4THBIN and Riskigy Team Up for Data Privacy Week 2023
4THBIN and Riskigy have joined forces to educate individuals and organizations about the importance of data privacy.
In light of Data Privacy Week, 4THBIN and Riskigy have joined forces to educate individuals and organizations about the importance of data privacy. Data privacy is a discipline intended to keep data secure against compromise, loss, theft, and corruption. As more and more data goes digital, data privacy takes on greater importance. Being that data is a highly sensitive asset, organizations must proactively protect their data and regularly update their data privacy policies and procedures.
Data is a valuable asset to all organizations that is present on both online and offline devices. Data protection is the responsibility of any organization that collects, stores, and processes the personal data of its customers and employees. Protecting and securing data is consequently critical and should not be taken lightly. Organizations that fail to secure their data properly expose themselves to significant ramifications, such as regulatory fines, litigation, reputational repercussions, operational interruptions, and even loss of the right to operate business.
Data on end-of-life electronics is just as valuable as data present on online devices; therefore, it must be treated with the same significance. When it comes time to dispose of any obsolete or unwanted IT devices, it is crucial to ensure that all assets are safely and securely disposed of. More times than not, electronics end up in foreign landfills in the developing world, where they not only pose various risks to the environment and humanity, but they are also never wiped of data. The threat of compromised data through e-waste is a legitimate liability apprehension for any organization, regardless of sector or size. When looking to dispose of any and all electronics, it is crucial to vet vendor credentials, as many vendors will export data-possessing assets to foreign landfills. While the United States generated 6.92 million tons of e-waste in 2019, only 15% was documented, collected, and appropriately recycled - leaving 85% of discarded electronics and their data unsecured and vulnerable to hackers and cybercriminals.
“Firms need to pay full attention to not only their online [cyber] security policies but to their offline data security. What credentials do their data security vendors have – how do they handle IT logistics; who pickups up their data from their office and or data centers, how is it handled from a legal [compliance] perspective to avoid potential breaches. Too many firms overlook this when hiring ‘data security’ firms and simply go for the lowest cost solution,” said John Kirsch, Co-Founder of 4THBIN.
Unfortunately, it is extremely common for data-bearing devices that were intended to be disposed of to instead end up in the wrong hands. Headlines of major companies and institutions falling victim to data breaches due to cybersecurity weaknesses and improper device disposal dominate the headlines multiple times a week. A notorious case of a data breach caused by inadequate IT asset disposal occurred in September 2022, when Morgan Stanley was ordered to pay $35 million to settle US Securities and Exchange Commission allegations that it failed to properly dispose of hard drives and servers containing its customers’ personal data. As a result of this breach, more than 15 million clients’ details were compromised over a five-year period beginning in 2015. Another well-known data breach targeted the US National Aeronautics and Space Administration (NASA) when a malicious actor gained access to one of its servers containing personally identifiable information (PII) on current and past NASA employees. Following the public disclosure of the breach, NASA journalist Keith Cowing stated, "NASA's performance in complying with Federal regulations governing IT and cybersecurity has been pitiful."
However, the poor handling of data-bearing devices does not only impact major companies; it also affects individuals. In December 2022, a German man purchased a $15 Apple Time Capsule at Goodwill that ended up being full of its previous owner’s personal information. When the man plugged the Time Capsule into his own MacBook, dozens of the previous owner’s files were backed up onto his device. The man gained access to the previous owner’s audit history, credit card numbers, flight information, bank account information, life insurance information, and more within minutes. A case such as this one should serve as a reminder that data destruction is far more involved than simply erasing a hard drive.
While many individuals and organizations alike take the basic steps to “clear” their devices of data, such as deleting data from or reformatting a computer hard drive and conducting a factory reset - it is still possible for a skilled cybercriminal to retrieve device data. “Many firms attempt to perform data destruction in-house, which is not a good use of internal time and resources. Failure to properly destroy end-of-life (EOL) technology assets can lead to serious breaches of data protection and privacy regulations, compliance problems, and added costs for business,” said Michael Marrano, founder of Riskigy. It is in an organization’s best interest to leave data destruction to the professionals. While it is more costly to utilize a professional’s data destruction services rather than attempt to erase data in-house, it’s significantly cheaper than $9.44 million - the average cost of a data breach in the United States in 2022.
Ensuring that all virtually stored data is safeguarded and securely destructed must be a priority for all organizations, regardless of sector or size. Being that organizations possess significant amounts of personal identifiable information (PII) from their customers, employees, and stakeholders, a data breach can cause irreversible, permanent damage to a business and its reputation. The value of data hasn't gone unnoticed by malicious actors, who continue to evolve and perform advanced tactics in hopes of gaining access to PII, which they can further exploit for fraudulent purposes. Any organization that wants to remain operating successfully must ensure the safety of its data in its online and offline stages.
While Data Privacy Week serves as a great reminder to prioritize your data security and destruction efforts, it‘s time to take action. Industry leaders, 4THBIN and Riskigy, offer a variety of solutions to mitigate risks and protect your data effectively.
With over a decade of experience, 4THBIN is a certified and secure e-recycling solution provider to over 6,000 businesses from Fortune 100 companies to start-ups across the United States. They provide certified data destruction support to today’s top industries and help them deliver on their corporate social responsibility commitments by ensuring their e-waste is sustainably and legally recycled. They are certified and accredited by the industry’s most rigorous and trusted institutions for data security and sustainability. 4THBIN was New York City’s first company to be certified by e-Steward® and has received Ecovadis’ platinum rating, placing 4THBIN in the top 1% of their most responsible companies.
Riskigy is a provider of CISO Advisory Services tailored to the specific customer situation and information security needs. Riskigy experts have the experience, certifications, and abilities to assist organizations in overcoming the many challenges related to cybersecurity. Riskigy has helped clients that range in size from founder-led start-ups to highly regulated financial firms and publicly traded organizations.