by Angela Guess
Pat Clawson of Security Intelligence recently wrote, “Thanks to the proliferation of data breaches around the world, CIOs, CISOs, IT managers, CEOs and boardroom executives face the arduous and complex task of safeguarding their organization’s proprietary information. Companies, however, tend to associate the threat of data loss with malicious actors or stolen property. This has become a critical blind spot. Companies — and anyone else who touches or is involved with the collection, storage and protection of data — should instead be focused on a more subtle but just as dangerous culprit: their own improper data management practices.”
Clawson goes on, “It has often been said that an organization’s greatest asset walks out the door every evening, referencing the tremendous value of human capital. Yet what many don’t realize is that as employees stroll out the front door, another invaluable asset is silently exiting through a back entrance of the building. Every corporate security policy today should include information life cycle management (ILM). It should also have data erasure procedures for IT equipment scheduled for recycling, donation or final disposal, and describe how to manage data that is no longer required, either at its end of life or as an ongoing process to reduce scope.”
Clawson continues, “Most data removal policies currently implemented are part of a general physical asset management process. If — and only if — this is performed properly, it guarantees every physical IT device that leaves an organization does not contain confidential information. Other companies will have separate policies for both physical asset and data management.”
Photo credit: Flickr