Estimated 25% of Data Breaches Caused By Negligence–Including E-Waste Recycling Mistakes

It seems as if there’s always a story in the news about a recent data breach, and that could be because these breaches are becoming increasingly common. The largest data breach that has ever been reported was discovered in 2016, when Yahoo publicly announced that over 1 billion user profiles had been hacked three years prior. But, the highest number of data breaches occurred in 2017, when nearly 179 million data records were exposed in over 1,500 reported data breaches. This is a significant increase over previous year, where there were roughly 1,000 data breaches that exposed approximately 36 million records.

What’s behind the sudden spike in data breaches? There are a number of possible explanations. However, a new report seems to pinpoint the cause of a significant portion of the breaches.

How Negligence Can Cause Data Breaches

Every year, IBM and the Ponemon Institute invest in a study on the state of data breaches in the U.S. The results of the 2018 report were recently released, and they indicate that about one-quarter of all data breaches in the U.S. are caused by negligence.

Negligence can lead to data breaches in a handful of ways. An employee could negligently leave their username and password written down somewhere where others can see it. Employees may also make the mistake of leaving their computers while they are logged into the system containing sensitive data. If someone happens to walk by, they could quickly access this information without having to hack into the system.

Negligence-related breaches also occur due to the failure to erase data off of devices. In fact, the report specifically states that this is one of the leading causes of negligence-related data breaches. For example, let’s say a company has decided to buy new computers for their employees, so the old computers are no longer needed. The company sends the computers to an untrustworthy e-waste recycler, who fails to erase the data on the devices prior to reselling them. Because the data was not erased, whoever purchases these devices could gain access to the company’s sensitive data.

These breaches may occur as a result of the recycler’s or employee’s negligence, but the public will still place blame on the company. For this reason, every company should have a plan in place to help them prevent data breaches of this nature.

Preventing Negligence-Related Data Breaches

According to the report, a negligent data breach costs the targeted company approximately $128 per compromised record. This means companies could save a lot of money simply by reducing the number of breaches that are caused by negligence. But, how? First, it’s wise for companies to train employees on how to handle sensitive information. Employees should know that usernames and passwords should never be written down or shared with anyone else. They should also know that they should never access the system from an unsecure location or leave a computer without logging out first.

Employees should also be trained to report potential breaches. This ensures that employees know to tell someone if they’ve made a negligent mistake that could lead to a data breach in the near future. They should understand the consequences of a data breach and how it can affect the entire company so they realize how crucial it is to report security issues.

Companies also need to do their due diligence prior to doing business with third party vendors. This is especially important when choosing an e-waste recycler, since this third party vendor will have access to all of the company’s data-containing devices.

Look for an e-waste recycler that has been awarded the National Association for Information Destruction (NAID) AAA Certification. This certification is only awarded to e-waste recyclers that have demonstrated a commitment to protecting sensitive data at all times. E-waste recyclers must also prove that they follow industry standards when destroying data contained on electronic devices. If an e-waste recycler has this certification, it indicates that the company is one of the best and most reliable in the industry.

It is best to find an e-waste recycler who also provides proof of data destruction. At ERI, clients are welcome to watch a live video feed of the data on their devices being destroyed. In addition, clients receive a certificate of destruction shortly after their devices have been processed. This certificate can stay in the company’s records so they can keep track of exactly what devices were processed and when the processing occurred.

Finding an e-waste recycler that meets this criteria will greatly reduce your risk of being affected by a negligence-related data breach.

Other Causes of Data Breaches

Data breaches caused by negligence account for a significant portion of all data breaches. However, it is far from the only cause of these breaches. According to the report, negligence-related data breaches are about half as common as breaches linked to criminal activity. Many breaches are also caused by system glitches that temporarily expose personal data to unauthorized third parties.

It’s important for companies to keep this in mind when discussing the best ways to protect their data. In addition to preventing negligence-based breaches, companies must also implement strategies to address breaches related to criminal activity and system errors.

Make sure your sensitive data is safe by trusting ERI, the largest recycler of electronic waste in the world. ERI has electronic recycling facilities in California, North Carolina, Washington, Colorado, Indiana, Massachusetts, and Texas. Every year, our facilities process over 250 million pounds of electronic waste for clients in a variety of different industries. We also pride ourselves on data destruction, and always follow the industry’s best practices when destroying our clients’ data. For more information on recycling electronics, or to request a quote from ERI, contact us today.