Business PickupIT security is a key issue for businesses and their customers as hacking and associated problems with stolen data continue to grow. According to Gemalto’s Breach Level Index, 2.6 billion records were stolen, lost or exposed worldwide in 2017. This represented an 88 percent increase from 2016, with identity theft accounting for 69 percent of all data breaches. Over the past five years, nearly 10 billion records have been stolen, lost or exposed. Experian’s recent Global Fraud & Identity Report, a survey of 5,500 people in 11 countries, noted that 72 percent of businesses said fraud was a growing concern for them.
In Canada, the introduction in 2000 of a federal privacy law for private-sector organizations, Personal Information Protection and Electronic Documents Act (PIPEDA), forced companies to “up their game” when it came to protection of personal information used for a commercial activity. Organizations must follow a code for the protection of this information that is rooted in international data protection standards. In 2015, the Digital Privacy Act became law as an update for PIPEDA.
As an IT security professional, an integral part of your job is focusing on fraud prevention. Having an IT security plan in place to avoid fraud is a given but what are some of the most important components of such a plan? Best practices for IT security and data destruction are a good core.
Best Practices for IT Security
IT security is a rapidly changing field that reflects the pace of change in technology. However, there are some practices that are always advisable.
- Update your company’s software whenever changes are prompted by the manufacturer. Most malware attacks are on identified vulnerabilities for which a fix was available but never installed.
- Backup company data frequently and make sure the backup is thoroughly protected and encrypted. Use the 3-2-1 rule of backups: Keep three copies of any important file (one primary and two backups); keep the files on two different media types; and store one copy offsite. Divide responsibility for backups among several people so no one is tempted to steal data.
- Handle passwords securely. A good password should be long, complex and fully unique. Prohibit employees from using their personal passwords on company accounts and from sharing passwords with each other. Set up an auto prompt system that requires all employees to enter a new password after a specific period of time.
Best Practices for Data Destruction
In the electronics recycling industry, Information Technology Asset Disposition (or ITAD) describes a complete process for disposing of old electronics and includes good data destruction practices. Following the five ITAD stages will ensure that your data is destroyed safely, efficiently and in an environmentally appropriate manner.
- Logistics: getting your company’s obsolete electronics to the recycler securely
- Data destruction: destroying all data with a verified process
- Asset auditing: assessing the viability and value of electronics
- Resale: restoring and reselling appropriate items
- Recycling: discarding all remaining components safely and with minimal environmental impact
The essence of good data destruction is making sure the data is actually destroyed rather than the device being shipped to a developing country where the data is available to be misappropriated and exploited.
Where Can I Find a Recycler Who Will Handle Data Securely?
While there is not one IT security plan that will work for every business, a good fraud prevention plan will include common features such as best practices protocols around data destruction and overall online security. Using the services of an ethical recycler such as Revolution Recycling, who are PCI compliant and have multiple industry certifications as well as their own robust best practices, is the surest route to putting your mind at ease about fraud involving your company’s data.
If you have questions about your company’s data destruction needs or you’re ready to schedule a free pickup of hard drives or related items, contact Revolution today.