Photo by Vincent Botta on unsplash.com
Written by Insecurity of Everything: A Cybersecurity & Business Column, Kate Fazzini and John Shegerian
As a business leader, it’s your responsibility to ensure that the private information of your clients, workers or associates is kept confidential. Many are not aware of the intricacies of recycling electronics in a way that completely destroys data.
Just Because You’re Not Required, Doesn’t Mean It’s Worth the Risk
The FTC’s Disposal Rule requires information that’s used in consumer records and reports to be correctly disposed of. The rule is in place to eliminate the risk of “unauthorized access or use of the information.” The Disposal Rule covers the organizations and businesses that must follow this rule. They include:
- — Anyone who pulls credit reports, such an individual hiring caregivers
- — Banks, lenders, debt collectors, and other financial companies
- — Consumer reporting agencies and credit bureaus
- — Employers
- — Government agencies
- — Insurance agents and companies
- — Landlords and property management firms
- — Lawyers and law firms
- — New and used car dealerships
- — Private investigators
You also have HIPAA rules protecting patient information. Doctors, medical offices, nurses, etc., must be conscientious that this confidential information is appropriately disposed of. Proper disposal is defined as:
- No. 1: Burning, pulverizing, or shredding paper documents
- No.2: Destroying or erasing electronic files and devices to prevent the information from being read or recovered
The best practice is to err on the side of caution. If there are any papers or files you have for clients that could contain private information, it’s best to dispose of them properly.
Remember the breach a few years ago where the Marriott learned hackers accessed information like passport numbers, frequent flier information, hotel loyalty rewards information and gender? People may not think that personal data isn’t much of a threat. However, it could be used to personalize phishing scams. It may not lead to government fines, but it could lead to costly lawsuits.
Don’t Assume You Will Not Be Part of a Theft
Worldwide, businesses and organizations lose about $1.8 million every minute to cybercrime. More than half a million records were compromised. The average cost of a breach is more than $7 per minute.
You can’t assume you’re safe. You may not think your business has information that’s valuable to someone else, but what if you are wrong? What if the addresses and phone numbers you store are valuable to a scammer? Do you want to risk your reputation on a theft that you could have prevented by destroying data and recycling your electronics?
To be proactive, hire experts in data destruction. If you eliminate the chances of private information being stolen from unused or outdated electronics, you reduce potential cybercrime against your company or organization.
Don’t Think That Only Computers Require Destruction
Computers are not the only electronics that you should destroy. All kinds of office and home equipment can store private information. A printer keeps a record of the things you print out. If it’s a multi-function printer, it holds everything you copy and print out. Fax machines also store images that are sent or received.
If you’re only sending your computers to a company to have the data destroyed, you could be making a big mistake. You must destroy data on phones, fax machines, printers, copiers, cash registers, imaging machines, etc.
Carefully Choose Your ITAD Provider
How do you know if you’re partnering with a responsible, effective data destruction provider? Look for providers who specialize in both IT asset disposition (ITAD) and data destruction. ITAD providers can help you destroy data following the level of data destruction your business requires. They can help you remarket any electronics that still have value, enabling you to recover the cost of ITAD services. You also want a company that focuses on a low carbon footprint to protect the environment.
Kate Fazzini is CEO of Flore Albo LLC, an adjunct professor of cybersecurity at Georgetown University, author of Kingdom of Lies: Unnerving Adventures in the World of Cybercrime and has served as a cybersecurity reporter for The Wall Street Journal and CNBC.
John Shegerian is co-founder and Chairman/CEO of ERI, the nation’s leading fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company. Business Journal readers can visit eridirect.com/insecurity-of-everything-book/ to receive a free copy of John’s new book, The Insecurity of Everything.