CyberCrunch February Newsletter

Blake CormierNewsletter

Are you afraid of flying? Nearly one in three Americans report that they experience some fear or anxiety when it comes to getting on an airplane. What does this have to do with assessing cybersecurity risk? And how can you tell if your data destruction process needs an upgrade? Find out in this month’s CyberCrunch newsletter.

IT Risk Management — A Flawed Calculation

Millions of people have a fear of flying. They’re worried about what might happen if a midair accident were to occur. Yet, most of us don’t think twice about hopping in the car and going for a drive — even though driving is hundreds of times more likely to result in an accident or fatality.

It comes down to how we perceive risk. When a commercial aircraft is involved in an accident, it always makes national or international news — putting it at the top of our mind. But car accidents rarely garner that kind of attention.

Cybersecurity often suffers from the same gap in risk perception. Epic data breaches perpetrated by hackers operating from the shadows make the news and therefore capture our imaginations. But they represent only a small fraction of data exposure incidents.

Most data breaches can be traced back to shortcomings in security processes and procedures. This isn’t something that can be fixed by buying an expensive new firewall or IDS solution. Rather, good security practices need to be developed, implemented, and verified from the top down, throughout your organization. Only once your fundamentals are sound is it time to start investing in additional technical solutions and controls.

Is It Time To Upgrade Your Data Destruction Process?

One of those fundamentals is ITAD — IT Asset Disposition. When you’re done using your IT equipment, it needs to be wiped of sensitive data, the wipe needs to be verified and then the material needs to be disposed of properly. Is your ITAD process ready for an upgrade?

If you’re still using regular wiping, formatting, or a utility like “Darik’s Boot and Nuke” (DBAN), did you know that you could be leaving sensitive data behind? Modern flash-based SSDs don’t respond to formatting or overwriting the same way that spinning-disk drives do. In one study by the University of California, only 33% of tested SSDs were able to be completely wiped of data by DBAN — and one was even left entirely intact, even though the wipe was reported as successful! Furthermore, most free software does not offer a verification feature. In order to be compliant with many government and regulatory standards, data destruction needs to be verified.

And we won’t even get into other DIY data destruction techniques, like drills, hammers and (yes), even guns. Not only are these methods unsafe, but they can’t destroy a hard drive (platter or SSD) thoroughly enough to make the data completely unreadable.

Rather than taking data destruction into your own hands, why not leave it to the professionals? At CyberCrunch, we can develop a custom data destruction process that will save you time and hassle, while ensuring that your sensitive data doesn’t fall into the wrong hands.

Contact CyberCrunch for a free consultation today.