CyberCrunch™ News: Advice on safe, secure data destruction and electronic recycling
Welcome to our monthly newsletter, in which we help businesses to guard against costly data breaches in a safe, responsible way.
This month, we’ll help you to vet your IT security provider by going through the vital questions you need to ask to ensure they are minimizing security issues for your business.
Are you a franchisor? If so, our second article will be of particular interest to you. What could happen to your entire franchise if you let just one data breach slip through the cracks and how can you avoid it? Read on to find out.
If you would like help or advice about the safe, secure disposal of sensitive information, or any information about recycling your electronics more generally, contact us.
5 important questions to ask your IT security provider
With the threat of digital data breaches ever present in the modern workplace, most employers understand the need for watertight IT security.
But choosing a provider who will guarantee minimum risk can be difficult without asking the right questions. That’s why we’ve put together some questions to help you understand whether you are choosing the right provider.
- What government regulations apply to my business and what experience do you have with these?
Owing to its complexity, you may be worried about asking this question, but it is a very important place to start. It will help you to gauge your provider’s familiarity with your business and if they know which regulations apply to you. The most common regulations are:
- GDPR – applies to any business that directly or indirectly handles EU individuals’ data
- PCI – applies to all companies that accept credit cards
- HIPAA – applies to companies that handle protected patient health (PHI)
- SOX – applies all publicly traded companies
- GLBA – applies to companies that deal with financial records
- State laws – state data breach laws are unique and constantly changing
- What is the number one security concern for my business?
Risk analysis is an imperative part of a company’s overall data security policy. Once risks are identified they should then be evaluated, budgeted for and mitigated. While eliminating all risk is impossible, you should mitigate your risks as much as you can.
- What is your businesses worst-case scenario?
Generally, the most significant threats to companies are disclosure of protected data and theft of intellectual property. Furthermore, companies should be prepared to mitigate prolonged downtime. Each business will have unique circumstances and your security providers should understand this.
- Has your security firm conducted a cost benefit analysis?
Once security risks are identified and risk management plans are in place the next step is to ensure a cost benefit analysis is completed. All companies have a limited budget. Security providers should understand that resources are not unlimited and that decisions need to consider both the technical aspects but also the financial aspects.
- What is the timeline for implementation and who will be in charge of it day-to-day?
Security companies will frequently send their most qualified expert to make the sale, but when it comes time to implementation, they send a less qualified/inexperienced technician to complete the project.
By discussing this with your IT security provider, you can ensure that there are no surprises.
Further, IT projects can be similar to real estate projects in so far that projects that are supposed to take one month may end up taking three. That’s why it’s so important to setup a timeline for security implementation. By setting specific milestones, and tracking them, you can ensure you and your provider are on the same page.
If you would like help or advice on this topic, please contact us. At CyberCrunch™, we can help you follow all state and federal standards, and provide safe and secure recycling and data destruction to keep your customer’s sensitive information safe.
Could a single data breach impact an entire franchise?
Data breaches will continue to plague organizations well into the future. And without taking proper precautions, franchises could suffer the most, without even knowing they have fallen victim until it’s too late.
Recently, the company ‘Real Property Management’ discovered a data breach only after a news report uncovered it.
The news investigation team bought five used computers. Two of the five computers, which were bought from a woman in northern Illinois, had documentation stating they originally belonged to the franchise ‘Real Property Management.’
Things like names of property owners, a rent payment agreement, apartment lease, property registration and even a driver’s license were all easily pulled from these computers.
Real Property Management had no idea this information was out there and called the discovery, “extremely concerning.”
COO, John Gohde, said they couldn’t find any record of the Illinois woman as a franchise owner.
How can ensure my data is destroyed
As you can see, one data breach or e-waste ending up somewhere it shouldn’t could end up impacting your entire franchise.
So how do you permanently wipe your information from a computer? One option is to take a hammer to your hard drive. But some computer experts say that even this may not be enough. While it may seem more cost-effective to destroy drives yourself, you run the risk of your data being retrieved.
By using a company that specializes in data destruction, you have third party verification. This is useful in the event of an alleged breach and shows that your company followed industry best practices when eradicating data.
Keeping your franchise safe from future breaches
All too often focus is on the after-effects of a breach. Yes, data breach insurance and a breach protocol plan are important strategies for organizations to put in place, but ‘defending the fort’ tactics don’t stop the breach from happening in the first place.
So how do you keep your franchisees and franchisors safe from data breaches?
We recommend that franchisors implement a brandwide data security and recycling policy, leading to fewer breaches, environmental stewardship and brand protection.
Franchisors can contact CyberCrunch™ to establish a nationwide program for all their data destruction and recycling needs. We can easily help you to set this up.
CyberCrunch™ provides cost effective, secure and sustainable solutions for multi-location businesses. Contact us for more information.