Data security is often relegated to the ones and zeros marching about in your device, but there is more to our data than just those bytes. Data, as a whole, needs to be thought of as a substantive thing; something that can be affected outside the walls of cyberspace. When we take that view, securing our business data becomes more about being secure across all channels, rather than just putting up the right firewalls.
Even a cracked door is an invitation
Any method of gaining entry should be scrutinized when dealing with data. That includes defunct devices or third-party networks. The truth is, hackers are using any means of entry to gain access to the data latent within your business’s digital systems. This includes printers, fax machines, and even the postal service.
And while these exotic hacking methods make the most splash, they don’t always call for the most high-tech security measures. Too often, we go for high-tech security solutions for our high-tech gear, but that overlooks one of the biggest ways hackers get at your data. While you hear more about digital breaches in the news (because they make for better stories), the loss of devices is actually the primary cause of data security concerns.
The most overlooked vulnerability is asset control
While this may come as a shock to you, the truth is that securing the physical component of your IT assets isn’t as hard as you think. The reason loss or theft is more prevalent is because people are just too focused on the exotic digital breaches. Simply paying attention, or better handling the devices you are protecting, is an easy answer to improving your cybersecurity.
In the IT lifecycle for any business, the attention needs to be on the physical location and protection of your devices. The good news is that your business likely has a program already in place to handle this kind of task. It’s called IT asset management, or ITAM. Making sure your ITAM program or partnership is robust enough to handle tracking every device will make all the difference with regards to preventing security gaps.
If your business doesn’t have the staff or inclination to handle this in house (especially if your business isn’t in IT), then it would be prudent to outsource this service to a company that has a track-record for impeccable security—both physical and digital. At Sage, we pride ourselves on the investment we made, and continue to make, in cybersecurity. And our asset management protocols leave nothing up to chance.
Giving your cybersecurity a comprehensive lens
Seeing your data security in light of physical parameters gets you thinking like a hacker—in a good way. By looking at every conceivable opportunity to hack into someone’s systems: direct access, network back doors, user errors, employee oversight, physical loss or theft, means you can anticipate and protect against an attack.
But closing those doors is more than just a one-time event. You will need to make sure access is protected across all channels all the time—and that includes the dispositioning of devices. When your business is through with a device, the common action is to send it off to a recycler to handle. Only, as we’ve mentioned in several other posts, this isn’t always a good solution. Not least of which because it’s likely there is still data on those devices.
When a device has actually reached its end-of-life for your business (which we hope is after you’ve used it for a long time), you will want to keep as tight a handle on the data as you would with a new device. This is where using a trusted ITAD partner can come in handy. They should track and quarantine your device for legal-hold purposes and to give you time to back up any data you might have overlooked from your older device.
This step is critical since it has the largest potential for loss or theft. After that stage, when the quarantine is over, you will want your ITAD partner to have a NIST 800-88 standard data-erasure program to sanitize your device. Only after that point should you no longer be concerned about the data—not a moment before.
Taking the time and energy to handle these physical elements of your business’s cybersecurity may not be sexy enough to make the news, but, when added to a tight digital program, it will make your data security program as robust as it can be. A good ITAM process is worth the cost for the protection it can provide.