Identity Theft – A Killer of Reputations
Consumer confidence should be an increasing concern for businesses that are keepers of precious personal information. Information such as Social Security numbers, addresses, driver’s license numbers, or even credit card spending habits can give criminals the information they need to kill your credit score.
Talk about a horror story! Can you imagine someone stealing your identity? Taking out credit cards in your name; buying a home or a car based on your Social Security number and financial history? Having your good credit and reputation taken away, and then having to deal with the headache of trying to restore life to your credit? That will be the punishment you bear for the crimes of others if the company you entrusted with your personal secrets gave the reputation killers the keys to your confidential personal data.
Ironically, business leaders who chose to dispose of their data bearing technology assets in a non-auditable way have no method for verifying that their organization is protecting their own personal information. After all, who has more information about you than your employer? Failing to implement the best technology change management practices, which include a method for maintaining security throughout the chain of custody, is like leaving the "Windows Wide Open" as pointed out by Robert Houghton in his recent blog.
Companies have an obligation to ensure that their everyday business practices include the necessary security measures to prevent a data breach, and employee or customer exposure. (See the new Ponemon Institute study National Survey: The Insecurity of Off-Network Security for insight into common operational gaps for protecting sensitive data offline.) Half-measures may work for awhile, but incomplete policies and procedures are not enough to protect businesses in the long term. A company might get lucky playing a game of chance, but the longer one plays, the higher the odds for a data breach.
So go ahead, sell a few more of those hard drives to a company that can't provide documented proof that the data was destroyed; risk your reputation as an honest business leader. As Clint Eastwood says when facing a criminal who violates the rules … “Make my day!” (Sorry. I get a little passionate when it comes to data protection.)
Protecting the privileged information stored on technology assets requires taking a look at the entire lifecycle of the technology asset - from the time the decision is made to purchase the asset to the moment the asset reaches the end of its useful life, and at every change of control in between. The insurance that proper asset management buys is well worth the investment.
By properly managing the lifecycle of technology assets through process controls and performance measurements, organizations are able to maintain verifiable security and data protection practices. Remember, the privacy you save may be your own.
Comments