The past few weeks have been devastating to the Sony Corporation. Between leaked e-mails and actual threats, which resulted in a feature film being pulled from theaters and dozens of apologies, Sony has experienced a huge public relations nightmare. And if certain threats are to be believed, that is only the tip of the iceberg. The hackers reportedly have a lot more information that they could potentially release.
This is a great example of how important your company’s data, and your ability to keep it secure, is to your business. What happened with Sony is in a different realm of data protection than what we deal with in ITAD. However, what is happening to them just magnifies the concern of investors and the public in corporate data security. That part does trickle down to ITAD!
Any Data Breach is a Big Deal
You might be thinking to yourself, “We have a policy to wipe all hard drives, so I don’t have to worry too much about a data breach, and certainly not to the magnitude of the Sony breach.” If your business experiences a data breach because the policies and processes you have in place are not meeting industry best practices, it would certainly cause a lot of problems for your department and the company. Because protection against a data breach caused by a disposed hard drive (in a device or standalone) could be considered much simpler than a complex network hack, that hard drive breach may cause more damage to your reputation. The key is to have effective policies and processes in place, and a way to make sure they are followed each and every time.
Every Company is Vulnerable
Another thing to remember is that data breach is not just about really famous companies or those that have healthcare records or credit card numbers. Every company has valuable corporate data, and is at risk of some type of breach. Even if the data that is hacked or found on a hard drive is not very useful outside of your company, the fact of the breach itself can be quite damaging. In Sony’s case, their employees, customers and investors are now concerned about the company’s overall ability to keep its networks and data secure.
For end-of-life data-bearing devices – whether it’s PCs, laptops, tablets, servers or storage arrays – your best risk mitigation practice is to work with certified partners. A company with the NAID AAA certification for electronic media can work with you to be sure the combination of your internal processes and the services they provide will minimize the total risk to your company.
The risk of data being compromised at the point of disposition is probably the most manageable data breach risk. All you need to do is leverage IT Asset Management (ITAM) best practices and partner with a company that will ensure it’s done right, every time