The National Association of Information of Destruction (NAID) conducted a comprehensive secondhand device survey in 2017. It was the largest of its kind at the time.
The results were startling.
How secure is your company’s personally identifiable information (PII)? The answer may surprise you. I.T. Supply Solutions explains.
NAID received 258 devices including 214 hard drives, 32 smartphones, and 12 tablet computers. Of the hard drives, 92 of them (44 percent, nearly half) contained some personally identifiable information on them.
Information found on them included:
- Credit card information
- Company and personal financial information
- Tax information
- Internet navigation history
- And more
These hard drives were purchased through ordinary channels. Experts found the information by using basic recovery techniques without using specialized software and using commercially available tools.
What Is PII?
Personally identifiable information is any data that someone can use to identify a specific individual. Names, phone numbers, addresses, bank accounts, emails, Social Security numbers, driver’s license numbers, and similar information are key examples of PII.
When cybersecurity breaches occur at companies, whether it’s a national retailer like Target or a cozy downtown cafe, the greatest issue from these breaches comes from exposing PII to criminals.
How to Protect Your Company’s PII
Take these steps to protect your company’s PII.
- Determine what personally identifiable information you collect and where you store it. Take a comprehensive look at whether you’re collecting data correctly and whether it’s being stored on a physical computer or in the cloud.
- Identify risks associated with PII. Understand the vulnerabilities of your hardware, such as age of the computer equipment, password strength, and what programs are stored on the computer equipment.
- Securely delete information you no longer need. Purge any and all information you no longer need, such as customers who have died or moved away, records of employees who have not worked for you for more than a year, and information on computers you no longer use.
- Encrypt PII using robust protocols. Update passwords, lock screens when no one is using a computer or register, and make sure only authorized users have access to information.
- Educate your employees. Education is the first step in protecting your company’s PII. Develop a company policy that everyone must read and follow. Have standard policies and procedures for departing employees, and create a way for employees to report any suspicious behavior that may lead to a data breach.
Destroy Data on Outdated Computer Equipment
Overwriting data on old hard drives found on computer equipment represents one of the best industry practices for data destruction. This happens using special software that makes any information on the hard drive unreadable to the next user. Overwriting is critical to destroying data, whether the hard drive will be shredded or passed on to the next user if the computer is still viable.
NAID’s comprehensive 2017 survey of 258 devices made one important note.
The group said that ongoing audits of NAID Certified service providers shows that when overwriting hard drives is properly done, it offers a trustworthy and effective process for data destruction.
The problem with security breaches for your company’s personally identifiable information lies with service providers who are not qualified. Too often, businesses and individuals feel they can perform data destruction themselves without using industry best practices.
I.T. Supply Solutions is qualified to handle your company’s personally identifiable information because we hold certifications from NAID.
I.T. Supply Solutions & Data Destruction
I.T. Supply Solutions follows best industry practices for data destruction. As such, we hold top certifications from NAID to ensure your company’s personally identifiable information doesn’t fall into the wrong hands.