According to the 2017 Ponemon Cost of Data Breach Study, the average cost for each lost or stolen record containing sensitive and conﬁdential information is $141 per record. Considering many data security breaches at the enterprise level involve in excess of a million records, the resulting overall cost is much more than a minor financial inconvenience.
The study found that the average overall cost of a data security breach for enterprises was about $3.62 million in 2017—which, believe it or not, is actually down about 10% from 2016's average cost. However, when you couple those cost statistics with the Breach Level Index, which calculates that 59 data records are lost or stolen every second of every day, you reach an astronomical average cost of a data security breach for enterprises that exceeds $723 million per day.
SEE: IT leader's guide to cyberattack recovery (Tech Pro Research)
Getting serious about data
Is it any wonder that IT professionals, regardless of industry, have been advocating so adamantly for stricter, more comprehensive, and more sophisticated data security protocols? Authentication credentials are the first line of defense against security breaches from outside forces and are the focal point of many enterprises—and rightfully so.
But there is one data security vulnerability many enterprises often gloss over when developing their security plans: physical storage media. While modern enterprises often rely on cloud services for much of their data storage, there are almost always physical storage devices within the organization carrying sensitive data. These devices must be disposed of properly.
Hard drives, flash drives, SAN and NAS systems, CDs, DVDs, smartphones, tablets, and any other devices used in the enterprise to store and/or process data of any kind must be accounted for and, at the very least, sanitized to remove sensitive data before they are physically disposed of. No exceptions.
This seemingly obvious step in the life cycle of such devices is often relegated to a secondary thought in the overall security scheme of an enterprise, but it should not be. Well-managed enterprises looking to establish a comprehensive data security profile should establish an ironclad media disposal policy. To get a head-start on developing such a policy, enterprises can download the Media Disposal Policy template from TechRepublic's premium sister site, Tech Pro Research.
Preventing data security breaches from outside the enterprise is a battle that can never be won, only mitigated. But properly disposing of storage media carrying sensitive data is something companies can control. There are no excuses for not implementing a successful policy.
- EU General Data Protection Regulation (GDPR): A cheat sheet (TechRepublic)
- Strategies for improving data security for IoT devices (TechRepublic video)
- 32% of companies sacrifice mobile security to improve business performance (TechRepublic)
- Ransomware, cyber-extortion and GDPR: Three security headaches ahead for charities (ZDNet)
Mark W. Kaelin has been writing and editing stories about the IT industry, gadgets, finance, accounting, and tech-life for more than 25 years. Most recently, he has been a regular contributor to BreakingModern.com, aNewDomain.net, and TechRepublic.