Director of Operations at Data Security Inc., leading strategic decisions & management of all departments including R&D, production & sales.
Data creation and consumption are at an all-time high — approximately 59 zettabytes in 2020 alone. This data is expected to have a compound annual growth rate of 26% through 2024, according to the Global DataSphere forecast from the International Data Corporation.
Through helping lead a company that produces data disposal equipment, I’ve observed that organizations often spend much of their time and money protecting this data from hackers trying to get in. Meanwhile, they spend the least amount of time and money protecting data on its way out the door.
The amount of data being produced is significantly greater than the amount of data being secured. In a survey conducted by Dell Technologies, 80% of respondents said their organization’s existing data protection will not meet their future data protection needs.
Every company’s data is at risk, whether it is government-classified, company-proprietary or personal identity information. This data is stored on a variety of memory formats, such as tablets, smartphones and laptops, and hackers can use a number of acquisition methods to obtain that data. IBM’s Cost of a Data Breach Report (registration required) found that the U.S. has the highest average cost of data breaches, and malicious attacks are the greatest root cause.
With the rise in data storage, I believe security risks are only going to escalate. Regulations exist to tell organizations how to protect their data, and depending on where your company operates, you might need to comply with several different policies. The good news is that, in my experience, these regulations often have similar components, including that entities must have:
• Accountability and data controllers.
• Reasonable safeguards.
• Data breach notifications.
• End-of-life data destruction.
I want to focus on the last point: end-of-life data destruction. How can you ensure your data is safe, even when you’re no longer using it?
Best Practices For End-Of-Life Data Destruction
End-of-life data destruction is often referred to as reasonable security procedures to ensure information is destroyed when it is no longer needed. But how do you define “reasonable?” After all, what is reasonable to one person might not be reasonable to another.
So, let’s replace the idea of “reasonable” with trusted security and lead organizations that are destroying the data correctly at end of life. But how? More than 60% of companies find it difficult to be compliant with the complexities of data regulations, according to that same survey by Dell.
Instead, keep it simple: Destroy the data before it leaves your organization’s hands. You can do this by following how-to guides published by the National Security Agency, the U.S. government’s subject matter expert on how to destroy information so that it cannot be recovered.
A few other best practices I recommend include:
1. Ensure your organization has protocols in place for properly destroying different types of digital data.
2. Educate employees on these protocols to ensure every upgrade of a computer, smartphone, tablet and server is handled correctly.
3. Ensure any data-destruction equipment you use is NSA-evaluated. If you outsource these services, verify the company is using NSA-evaluated equipment, and ask for a certificate of destruction. (Full disclosure: My company designs, manufactures and sells this type of equipment; we also provide these types of services, as do many others.)
4. Destroy digital memory according to the memory type. Digital data is recorded on different memory types, so each type must be destroyed differently. For example, you would need to degauss and destroy computer magnetic memory such as computer hard drives and backup tapes, but disintegrate solid-state memory such as smartphones and solid-state drives.
Why Taking Care Of Your Data Matters
If you do not protect your company’s data, a data breach could occur. In turn, you could lose customers’ trust and suffer a loss in sales and revenue. IBM’s data breach report also found that lost business accounts for nearly 40% of the average total cost of a data breach, or about $1.5 million.
In addition, there are fines associated with each data privacy regulation. Look at the General Data Protection Regulation, for example: According to the GDPR website, “Less severe infringements could result in a fine of up to €10 million, or 2% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher.”
Putting It All Together
In conclusion, with potential fines and loss of sales, you simply cannot afford to mishandle your company’s data. When it’s time to get rid of that data, remember:
1. Don’t stockpile before destruction. Even if memory devices are stored in a locked area, if the information is still intact, it could be accessed or, worse yet, the media itself could disappear.
2. Don’t just recycle. A study of recycled devices by the National Association for Information Destruction found that 40% of resold devices contained personal information, so ensure any data from a device is removed before you recycle it.
From my perspective, the most successful organizations are those that protect their data, including when it’s on its way out the door.
Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
Director of Operations at Data Security Inc., leading strategic decisions & management of all departments including R&D, production & sales. Read Renee Schafer’s full