CINCINNATI — According to a recent study by the Ponemon Institute — a research center dedicated to privacy, data protection, and information security policy — data breaches cost U.S. enterprises an average of $5.4 million per incident in 2012. Cintas Corp. partnered with the Ponemon Institute to identify five digital devices that are overlooked areas in a business and could be subject to a security breach.
“With the growing number of digital devices in today’s businesses, it is no longer sufficient to only secure data stored on documents or in computer files,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Data stored on digital devices such as fax machines and routers must be securely destroyed to prevent it from getting into the wrong hands.”
The most common overlooked digital devices that could be a point of access for a security breach include:
• Old hard drives. Many discarded or unaccounted for hard drives contain confidential and recoverable information. Confidential data that ends up in the wrong hands can harm the reputation of your company and have serious negative financial consequences. Typical hard drive data removal methods come with many risks because they are time consuming, prone to human error, and in many cases, not compliant with disposal laws. Complete physical destruction is the best way to protect this sensitive data. Through the use of an on-site hard drive destruction service that safely and efficiently destroys computer hard drives through a compliant recycling process, companies can eliminate risks of data breaches and stay in compliance with state and federal disposal laws.
• Copy machines. The latest generation of digital copiers are “smart” machines used to copy, print, scan, fax, and email documents. Digital copiers require hard disk drives to manage incoming jobs and workloads. The hard drive in a digital copier archives data about each document it processes which can often include sensitive information such as social security numbers and account numbers. If you don’t take steps to protect that data, it can be stolen from the hard drive, either by remote access or by extracting the data once the drive has been removed.
Some devices include a security feature that allows you to overwrite the hard drive, which should be done at least once a month. Overwriting does not always take care of 100 percent of the information, however. It is always a smart idea to have a certified vendor destroy the machine’s hard drive at the end of its usable life.
• Fax machines. A fax machine sitting out in the open not only makes it easy for employee access, but also allows wandering eyes to notice the data as they walk by. Most companies use one fax machine for several employees, which creates more opportunities for lost documents and tampered data. Create a corporate faxing policy that should forbid employees from leaving documents unattended at the fax machine. Also, consider logging misdirected faxes to help identify risks and vulnerabilities, and help you develop better safeguards.
Similar to copy machines, fax machines contain hard drives that store data from each document they transmit, which should be securely destroyed by a certified vendor at the end of the machine’s lifecycle.
• Routers. Whether you use a wired or wireless router, if it is not configured properly, it could pose potential security risks. Pirates using your Internet connection can not only slow down your connection, they can also gain access to your confidential information. Password protect your router to encrypt the connection and prevent outsiders from logging in. You should also turn off broadcasting in your router settings to prevent others from seeing your network’s name. Additionally, change the admin password immediately after purchase to prevent hackers from finding common manufacturer passwords on the Internet.
• Mobile devices. Mobile devices enable employees to work from virtually anywhere at any time, allowing greater flexibility and productivity. According to Juniper Research, by 2014, the average number of mobile devices accessing an organization’s network will reach 3.3 per employee. Businesses must put bring your own device (BYOD) and mobile device policies in place to protect against the potential risk of a stolen or missing mobile device. An effective policy should include training programs to address mobile liabilities, and heightened security measures such as remote wipe, which allows a company to remotely delete the data from the device as soon as they are notified it has been stolen or lost.
“Businesses face many risks of data breaches,” added Ponemon. “It is important to be aware and prepared for the risks that are most often overlooked to maximize the security of your business information.”
For information on document management, including hard drive destruction and other services, visit www.cintas.com/documentmanagement.
Publication date: 4/7/2014