Data Breaches and ITAD – What You Need To Know

Data breaches have affected millions of people. Those millions of people are filing lawsuits against these companies for failure to protect their private information. Equifax’s lax security methods led to 143 million SSNs, credit card numbers, and driver’s licenses being stolen. Poor security measures also affected Facebook, First American Corporation, Oregon’s Department of Transportation, and many others.

 Another issue is lost or stolen computers, electronics, and other media. In 2017, a USB stick with 2.5 GB worth of Heathrow Airport’s security records was found in the street. A stolen computer at the Veteran Affairs Department put the records of 26.5 million military vets and personnel at risk. The original lawsuits requested $1,000 per person or $26.5 billion.

 It’s estimated that the cost of a data breach in the U.S. is around $242 or $8.19 million. Medical data breaches are even higher at $15 million. If your organization suffered a breach, would you face costly lawsuits like the VA or these averages? Do you have methods in place to prevent things like this from happening? You should.

 You’re the First Step to Preventing a Breach

 While your electronics are still valid and actively used by your company, you need to make sure software is updated regularly with security patches, protected behind firewalls, and scanned for malware, spyware, viruses, etc. You need to make sure virus definitions are updated daily.

 Weak passwords are not okay. No one in your organization should be using a password that isn’t a mix of uppercase and lowercase letters, numbers, and special characters. If they are, you need to stop that practice. Part of the Equifax breach occurred because the company was allegedly using “admin” for their username and password. If your employees work from home, they need to follow company protocol and use the same protective measures.

 Carefully Dispose of Outdated or Unused Media and Electronic Devices

 When your organization’s electronic devices are no longer needed. Do you hand them off to your local recycling company or give them away to employees? It’s not enough. You need IT and electronics asset disposition services that also offer data destruction. It’s essential that data is thoroughly destroyed before it’s shredded or prepared for resale.

 ITAD is a process in which electronic assets are recycled or reused once they’re no longer useful to you. The criteria for ITAD include protecting the environment, keeping information private, and securing data. When you do this properly, you avoid fines from the EPA and from state and federal governments.

 Three security standards should be implemented in any ITAD process. They are ISO 27001, NIST 800-88, and PCI DSS.

 ISO 27001: Risk-based method for coming up with, implementing, and maintaining a security plan.

  • NIST 800-88: Helps organizations plan how to destroy sensitive data.
  • PCI DDS: Details how companies handle and manage payment information.

 Depending on your industry, you may also have additional protocols and need the disposal process to meet them. For example, government agencies and hospitals and medical facilities have different regulations to follow than a grocery store owner. If you don’t know all of the regulations, you need to pick an ITAD vendor who does. Laws are subject to change, and it’s also important to you choose someone who knows and meets the changes.

 Do Your Research and Find the Best ITAD Company

 Data security is your utmost goal. To make sure you meet legal requirements and protect your customers, take your time and find the best ITAD company. You should ask a company these questions before you hand over your electronics for disposal.

  1. Ask what certifications the company has. You want someone who holds NAID certification. R2 certification and e-Stewards are others to verify the company holds.
               
  2. Make sure the company is compliant with laws and requirements for your business. If they’ve never handled ITAD for a medical office and that’s your business, find someone who has.
               
  3. Verify that electronics are shredded and recycled. You don’t want your electronic devices going into the landfill where they can leach heavy metals into the soil.
               
  4. Find out if there is a chain of custody to give you peace of mind. If you can’t track where your items are at any given time, it’s not going to be comforting.           

ERI is the nation’s largest fully-integrated ITAD vendor. With eight locations across the U.S. and real-time tracking through MyTrackTech, you don’t worry about who has your items or where they’re located. There are even options to watch some of the process remotely. ERI processes IT and electronic assets in-house rather than having to ship them to another vendor. The company also guarantees compliance with local, state, and federal laws.