As companies and large organizations continue to adopt streamlined electronic document management systems in order to keep up with the massive amounts of information these businesses manage, it’s important that business owners and executives be wary of making similar mistakes to their predecessors.
Hard drive and various methods of storing electronic media and documents have made managing and accessing massive amounts of information incredibly productive.
Although this has come as a convenient blessing to large organizations like hospitals, recent hard drive blunders have lead to massive data breaches—making new technologies both a curse as well as a blessing.
With this article, we take you through several of the top problems and mistakes made by hard drive-adaptive companies over the past few years, breaking down where they went wrong in their document disposal and destruction processes, and how other companies can learn from these past blunders.
Take Potential for Disaster Out of the Hands of Your Employees
In early January of 2016, health Insurer Centene Corporation reported that six of their unencrypted hard drives—together containing the personally identifiable health information of 950,000 individuals—had gone missing.
Naturally, this incident raised several critical questions about information protection and security measures—ranging from calls for encryption to arguments for devices being kept in secured storage.
In a subsequent statement from Centene, they spotlighted issues within their organization—chiefly being the size of their overall IT inventory, which totaled at a whopping 26,000 IT devices.
Pairing this with the additional statement from Centene that the primary cause for the missing hard drives and ensuing data breach was “from an employee not following established procedures on storing IT hardware”—and suddenly new opportunities for questions on handling hard drives and company IT inventories arise.
Rather than taking the time to encrypt each and every device of the 26,000 in Centene’s IT inventory, another suitable alternative may be using secure offsite storage services for documents—both in electronic and paper formats.
Not only can this option save quite a bit of resources in terms of your time, offsite storage services can also help to remove the possibility and worry that you or one of your employees will mishandle a record—potentially leading to a disaster not unlike the case of Centene.
Both you and the people who work for your company already have their responsibilities, and by removing managing the security of your company documents from this list, not only is the possibility of a breach lower, but their performance in day-to-day duties will be higher.
Clean Out Before Tossing Out
The standard perception of a hard drive is one that can be externally attached and detached from computers or laptops as an additional storage device.
Despite this basic understanding—it’s also important that individuals and business owners alike understand that many standard office devices—including photocopiers, scanners, and printers—are built with internal hard drives as well.
These internal hard drives are designed to make copies of every document the devices copy, send, or create, saving them to the hard drive essentially as a form of digital record. In 2010, managed health care plan company Affinity Health made the mistake of disposing of old photocopiers that still contained the information of 344,557 individuals on the internal hard drives, leading to an eventual $1.2 million dollar HIPAA settlement.
Whether it was done intentionally or accidentally, the fact remains the same following the example of Affinity Health—by not removing or destroying company data from devices before returning or disposing them, a company or organization is seriously taking its chances with trying to dodge compromised information security systems.
In the case of Affinity Health, they had leased the photocopiers they’d been using in the hospital. Although this eliminates the possibility for using traditional hard drive shredding or crushing strategies to ensure the safety of PHI contained on the devices, it still allows companies to implement data overwrite softwares.
Rather than crushing or shredding the hard drive into hundreds of tiny pieces, software erasure tools for hard drives are designed to fully overwrite the information contained on a hard drive. While this may sound strangely similar to ‘right-click, restoring’ a thumb drive you have plugged into your desktop, there is an important difference to note between data overwrite software and manually deleting information from hard drives.
When you wipe and restore a hard drive yourself, a potential data thief can use sophisticated software to restore the information you previously deleted. By comparison, with the use of software erasure and overwrite tools, the information that was contained on the hard drive is permanently deleted, guaranteeing that your information cannot be restored at a later date.
Don’t Forget the Often Overlooked Steps for Avoiding Data Breaches
In an Interview several years ago with Terrell Herzig, information security officer at the Alabama-based UAB Medicine, he addressed several of the top concerns and topics in information security and risk management—leading off first with encryption.
Time and again, the subject of encryption has come up repeatedly as a major subject of concern, with individuals asking whether there is a need for it to be mandated, and whether it is the sole or a major contributor to the recent upscale in the number of electronic security breaches in America.
Although Herzig himself acknowledges both a personal and a public initial reaction to data breaches calling for increased encryption on company-wide scales, he at the same time points out to a need for a more holistic approach to information security.
Implementation of a company-wide encryption policy—for a company like Centene, for example, which manages over 25,000 separate devices—can draw heavily on resources, making this strategy less than ideal.
As a result, Terrell Herzig also points to other strategies for reducing the chances of a data breach. Instead of encrypting each and every document or device within the company, it’s recommended that businesses regularly consolidate their necessary information and otherwise dispose of old and no longer needed hard drives and other media using hard drive shredding and destruction services.
Get Free, No-Obligation Quotes on Hard Drive Shredding and Destruction Services Near You!
Whether it’s caused by a disgruntled employee mishandling your records or an employee unknowingly returning leased devices still containing sensitive information—no matter how you look at it, securely disposing of old and no longer needed devices is critical to maintaining the security of your sensitive documents.
At Shred Nations, we specialize in connecting you with a nationwide network of the top hard drive shredding, destruction, and storage specialists in your area. With a range of services and contractors who all offer certificates of destruction as a guarantee of our secure service, you can rest assured knowing your hard drives and other electronic media is safe with us.
To get started with any of our hard drive shredding or product destruction services today, just give us a call at (800) 747-3365, or simply fill out the form to your right to get free quotes on hard drive shredding and destruction services in your area!
Additional Document Shredding and Destruction Resources
Three Simple Reasons to Get In On Hard Drive Shredding: In the past few years alone, hard drives and electronic media have continued to become a larger target for information thieves and data breaches. In this article, we outline just three of the many reasons to get involved in hard drive shredding and destruction.
A Guide to Proper Data & Document Destruction: In order to streamline your company’s information protection and document destruction policies, it’s important that you take the time to adhere to proper data and document destruction guidelines. Use this in-depth white paper and collection of handy supplemental articles to learn about the best practices in proper document destruction today, and what steps you can take to ensure your documents and media are securely protected.
Hard Drive Destruction—Software vs. Mechanical: Before you throw out, return, or give away any old electronics around your office, it’s important that you take the proper steps to ensure that all confidential or proprietary information they contain has been first removed. Use this helpful article to learn about the various options for hard drive destruction, ranging from software solutions to traditional industrial crushing.