In the digital era, the most important component of a business is its data. Information on employees, customers and private operations are all housed on internal computer systems. But, just because the data is locked away doesn't mean somebody else can't access it.
Setting the wrong type of record
It seems there's a new story about data breaches every day – and the frightening frequency of these information security risks is no illusion. Companies face difficulties protecting their information as hackers quickly develop new tools and methods of stealing it.
Data breaches have become common daily occurrences, as evidenced by a report from the Identity Theft Resource Center. There were a total of 500 breaches reported in just the first half of 2016 – a 20 percent increase in the same time period of 2015, which broke the record for most leaks in a calendar year. According to IT Governance, at least 480 million personal documents were hacked in 2015 alone – and the number may even be higher.
It's been said that the best defense is a good offense, and more organizations are starting to understand that when it comes to protecting their data. By being proactive in how you collect, store and discard information, you have a better chance of avoiding a massive spill of intelligence – and the bad publicity that comes along with it.
The often overlooked breach
Many of the news stories circulating touch upon the active loss of data. The ITRC reported that one-third of the record-breaking data leaks recorded so far in 2016 were attributed to email phishing scams. This is usually what is on top of data protection specialists' minds when it comes to resourcing, but there are other ways hackers can get at personal information as well.
Old, discarded hard drives are fountains of wealth for hackers – especially if a company chooses to carelessly toss one away. Simply sending something to the internal trash bin or even throwing it out leaves businesses vulnerable to data loss. Companies must securely delete files to truly ensure the hard drive is wiped.
There are a number of laws that require compliance for data destruction methods, like the Data Protection Act. The potential risk of exposure is heightened in the medical industry, where the Health Insurance Portability and Accountability Act requires institutions to dispose of data soundly. Though crushing a hard drive is acceptable, it's necessary to wipe the media stored on it first.
Software erasure is a common method used to securely delete files, but the science behind it is often misunderstood. All it does is rewrite and scramble the code, rather than get rid of it. Hackers are still able to reach it and retrieve the data, putting companies at risk.
Degaussers are approved by the National Security Agency as the only method to ensure data is unrecoverable. They render code unreadable by exposing the hard drive to a magnetic field, which scrambles the media contained inside. The extra time it takes to degauss data translates into unrealized savings by protecting the company from a data breach. A new report from IBM Security found the cost associated with an information spill has risen to $4 million per instance – a hefty price that should be in the back of your mind the next time you try to physically destroy a hard drive or computer.