’s best interest to prevent them. But what happens if you’re not safeguarding the right places?
Don’t just watch the news
While IT department heads obviously lean on their years of experience in assessing vulnerabilities in their companies’ defenses, it’s easy for an organization as a whole to focus the bulk of its efforts on cyberattacks. The media has sensationalized hacking and malware intrusions as playing a key role in data breaches, but that doesn’t accurately capture the whole picture.
Physical data breaches can cause just as much damage to a company, and aren’t often protected against. Health IT Security reported that an employee from Alere Home Monitoring once had a laptop stolen from their car. This resulted in a $116 million class action lawsuit because of the nature of information that was taken. The case was eventually thrown out by a judge, but it stands as proof that physical hacking can have the same fiscal effect as a cyberattack.
Too often do we think of the criminal—it’s time to focus the spotlight on employees. Nearly two in every three data protection specialists responded to an Experian study saying employees were the biggest liability in an enterprise’s data security efforts. This is likely due to the fact that just 35 percent of senior executives polled think it’s important employees be trained on information security best practices.
Train employees on best practices for physical data breach prevention.
Protect against all threats
It’s time to ensure your organization is defending itself against any possibility of a data breach by focusing on the lesser-known evil of physical attacks. The Society for Human Resource Management reported that a good start is figuring out who has access to old electronics and putting a process in place to make sure computers aren’t just left lying around.
Similarly, while not all industries mandate compliant methods to erase information from hard disk drives, those that do, like health care or finance, should invest in a heavy-duty degausser, like the T-4. It’s difficult to erase data from hard disk drives because common efforts, like software bleaches or wipes, only scramble the data stored on them. Degaussing completely demagnetizes them, rendering them unusable and therefore useless to hackers.
This is particularly important at larger organizations that continually cycle through new laptops or computers. These companies often have a room full of old towers sitting there for years, as the business waits for an IT asset disposition specialist to remove them. This creates a treasure trove for a hacker, and brings on even more risk for an IT department. Instead of leaving the computers there, an assigned team can degauss them and completely mitigate the potential risk.
Far too many companies focus solely on cyberattacks and the IT department’s role in preventing them. It’s time to give physical breaches a more comprehensive plan, which will undoubtedly include employees. Having a well trained staff, especially one that can use degaussers, can mean the difference between suffering a data breach or keeping clear of one.