A comprehensive data security program takes into consideration not only the digital aspects of protecting sensitive information, but also protection of the physical assets that contain the data. Here are 4 ways to improve physical asset management to reduce the risks of a costly data breach.
Maintain detailed tracking of data containing devices
A fixed asset management software is one way to make sure that each electronic device that may contain sensitive company or customer information is properly protected. Having details of the physical location, contained data, and user of devices is critical for reasons that range from changes in personnel, to device theft. On top of that, keeping model numbers and hardware specifications can prove indispensable when it comes time to replace aging assets. Your IT asset disposition provider can use those records to identify data wiping needs and quickly estimate the recoverable value.
Avoid any unnecessary data storage
Unnecessary data storage can come in a few different forms. Collecting data in the name of analytics may seem like the thing to do in the age of Big Data but the responsibility of protecting it may outweigh the benefits. Data that has reached a preset expiration date must also be properly wiped. Physical assets, too, should not be kept once they are no longer needed or part of business continuity planning, especially if the data they hold has not been properly sanitized.
Don’t mistake deletion for destruction
Some formatting of drives leaves behind the stored information and only designates the data containing sections as available for writing new data. This makes the “deleted” data vulnerable to rather simple recovery attempts. Fully automated, software-based solutions can ensure erasure by overwriting in such a way that the data is obliterated and obscured from even the most advanced recovery techniques. The software is designed to work on HDDs, SSDs, or even mobile devices and those with built-in and integrated data storage. Crucially, these programs generate reports to account for each individual device.
Verify your IT asset disposition vendor’s data destruction certifications
Current U.S. government standards for data sanitization are also used for commercial destruction purposes. The NIST 800-88 standard is comprehensive and considers advancements in data storage technology like SSDs. Despite the government setting these standards, they don’t issue certifications to them. Instead, the International Secure Information Governance & Management Association (i-SIGMA) administers the NAID AAA certification which incorporates the NIST standard and provides exhaustively for the sanitization of various data bearing devices. Ensure that your ITAD partner is certified to NAID AAA standards for guaranteed data destruction on all equipment.
Implementing these measures can complete a strong data security program and ensure that all data destined for destruction is indeed protected and sanitized.
