In the first 11 months of 2008 there have been a record number of corporate data breaches -588 companies have been responsible for compromising the private information of more than 33 million people. Beyond the damaged or lost relationships with customers and the bad publicity, there are legal and economic consequences that can compound the issue. Fines can range from $1,000 to $2,500 per individual record compromised.
"There has been more prosecution in the last six months than there has been in the last six years," said Bob Johnson, Executive Director of the National Association for Information Destruction (NAID).
As the number of data breaches continues to rise, ShredStation, a leader in business and residential information destruction services, suggests companies consider the following Information Security New Year's resolutions:
Resolution 1 - I will protect my electronic assets
According to law enforcement and private research groups, anywhere from 600,000 to 1.5 million laptops are stolen or lost each year. To make matters worse, the FBI reports that 97 percent of stolen laptops are never recovered. Protecting laptops in the workplace is a vital part of maintaining information security. If possible, lock computers to workstations. At the very least, use a security token that requires the user to input a randomly generated password to log in and access company information.
Resolution 2 - I will create a formal document destruction plan
Digging through the trash or "dumpster diving" is completely legal and unfortunately one of the most frequent ways data breaches occur. The Fair and Accurate Credit Transaction Act (FACTA) requires that companies not only destroy documents containing sensitive customer and employee information, but also prove they have a formal destruction policy in place.
Resolution 3 - I will develop policies for my employees' mobile devices
Blackberrys, thumbdrives and PDAs have become common in the workplace. However, many companies have no system in place to monitor what information their users are storing. Employees need to be educated about what should and should not be on a device that is used outside of the workplace. Proprietary, private or financial information should be stored only if absolutely necessary. It's also imperative that the sensitive information be password-protected should the device be lost or stolen.
Resolution 4 - I will take inventory of my computer data
According to a study conducted by the Ponemon institute in 2006, 64 percent of surveyed companies admitted they had never done an inventory of data stored on their computers. Additionally, as many as 30 percent of those companies admitted they'd have no real way of predicting what information they've lost from a stolen computer. Without knowing what you had you can't know what's missing. Conduct a quarterly audit of the information stored on your company computers, specifically laptops since they're the most likely to be misplaced.
Resolution 5 - I will destroy my company's end-of-life electronics
Most businesses have a back room that serves as a computer graveyard -a place where old and outdated computers are stored. Many companies fail to properly sanitize or destroy hard drives in these computers, leaving a wealth of private company, customer and employee information there for the taking. If this information falls into the wrong hands, the company could face steep fines for privacy legislation violations.
"The average cost of a data breach for a public company has risen to $6 million," said Al Villamil, President of ShredStation, Inc. "What a lot of companies fail to consider is that a breach doesn't just mean a fine, it means attorney fees, customer communication, lost customers, call center support and customer credit monitoring -not to mention a PR nightmare. The New Year is a great time for businesses to start taking a hard look at their policies and begin to take a more proactive approach to protecting their private information."
About ShredStation, Inc.
Founded in 2005, ShredStation, Inc. is a New Jersey-based leader in small business and consumer level secure document and data destruction and recycling. ShredStation provides a variety of secure, convenient and affordable services to meet the document destruction needs of its customers -regardless of the amount of material or data a customer needs to destroy. Whether its paper, computer hard drives other electronic media, ShredStation recycles 100 percent of all collected materials. For more information please visit shredstation.com. |
