Every week, it seems, brings news of another major corporation being sabotaged by internet hackers who break into its computer security and steal sensitive data, including financial and business information.
Losses can run into the hundreds of millions of dollars, as evidenced by Target Corporation’s news in early 2014 that hacking of its internet security in late 2013 resulted in a loss of more than $150 million for the company as well as the job terminations of several key executives. Community Health Systems, Home Depot, JP Morgan Chase, Costco, PF Chang’s and SuperValu, to name but a few, have been plagued by hackers intent on wreaking financial and emotional havoc upon the companies, their customers and their shareholders.
Every business and organization is under pressure to protect personal or non-public information which may exist inside IT hardware. Federal regulations such as the Gramm-Leach Billey Act (GLB), Sarbanes-Oxley Act (SOX), Fair & Accurate Credit Transaction Act (FACTA) and the Health Insurance Portability & Accountability Act (HIPAA) make it critical for the secure data destruction of proprietary corporate and confidential client information.
A single data breach has the potential of serious risk for law suits, fines and diminished revenue or worse for businesses that may need to comply with any of more than 500 federal, state and other e-waste and data security laws on the books. While “front-end” hacking makes the headlines, thorough data destruction is vital in preventing “back-end” compromising of sensitive company material as well. What may surprise businesses is that such security measures can be performed literally on site at a company’s location.
A Data Destruction and Recycling Vehicle (DDRV) is a mobile drive and media shredder and one solution for on-site electronic media destruction by shredding. This has become an increasingly important data eradication option as government agencies, hospitals, insurance companies, etc. look to safeguard their data security. The DDRV destroys confidential data from hard drives and other electronic devices on site. Data storage devices can store thousands of documents, which can be recovered months and even years after they are scanned. Thus, they are subject to the invasion of any accomplished hacker.
When utilizing the services of a DDRV crew provided by an IT Asset Management company, a business should look for certain guarantees of service. It’s advisable to employ professionals who follow a set of guidelines published by the National Institute for Standards and Technology (NIST), which is responsible for defining data security standards for the United States government and industry. NIST has published Guidelines for Media Sanitization (NIST Special Publication 800-88), which outlines data eradication methods that should be used based on the type of device and security needs of an organization.
With reduction in production costs and technological advancement, Solid State Drives (SSD) have become commonplace in business environments. Standards to define SSD data erasure have not kept pace, and so an erasure methodology has proven challenging, perhaps requiring a different process than traditional platter-based drives. Thus, it can be critical for an enterprise to find an IT Asset Management Company that can destroy such materials.
An advantage of using a DDRV for data eradication is its on-site availability. Within the confines of a dock or related work area, a DDRV can be set up for technicians to do their work quickly and efficiently. Each DDRV is a 26-foot box truck equipped with a shredder that is mounted within the bed of the truck. The shredder is designed for all types of media destruction, including metal computer hard drives up to two inches in thickness, tapes, PDAs, etc.
Another distinctive safeguard brought to the data destruction process by systematic, on-site DDRV efforts is the elimination of critical, chain-of-custody concerns. The entire process is uploaded in real time to a web-based application for remote access by all approved parties. Witnessing the complete data destruction process should be both welcomed and recommended by an IT Asset Management firm.
Frank Polston, vice president of EPC, a wholly-owned subsidiary of CSI Leasing, Inc.