October is National Cyber Security Awareness Month, posing as a timely reminder for businesses to prevent their data from falling in the wrong hands by safely disposing of confidential information.
According to a government survey published in March 2021, four in ten businesses (39%) and a quarter of charities (26%) reported having cyber security breaches or attacks in 2020, with both medium and large businesses (approx. 65%) the main targets for criminals.
These figures reflect how imperative it is to not only maintain a cyber security mindset for your business but also demonstrate this to customers and clients. Yet these statistics are nothing new; cybersecurity has been an issue for businesses for many years, and even with investments in security processes and technology, cybercriminals are getting smarter, becoming more sophisticated and adapting swiftly, resulting in more incidents. There is also a need for more organisations not to view cyber security as an afterthought, but to be encouraged to embrace a new culture whereby they take serious ownership and responsibility of financial, company and personal data. Employees can also play their part in keeping their data and that of their company safe. As data controllers and processors, we all have a duty of care to dispose of our confidential media safely to ensure the data stored on the device is securely destroyed to an unrecoverable state.
So the next time you have a redundant hard drive, consider carefully about how you are going to safely dispose of the device. Whether throwing equipment away in a waste bin, stockpiling computers or insufficiently removing data, all can greatly increase the risk of a data breach.
Throwing equipment away: discarding computer equipment by throwing it away, passing on to a third party to use or selling it presents an ideal opportunity for information thieves. Your data stored on the device is now vulnerable, and potentially means it can be recovered or extracted from equipment and used for criminal activities including identity theft.
Wiping data: Simply deleting files or data off devices doesn’t mean effective removal of information entirely, neither does reformatting or overwriting. As long as the hard drives or media materials are physically intact, there’s always a chance that the data on them can be retrieved. The only way to permanently destroy digital data is via complete physical destruction.
Hoarding old hard drives: storing old drives for ‘safekeeping’, even if locked in a storage facility, is not a secure option. This doesn’t deter perpetrators from retrieving information, either inside your company or externally. Safely destroying devices is the only guaranteed way to prevent access to potentially sensitive data.
The role of a professional information destruction partner (data processor) is to collect and confidentially destroy/shred your unwanted documents and data media when you no longer want these assets, i.e., paper documents, tapes, hard-drives, laptops, mobile phones etc. They will have the specific means to securely and efficiently destroy your company’s data-sensitive hard drives so that they can never be retrieved or restored. Shredding machinery targets the drive platters, mechanisms, and the electronic components rendering the data unrecoverable.
Working with a recycling specialist is the only way to ensure 100% destruction of your data across multiple formats – protecting you from data breaches, fraud and identity theft, and keeping you GDPR compliant. Furthermore, choosing the right specialist means that after destruction, materials can be recycled with approved partners for environmental compliance and to reduce carbon footprint.
It is also advisable to work with a company whose staff are trained and accredited, giving greater assurance and peace of mind that their customer’s data is securely destroyed. As well as being a member of the Information Destruction Section of the British Security Industry Association (BSIA), Printwaste is certified through the Cyber Essentials scheme, a government and industry run initiative that’s been co-created to provide a clear statement of basic controls that organisations can implement to mitigate risk from common internet based threats; and to offer an Assurance Framework for businesses to demonstrate that they have taken these essential precautions.
