Many people assume that hackers are responsible for all data breaches, but that’s not the case. It’s true that hackers outside of the affected organization are often behind data breaches, however an employee within the organization can also be to blame for a breach.
If an employee steals a retired IT asset, they are also stealing all of the information that this device contains. Even if the employee has no intention to access the sensitive data, it is no longer protected because it is not in your company’s control. To protect sensitive data, companies must make an effort to prevent their employees from stealing retired assets. Here’s how:
Enforce the Rules
Every employee should know that taking a retired IT asset without permission is not allowed. But, companies should still have written policies that explicitly state that this is not permitted. The written policy should also outline the consequences for violating the rules. Putting this in writing makes it easier for companies to enforce the consequences if someone violates the rules.
Keep A Detailed Inventory
Many companies fail to keep a detailed inventory of their IT assets. Although they may have a record of the assets being purchased, they never track what happens to them once they are put to use within the company. Businesses that fail to keep track of their IT assets have no way of knowing if an IT asset is missing, and it’s possible that your employees know this. Employees could feel safer stealing from a company that will not immediately realize the IT asset is missing.
To prevent this problem, prioritize the use of an inventory tracking system. An asset should be tracked from the moment it is purchased until it is destroyed. Don’t make the mistake of discontinuing tracking once the asset has been retired. If it is still in the company’s possession, it should still be tracked regardless of whether it is being used or not.
Safely Store Retired Assets
If you plan on keeping retired assets within your facility, it’s important to store them in a secure location. There won’t be someone standing at the door guarding the assets at all hours of the day, so the room should be secured with locks or other security features. This may seem like common sense, but many companies make it easy for their employees to steal IT assets by storing them in unlocked locations.
Be selective when it comes to choosing who should have access to this room. Don’t make dozens of copies of the key to this room–the only people who should have a copy of this key are those who are responsible for maintaining inventory. If possible, convert the door to this room so it can only be accessed with a card key. This will make it easier for you to find out who was in the room if something does go missing. Card key access also eliminates the possibility that someone will accidentally forget to lock the door since these doors automatically lock when they close.
Encourage Other Employees to Watch Over Assets
Make sure all employees know how important it is to protect your retired assets.
Even with these security measures in place, it never hurts to encourage other employees to report suspicious behavior. For example, employees should know to tell someone if they see a co-worker emerging from the IT asset room with a device in their possession. If the room is locked, employees should also know to report when a key or card key goes missing.
No matter how many times you tell employees to report suspicious behavior, they may not if they don’t understand why it’s important for them to do so. Get employees interested in the security of your IT assets by explaining the consequences of a data breach. Discuss how a data breach can affect the entire company so employees understand that they could be affected even if they are not in the IT department. Companies that don’t have this conversation with this employee are more vulnerable to employee theft.
Run Background Checks
Theft prevention should begin during the recruiting and hiring process. If you want to ensure none of your employees will steal your retired IT assets, invest in conducting thorough background checks on anyone you are interested in hiring. Running background checks can help employers spot potentially untrustworthy employees so they don’t make the mistake of letting them into their organization. Even if the candidate is not working in the IT department, their background should still be checked to ensure they can be trusted to work around your company’s sensitive data.
Dispose of IT Assets As Soon As Possible
The best way to prevent the theft of retired IT assets is to dispose of them with the help of a professional e-waste recycler. An e-waste recycler will take the retired IT assets off-site to their facility, where they will be wiped clean and destroyed in an eco-friendly manner. A reliable e-waste recycler will completely destroy the data on your devices, so you never have to worry about it falling into the wrong hands again. This is the responsible way to handle IT assets that are no longer in use, so there’s no longer a need for companies to keep their retired IT assets on-site.
At ERI, we take the destruction of the data on your devices seriously, which his why we offer both software based and physical destruction of your electronic data. We also provide a live video feed of the data destruction so clients can watch us work to ensure we are delivering on our promises. For more information on recycling electronics, or to request a quote from ERI, contact us today.