With data breaches estimated to cost an average of $5.4 million per incident, businesses need to be aware of five office tools that are particularly vulnerable, according to experts.
After a recent study by the Ponemon Institute revealed the high cost of data breaches, the privacy and information security policy research center teamed with document management company Cintas Corp. to identify overlooked areas of risk for data security.
“With the growing number of digital devices in today’s businesses, it is no longer sufficient to only secure data stored on documents or in computer files,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Data stored on digital devices such as fax machines and routers must be securely destroyed to prevent it from getting into the wrong hands.”
The most commonly overlooked digital devices that could create the risk of a security breach are:
1. Old hard drives. Many discarded or unaccounted for hard drives contain confidential and recoverable information. Complete physical destruction is the best way to protect this sensitive data.
2. Copy machines. The latest generation of digital copiers have a hard disk that can often include sensitive information such as Social Security numbers and account numbers. Some devices include a security feature that allows you to overwrite the hard drive, which should be done at least once a month.
3. Fax machines. A fax machine sitting out in the open not only makes it easy for employees to access, but also allows wandering eyes to notice the data as they walk by. Create a corporate faxing policy that forbids employees from leaving documents unattended at the fax machine. Fax machines also contain hard drives that store data from each document they transmit.
4. Routers. Whether you use a wired or wireless router, if it is not configured properly, it could pose potential security risks. Pirates using your Internet connection can not only slow down your connection, they can also gain access to your confidential information.
5. Mobile devices. Businesses must put “Bring Your Own Device” or BYOD and mobile device policies in place to protect against the potential risk of a stolen or missing mobile device. An effective policy should include training programs, and heightened security measures such as remote wipe.