“E-Security is more then a buzzword”

Posted on December 8, 2010 by Geoff Barber

E-Security is more then a buzzword”

By Geoffrey Barber

12/8/2010

 

“So I had my ‘IT guy’ format that c: drive from that old computer, and then he pulled it out and threw it in that recycle bin. That should take care of it right?”

 

This is probably something that is thought or said a few hundred times a day by business owners, contractors, managers and even Presidents or CIO’s.

 

An independent security evaluation firm in the New England area, recently purchased a variety or refurbished, disposed of, or recycled computers and/or hard drives in the Boston area as an experiment. Would it surprise you to know that all but one of the supposedly wiped/deleted or formatted hard drives contain critical secure information?

 

A Boston computer store sold a hard drive previously owned by an accountant–and crammed with four years’ worth of his clients’ payroll and tax information and employee Social Security numbers. The accountant said that his nephew, who worked at a computer store, had removed the drive while upgrading his old computer several months earlier. The accountant said that he never thought to ask his nephew what had become of the hard drive.

 

Similarly, a Salvation Army store in Cambridge, Massachusetts, sold a PC that had once belonged to an attorney; it still contained bank account numbers, an active America Online account (and a stored password), and draft legal documents on its hard drive.

 

“I most certainly never expected my personal information would ever be more than just that–personal,” said the attorney. He said his firm’s IT consultant had promised to properly destroy the data.

 

There was another study done by two MIT graduate students earlier this year. Simson Garfinkel and Abhi Shelat, bought 158 hard drives on EBay and from online shops. Of 129 drives that worked, 69 had recoverable files and 49 contained personal information, including 3700 credit card numbers, medical data, and pornography. Only 12 of the usable drives had been properly purged.

 

Still feel safe about how you or your company dispose of your electronic data? Still feel comfortable with OTHER people’s data you might be holding on to?

 

Private and confidential data stored on computer hard drives also pose legal risks. The Health Insurance Portability and Accountability Act (HIPAA), Fair and Accurate Credit Transaction Act (FACTA), and The Gramm-Leach-Bliley Act (GLB) offer three examples of laws that require specific industries to implement and document electronic data destruction procedures. Similarly, the Sarbanes-Oxley Act requires businesses to protect confidential information that could devalue the company if compromised. Non-compliance subjects companies to regulatory fines or lawsuits.

 

In 2010 YTD there is an estimated 735 BILLION dollars in settlements pending or in active lawsuits related to identity theft, information and security breaches. Cyber crime and information crime is the single largest growing form criminal activity today.

 

 

What can you do to protect yourself?

 

Hire a professional. I know it sound simple, but here are a few key points to look for to make sure you find the right business partner to ensure your data remains YOUR data.

 

Find a company that:

 

• Provides secured logistics support, insurance, and favorable rates

• Audits downstream partners

• Removes asset tags and customer asset labels from equipment

• Provides audit and tracking details on returned assets

• Utilizes degaussing or other sanitizing methods using Department of Defense-

   compliant and Health Insurance Portability and Accountability Act or HIPAA-

   compliant data procedures

• Physically as well as electronically disables hard drives rendering them

  unusable.

 

Remember to always treat your information the same a cash, because it essentially is!

Posted in Uncategorized | Leave a comment