Enterprises Need Proper Computer Disposal Policies to Protect Sensitive Data

[InfoSec News <alerts () infosecnews org>]

http://www.eweek.com/c/a/Security/Enterprises-Need-Proper-Computer-Disposal-Policies-to-Protect-Sensitive-Data-191175/

By Fahmida Y. Rashid
eWEEK.com
2011-12-27

Securely sanitizing hard disk drives and other IT equipment is critical 
when retiring old and obsolete equipment to prevent leaking sensitive 
data.

A new computer, mobile device or other IT equipment generally requires 
some effort setting up and migrating data. Enterprises also need to 
spend the time making sure the data is completely removed from the 
equipment as it is replaced.

Organizations do not always stop to consider the security implications 
of leaving data on obsolete equipment before disposing of them, Jim 
Kegley, president and CEO of U.S. Micro, told eWEEK. With more and more 
sensitive data being stored on devices such as copy machines, computers, 
phones and tablets, organizations without secure IT asset disposal 
policies are at risk of costly data breaches and reputation damage, 
Kegley said.

The holiday season also means that many people received new mobile 
devices or computers. While synchronization and backup tools have made 
switching data to new devices a much easier process, users don't often 
take the extra step to remove data, including contacts and work emails, 
from the older device before throwing it away, increasing the 
organization's risk.

Companies spend millions of dollars securing new equipment, but neglect 
to make the appropriate investment to secure sensitive information when 
disposing of assets, according to Kegley. Approximately eight pounds per 
U.S. resident worth of IT equipment are discarded each year, according 
to U.S. Micro.

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn