How Hackers Can LEGALLY Get Your Critical Data…
If you’ve been to college, you know the story: you’re walking home and BAM! There it is. The most amazing couch you’ve ever seen in your life, just sitting there on the corner. It is like God himself presented you with the most amazing place to watch TV in the universe. So, you bring it up 3 flights of steps (with the help of one or two buddies) and place it in front of your TV. Sure it smells. And who knows what that stain is. But it is comfortable, and (now at least) it is yours. They say, possession is 9/10ths of the law. As it is true with your college couch, hackers know it is true with your critical data that has been discarded.
Now, did the police come knocking at your door to seize your newfound treasure? Of course not. Why? Because it is legal almost everywhere to “dumpster dive.”
Data At Rest in the Trash is Data That Will Leak
Fast forward to present day. You’ve grown up! After all, you’ve (hopefully) swapped your old and crusty couch for a new one. And now, you have old cell phones, laptops, and other devices in a drawer somewhere. Eventually, spring cleaning comes around and it is time for them to go. Unless you’ve been able to wipe or destroy those devices before throwing them out, you have set that data free into the world. The worst part, once you’ve placed that device in the trash, there is almost nothing you can do about it. Anyone can grab it legally, just like your old couch. Once hackers grab your data, the only person liable for any data leaking out into the world is you.
You Are Responsible for the Data Hackers Can Access in the Trash
This presents an interesting opportunity for hackers. On the one hand, they want the data on your device, but they don’t want to do something truly illegal and hack their way in. So, all they need to do is just get your drive the easy way. In fact, that is how TechR2 first got it’s start! We were recycling machines from a corporate client many years ago and one of them still had all of its data completely intact. When our CEO and Founder called the company to ask them what they wanted us to do with the machine, they thought we were trying to extort them! (Obviously we had no such intention.) However, the fact remains, if we wanted to, we could have. That data was legally ours.
HIPAA, PCI, GDPR, etc… they all apply to the company collecting the data. Customers entrust you with their data. They expect that you’ll take every precaution to ensure it doesn’t end up in the wrong hands. Most companies do pretty well at protecting data on active devices. However, once a device has reached end of life, it can turn into an “out of sight, out of mind” situation. That is where TechR2 can help.
The Only Completely Safe Data is Data Turned to Dust
- First, never let devices with data on them leave your building unless you know exactly where they are going (laptops and phones for example). If you want to dispose of some technology, be sure you have a partner you trust who can clear all the data off by either securely wiping the device or by destroying it outright.
- Second, make sure that vendor destroys your data in your four walls (see rule one.)
- Finally, make sure your vendor has the absolute best certifications to keep you protected. ISO, NIST, and NAID are great examples.
Shameless plug time: TechR2 has all those certifications and is compliant with even more standards recognized by the industry the world over. Not only that, but we have the only patent in the industry for fully compliant end of life data handling and destruction. If you would like to learn more, or for a low-cost assessment of your current processes please contact us!