Data breaches affect businesses large and small, so it’s important for every business to understand how they occur and what to do to prevent them. There are many ways that a data breach can occur. For example, unauthorized users can identify weaknesses that can be exploited to hack into a business’s network. Hackers can also trick employees into sending confidential log-in information so they don’t have to break into the network. These are two of the most well-known ways that a data breach can occur. But, what you may not know is that hardware such as flash drives, video drives, central processing units, and hard drives can also contribute to a data breach. Here’s how:
Lost or Stolen Hardware
Businesses must keep track of their hardware from the time that it is obtained until it has been destroyed. But unfortunately, many businesses do not have effective asset management strategies in place. As a result, they lose track of some of their hardware, and it ends up lost or stolen. Anytime that hardware is stolen, the data that it contains is vulnerable. The data may be protected if it is encrypted, but if the data is unencrypted, it can easily be accessed by anyone who finds or steals the hardware.
To prevent this problem, it’s strongly recommended that businesses encrypt all of their data. If this is not possible, then businesses must at the very least encrypt data on any electronic device that contains personal identifiable information. This way, customers’ information such as their credit card numbers or Social Security number may be protected in the event that the device it is stored on is lost or stolen.
Businesses also need to establish an asset management strategy to ensure they know where are all of their electronic devices are. This is especially important if your business is storing old electronic devices on-site. Why? If a device that an employee uses on a daily basis goes missing, someone will notice right away. However, if an old electronic device that is sitting in storage goes missing, it may be weeks or months before someone notices. By this time, the data on the device may already be compromised.
At some point, every business will need to decide how to dispose of the electronic devices that they no longer need. As previously mentioned, these devices may sit in on-site storage, but eventually, they will need to be removed and recycled. Unfortunately, if they are not disposed of properly, the data stored on the devices may be compromised.
Businesses typically hire third party e-waste recyclers to dispose of their old electronic devices. These e-waste recyclers can resell devices that are still functional, but if the device is not sellable, they will break it down in order to extract valuable materials such as gold, silver, and copper that can be resold. But before the sale takes place, the e-waste recycler is supposed to destroy any data that the device contains. If the e-waste recycler fails to fulfill this obligation, then a data breach may occur once the device is resold. This happens more often than you may think. In fact, the National Association for Information Destruction (NAID) recently found that 40% of electronic devices that are being resold contain at least one type of personal identifiable information (PII).
Data breaches can also occur during disposal when the recycler fails to protect the devices within the e-waste facility. For example, someone may break into a facility that does not have any security measures in place and gain access to data that is stored on devices that have not been processed yet. This type of data breach may occur when the hardware is in the e-waste recycler’s possession, but the business can still be held liable.
To prevent data breaches during the disposal of electronic devices, it’s important to carefully select an e-waste recycler that you can trust. Make sure that you ask how the data is destroyed and what the company provides as proof that the data was properly destroyed. At ERI, we allow our clients to watch a live video feed of the process so they don’t have to worry about what happened to their data. We also follow all data destruction best practices to ensure the data cannot be read or recovered by anyone.
A good way to determine if an e-waste recycler is reliable is to find out if they have any certifications, specifically the e-Stewards and NAID AAA certifications. The former is widely regarded as the highest e-waste certification in the world. It is only given to e-waste recyclers that have proven they dispose of electronic waste in an environmentally and socially responsible manner.
The NAID AAA certification was developed by information security professionals and is only issued to recyclers that are dedicated to keeping data secure throughout the entire disposal process. Before issuing this certification, an independent auditor monitors the e-waste recycler’s process to ensure the data is secure at all times. If you’re concerned about data breaches, you must look for an e-waste recycler that has this certification.
Keep your data protected when disposing of hardware that your business no longer needs by working with a reputable e-waste recycler. ERI is the leading e-waste recycler in the U.S. with locations in California, North Carolina, Washington, Colorado, Indiana, Massachusetts, and Texas. Every year, ERI processes more than 250 million pounds of e-waste, but not before completely destroying the data that this e-waste contains. We have both the e-Stewards and NAID AAA certifications, which means you can trust us with devices that contain confidential information. For more information on preventing data breaches by properly recycling your electronics, or to request a quote for your company, contact us today.