A Opportunity to Learn
What we can learn from the Morgan Stanley data breach is that our past mistakes can have lasting effects. The cause of the breach was due to old equipment that was disposed of but not properly wiped. They did the right thing and notified their affected customers. This could have been avoided though if they chose the right IT asset disposition team.
Not wiping your devices before discarding them will create long term problems. No matter how much time elapses those devices still have the potential to cause a data breach. You only have one chance to mitigate these issues and that’s during your disposition process.
There is no statute of limitations or safe harbor for improperly discarded IT assets. The equipment at Morgan Stanley was discarded four years ago. If an organization didn’t practice due diligence with all service providers over the course of time, the organization is still liable. This not only applies to how electronic equipment was recycled, but copy machines, printers, video recording devices, etc.Bob Johnson, CEO of i-SIGMA
How to Protect Your Data
Use a NAID AAA certified partner and make sure they work with you on your data destruction process end to end to ensure no data breaches occur. NAID AAA certifies that a company meets all of the government, and industry best practice, standards. These standards include background checks of employees, data security training, technology and systems used, facility security, procedures for data handling and destruction, and all documentation for services provided.
To learn more about why IT asset disposition is important to the security of your data check out this article from i-SIGMA CEO, Bob Johnson.