The end of 2016 brings a New Year and with it a fresh start. We often hear the saying “New Year, New You” but how many times do we make new year’s resolutions but then fall back into old habits before January is even over? The same is often true when it comes to reviewing work procedures and policies, but when it comes to Data Security, there are a few resolutions that should be made and not broken unless you want to run the risk of a data breach within your organisation. With data breaches on the rise, AMI is suggesting the most important data security resolutions for a secure 2017.
Resolution #5: Do your research
With so many companies offering ‘similar’ services, it can be difficult to determine which IT Retirement organisation to go with. With approximately 600 organisations in the UK alone that claim to provide variations of on and off site disposal, it can be something of a challenge to find the right partner and avoid the wrong one. Remember you (the data controller) are responsible for your data. Should anything go wrong, no matter what stage of the process you are at, then you are liable under the Data Protection Act 1998, not the IT Retirement partner. Therefore you need to research who you are using, ensuring they are fully accredited so you can have the confidence and peace of mind that your data is safe and in good hands.
Resolution #4: Understand your data
The ‘state’ of your data can constantly change throughout its data life cycle. It is important that you understand how to treat your data at every stage of the cycle i.e. manage it from creation and initial data storage to the time when it becomes obsolete. Areas such as the sensitivity of your data can change throughout the cycle and so can the level of data protection that it requires. Once the data reaches the end of its lifecycle you must have a secure destruction policy in place.
Resolution #3: Go beyond compliance
Many IT Retirement companies can claim they offer a compliant and secure service, but are they actually accredited and is there an ongoing assessment of their service and procedures? It is your responsibility to do a background check on your disposal partner of choice. ADISA (the Asset Disposal & Information Security Alliance) are a good place to start when selecting an accredited organisation. Their alliance assesses organisations in this field through annual and unannounced audits to ensure the companies in their alliance are offering a secure service. With the imminent EU General data Protection Regulation (EU GDPR) coming into force you need to ensure that your company has a full audit trail of your retired IT assets. Ensure your partner follows tight chain of custody procedures and provide tamper-proof reports including the certificate of destruction were applicable.
Resolution #2: Educate your people
By educating your staff on the importance of looking after data and the risks involved if it is handled incorrectly, then you foster a culture that understands your organisation’s data protection obligations. Appointing a data protection officer or champion can highlight that this is an area within the business that is taken very seriously and places an ownership on individuals to manage confidential information in a secure manner.
Resolution #1: Develop a Data Destruction Policy
More often than not, the risk of a data breach is increased on the basis that the people in an organisation don’t know the proper way to dispose of their redundant IT Assets and Data. Many organisations have an ‘IT graveyard’, a back room that serves as a storage room where old and outdated computers, laptops, servers etc. are stored, leaving a wealth of information at risk. If this information falls into the wrong hands you could be at risk of a data breach. Putting an IT Disposal and Data Destruction policy in place will ensure your people have proper procedures in place to follow, reducing risk and creating a sense of ownership.
Want to pick up a few extra tips around secure IT Retirement? Watch our latest webinar: Strategies for Secure IT and Data Retirement.
