Thursday, October 01, 2009

Information Security Tip #4: Disposal

Disposal. Ensure your organization takes the following precautions when disposing of workstations, laptops, USB flash drives, and other devices that may contain sensitive information:
  • Delete. Deleting a computer file doesn’t mean that the information has been permanently removed from your system. The data may continue to exist on the computer’s hard drive and could be easily retrieved. Ensure your employees request assistance from your IT department when permanently deleting data.
  • Disposal. When getting rid of old computers, laptops, hard drives, portable storage devices, cell phones, etc., use wipe utility programs or physically destroy the media. Wipe utility programs are inexpensive and overwrite the contents so that the files are no longer recoverable.
  • Remote. Whether working from home or on the road, ensure telecommuters and business travelers maintain your company’s high security standards. Remind employees and contractors to be as careful when disposing of sensitive documents off-site as they are when creating them.
  • Compliance. If you use consumer credit reports in your business, you may be subject to the FTC’s Disposal Rule. The Rule requires companies to adopt reasonable and appropriate disposal practices to prevent the unauthorized access to, or use of, information in credit reports.
  • Papers. Effectively dispose of paper records containing sensitive data. Having shredders available throughout the workplace helps ensure employees understand the need to properly dispose of sensitive information.
IT security audits and assessments help organizations identify, manage, and reduce their security risks.

Labels: , , , ,