Is your CEO criminally liable if discarded data devices aren’t clean?
IT professionals are often frustrated by CEOs and corporate executives who don’t prioritize data security. This is frequently a case of priorities and personalities rather than rational decision making.
Last week we wrote about corporate executives imprisoned for improper disposal of technology waste.
This week we bring you the tale of a CEO charged with fraud for ignoring a long-standing data breach and endangering private data.
CEO who ignored data breach charged with fraud
Former Nortel CEO Frank Dunn is charged with fraud for allegedly knowing that Nortel’s computer system had been hacked, but failing to take action, according to the Wall Street Journal. An employee discovered and investigated the breach, but was not allowed to take action to fix the problem.
This is one example of corporate executives assuming they are immune from criminal action for ignoring data breaches, or simply being more interested in other aspects of running the business, and not taking data security as seriously as they should.
Stories such as these, and awareness of federal compliance regulations, may be just what you as an IT professional need to spur your C-suite partners into action.
What action is that?
Defending against hackers, and having a plan for secure onsite data destruction.
Onsite data destruction
Onsite data destruction is the best defense against loss of private data from loose media, such as retired mobile devices, flash drives, and server hard drives.
Rather than risk taking these out of a secure location to be wiped clean of data, why not keep this procedure where you can see it and supervise it?
In many companies, access to servers and hard drives is strictly controlled, requiring a keycard or even fingerprint access to the server room. However, all of this access control is in vain if your loose media and drives are not securely contained and are leaving your building before they undergo data sanitization.
Many companies don’t see the risk in a failed hard drive, this is one of the most overlooked risks in a data center. Even though the drive is not functional it does not mean that your company’s data is no longer vulnerable. In most cases the drives are stacked on top of the server or shipped back to the manufacturer to be replaced, but your company is responsible for the data that resides on that drive. You must have a process in place for failed hard drives and secure destruction of those devices before the data leaves the premises.
Meet Tear-A-Byte®, TechR2’s solution to secure onsite data destruction. TechR2′s Tear-A-Byte® solution utilizes leading edge technology, providing secure containment and onsite data destruction with our NSA certified degausser.
In some cases it can be as simple as placing a barcode (PID) sticker on you hard drives and dropping them into a secure container. Once the container is at capacity we will arrange for our technicians to go onsite to the client location to perform the onsite data destruction service. The TechR2 technicians will capture the serial number and PID number prior to data destruction. For each project the client will receive a serial number report and a certificate of destruction. More complex jobs can take advantage of TechR2’s more advanced systems.
Tear-A-Byte® provides an inventory tracking solution for the hard drives and media as well as onsite data destruction via the method of certified degaussing. Our clients have access to our exclusive cloud-based web portal, providing them with on-demand project tracking, real-time inventory and detailed reporting.
Make sure your corporate executives aren’t exposing themselves to criminal liability by turning their backs on data security vulnerabilities.
Inform them of recent court cases, and present simple and effective solutions such as Tear-A-Byte®. Information about compliance with various federal guidelines governing data privacy can be found here.