Risk Management Strategy – You Must Consider ITAD
Data breaches pose a severe risk to organizations. Has your organization implemented ITAD into its risk management strategy?
Organizations require risk management in order to assess, respond and monitor risks, internally and externally. One of the most ubiquitous risks to all modern organizations in recent years has been data breaches, which have gotten costlier to contain and more frequent than ever before.
It is therefore under the charge of risk management professionals to include IT and cybersecurity risks as part of a broader risk management strategy. This component should always include IT Asset Disposition (ITAD) in order to safely and securely manage the destruction of sensitive data so that data breach risks can be mitigated.
The Risks of Data Breaches to an Organization
In the past few decades, businesses around the world have increasingly gone digital. All of the data used within the organization is held on corporate-owned devices and hard drives, in data centers, or in other forms of media. Furthermore, organizations now store, share, and collect more data than ever.
In the old days before mass digitization, most sensitive data was held in folders tucked away in row after row of filing cabinets. Even in those days, businesses kept sensitive data in these cabinets under lock and key, and when disposing of old, unwanted files, would have them professionally shredded so as to render any data completely unusable.
Sensitive data held digitally can be compromised through various means, but one of the most common nowadays is by way of a data breach. In the olden days, if a document was improperly disposed of and fell into the wrong hands it could lead to personal information being compromised. Likewise, businesses that improperly dispose of hard drives (e.g. no encryption, no efforts to wipe or physically destroy the drive) can make it easy for a bad actor to compromise the sensitive data held therein.
Data Breaches Are Occurring More Frequently than Ever
According to IBM, ransomware has led to a 41% increase in data breaches which took 49 days longer than average before being properly identified and contained. In 2022, data breaches have peaked in frequency and it’s estimated that around 83% of organizations will experience one or more data breaches.
The purpose is therefore not to hermetically seal all IT operations but rather to identify, contain, and respond to any threats as soon as possible and to take all necessary precautions to mitigate the source(s) of data breaches to the organization. A key part of the latter is to destroy any sensitive data when hard drives and other forms of media need to be disposed of.
How Damaging Can Data Breaches Be?
Data breaches are happening frequently, but they’ve also become exorbitantly costly. As of 2022, the average cost of a data breach in the United States is estimated at around $9.44 million, more than twice the average global cost of around $4.35 million.
In addition to financial damage, which can be crippling to an organization’s finances, there are also other costs to consider such as a loss in reputation, decline in stock price (and the subsequent devaluation of owner’s equity), loss of market share to competitors, and negative press. Some of these can be quantified while some are harder to quantify, but all are real and tangible costs that a risk management professional must consider.
Companies that assembled an incident response (IR) team and that tested their plan regularly saw an average of $2.66 million in cost savings from data breaches when compared to companies that neglected to test frequently. In other words, it pays quite a handsome amount to be prepared!
Regulatory Fines and Penalties for Non-Compliance
Emerging in tandem with the rise in frequency of data breaches and violations of data security, government agencies around the world are – to some degree more or less – implementing various forms of data protection regulatory framework.
In the United States there is no federal statute; instead, organizations are subject to a patchwork of state laws that can vary widely. One noteworthy framework implemented in 2020 is the California Consumer Privacy Act (CCPA).
Globally, perhaps the best example of robust data protection regulation is the European Union’s 2018 implementation of the General Data Protection Regulation (GDPR). Under the GDPR, any organization engaged in commercial activity – located physically in the EU or not – must adhere to the GDPR if they collect, store, or share personally identifiable information on any resident within the EU. Therefore, risk management teams must consider jurisdictions outside of the US if the organization is global.
Fines for non-compliance can vary, but in the case of the GDPR, a maximum fine of €10 million can be issued, or up to 2% of the organization’s global annual turnover from the preceding year. Severe and egregious violations can go up to double that amount (€20 million or 4% of turnover).
ITAD and Risk Management
Perhaps the first thing that comes to mind with regard to IT risks to your organization is cybersecurity. Protecting against network attacks with good cybersecurity measures is certainly important, but an organization should put just as much consideration to the methods of disposing of old, redundant IT assets. A chain is only as strong as its weakest link, as the saying goes.
When discarding end-of-life (EoL) IT assets, due diligence is required to properly identify each asset (using an IT asset inventory, for example), backup any data if required, and to manage the destruction of all sensitive data. This task requires thorough methods and can be laborious, which is why outsourcing this sensitive task to a reputable ITAD Company is important.
ITAD companies such as Wisetek provide secure Data Destruction, various IT Solutions and Data Centre Services that keep your organization secure. That’s the bread and butter, but there are additional things to look for in an ITAD company, such as environmentally-friendly methods of data disposal, maximum ROI on redundant assets through refurbishment and remarketing usable devices, and full audit trails and certificates of data destruction.
How to Integrate ITAD into a Risk Management Strategy
ITAD gives risk management teams something that they value, and by extension is vital to the security of the organization: certainty. Methods of data destruction and Hard Drive Disposal such as shredding can render the hard drive or media to tiny 10mm chunks – good luck putting that Humpty Dumpty back together again.
For added peace of mind and maximum thoroughness, Wisetek can reduce SSD’s to 2mm pieces – essentially, sand grains. Any data held on these devices is gone for good, and our team can provide certificates of data destruction as well as video verification so that your organization has a clear trail of accountability.
Whenever possible, Wisetek will choose refurbishment or recycling rather than sending electronic waste to the landfill. We operate a Zero-Landfill Policy and are pioneers of the Circular Economy in ITAD. Devices that can be refurbished and remarketed are sold through the Wisetek Market. This not only reduces e-waste but it also maximizes the ROI on your company’s redundant IT assets.
Consult Wisetek for Global ITAD Solutions
Get in touch with Wisetek for professional ITAD services designed as global solutions for globally-minded businesses. We provide IT solutions, data destruction, Data Centre Decommissioning, and more.