Cyber security is a very demanding industry.
CIO.com list several reasons the CISO (Chief Information Security Officer) is the most difficult tech role to fill.
First, there is an ever-changing landscape of possible security vulnerabilities.
Second, it is hard to measure the effectiveness of the CISO’s strategies.
Finally, the CISO job description is still changing.
With so much effort allocated to active protection for cyber security, it’s easy for companies to overlook their hardware. Hardware or IT Asset Management is a crucial factor in Cyber Security. Old computers may contain sensitive data. Decommissioned machines that have not been properly sanitized of all information increase the liability of data theft.
Jim Scott owner of RMS Shredding and Author of The Amazon Best Selling Book “The No Bull Guide to Information Protection” writes,
“Destruction and disposal policies and procedures should be planned in advance of reaching the disposal phase of a project.”
Following are six risk factors concerning the hardware of cyber security according to itak.iaitam.org
Six Risk Factors for ITAD (Information Technology Asset Disposal)
One: Asset Tracking:
Do you know the life cycle and age of your machines? Do you know where each machine is and who is using it? Can you account for each computer after it has been decommissioned?
Two: Sanitization Velocity:
Sanitization velocity is the length of time it takes for a decommissioned machine to be sanitized of its data. What is the process for removing sensitive information from an old computer? Many decommissioned machines may linger for up to a year before they are sanitized.
Where is the decommissioned hardware stored? How long do old computers remain at the desk? How long does the computer linger in a closet? Location is primary to security.
Who has convenient access to retired machines? Many old computers may have easy access to hundreds of employees.
What method of destruction do you use, to ensure sensitive data is removed from decommissioned hard drives? The FCC offers a cyber plan, which suggests, “subscribing to a trusted shredding company”.
page 28 of https://transition.fcc.gov/cyber/cyberplanner.pdf
Six: Third Party Providers:
Which ITAD and hard drive shredding services do you trust and use? What are the security provisions from the provider? What kinds of certifications do the service companies provided?
RMS Shredding is a local information destruction company that has been a trusted shredding company for government, medical and large corporations since 2001. RMS shreds hard drives, LTO tapes and all forms of digital media on location.
The CISO is provided a Certificate of Destruction and an audit of scanned serial numbers, if requested. RMS is NAID certified, HIPPA, FACTA compliant and ensures your privacy is protected.
IT Asset Disposal and hard drive shredding is the final step in cyber security.
RMS Shredding is an important part of your company’s Information Security.