Why Even Your Trash Leaves You Open to Hack Attacks
You can tell a lot about someone by what they throw away. And that's particularly true for small business owners--especially considering that hack attacks are on the rise for all those pieces of hardware you may be throwing in the garbage, or reselling on Ebay.
Just deleting your data won't do, as hackers can still recover information you think you've zapped. You have to go heavy duty on this one--we're talking industrial magnets or sledge hammers. Data protection considerations are particularly important as smart devices and Bring Your Own Device policies at work proliferate. Additionally, a whole suite of office products like fax machines and digital photocopiers are now capable of storing data, and you may not even know it.
"This has become a bigger issue as hard drives have become cheaper and more data can be stored on devices like thumbdrives," says Adnan Baykal, vice president of services at the Center for Internet Security, a non-profit that helps state and local government agencies coordinate and respond to cyber threats.
In the U.S. we dump about 400 million electronic units in the trash every year, according to the Electronics TakeBack Coalition. Not only is that an enviromental problem, but it's a data nightmare. More specifically, nearly a trillion records, and 44 million records of businesses, have been invovled in data breaches since 2005, when data breach laws started to go into effect, says the Privacy Rights Clearinghouse.
Part of the problem, before things even get to the trash, is that most people using the hardware at the heart of your business are unaware of how open they are to intrusion. Half of the people surveyed by security firm Norton in its 2013 report say they use their devices interchangeably at work and for personal use. Half of those surveyed don't even secure their device with passwords. And more than a third of those surveyed said their company has no policy regarding use of personal devices at work.
So controlling data can be like trying to gather up pieces of confetti once they've been strewn about at a party.
Here are some things to consider:
- Never, ever dump a device that can store data in the trash without taken some precautionary measures. That should include wiping out all data, preferably using something called a degausser. That's a machine that uses a strong magnetic field to wipe out data left on the hard drive. It's unlikely you'll invest the hundreds to thousands of dollars necessary for your own, but plenty of services exist that will do this for you.
- Take a hammer or drill to your hard drive. Protect your eyes when doing this, but yes, go ahead and physically destroy it.
- Encrypt all data on your hard drive. Certain brands, like Apple, come with built in encryption software. But off-the-shelf software is widely available that will let you encrypt on other OS's.
- Don't forget about the cloud. These days, something you own is probably backing up automatically to it. Make sure your provider has a clear policy, in writing, about destroying data if you decide to leave.
- Create a written policy about use of personal devices at work. It won't be easy, but when an employee leaves, his or her devices have to be wiped of all information, including personal information, says Baykal.
"Employees can use the device, but control and security of the device needs to be controlled by the organization," Baykal says.