A recent White Paper published by Experian stated that almost 30% of businesses don’t have plans in place to deal with data security threats! This is astonishing. With cyber security threats from WannaCry ransomware attacks to hard drives being sold online that still contain residual data – why is it that businesses do not understand the level of risk poorly managed data is under?
Cyber-security is clearly prioritised as an area for investment, as seen recently with British cyber security start-up Panaseer raising £2.5m in the wake of the WannaCry ransomware attack. But consider for a moment the volume of IT hardware that ends up on the scrap heap as new products are released on an annual basis. Whether it is an entire machine, (laptop, desktop, mobile phone) or individual components (SSDs, HDDs, SIM cards, USBs), any small to mid-sized business produces a significant amount of physical data assets that need to be securely destroyed on an annual basis.
The end of life management or destruction of data assets is so often overlooked. Too few businesses can confidently state that every measure possible has been taken to mitigate a data breach; that all sensitive data is held securely; or has been destroyed in a secure, auditable and responsible manner. When the General Data Protection Regulations (GDPR) come into force in May 2018, these businesses are facing potential financial penalties that could cripple their business.
What can be done to secure data asset destruction?
Any business that processes or manages sensitive data should have already started to educate their workforce about GDPR requirements and responsibilities. In addition to this business should be attempting to change employee behavior when it comes to responsible data asset destruction. This can be a costly and timely process, which is why we’ve created the eBook, Data Destruction – The weak link in data security, to help business leaders understand the steps they need to take. Processes and policies need to change and be communicated to employees, which will aid the education and spur on a behavioral change. At infosecurity 2017, where we officially launched the DataRaze machine to the market, Professor Angela Sasse, Director at the UK Research Institute in Science of Cyber Security, UCL hosted a talk explaining that security doesn’t work if it doesn’t work for people.
The workforce is key to any successful business and giving them the information around data security and GDPR should empower them to follow the guidelines and processes. GDPR will change the data threat landscape – the need to adequately dispose of data when IT equipment is downgraded or recycled cannot be pushed to the bottom of the priority list any longer.
For more information on how DataRaze can help your business prepare for GDPR and safely dispose of your critical data assets – download our eBook here.