Remote Employees And Data Security: A Cautionary Tale

Distresses employee working from home with computer displaying encrypted files error message.

A major investment bank and financial services company recently became the target of multiple lawsuits filed by clients for possible data breaches stemming from the improper handling of decommissioned computer equipment at the firm’s branch offices. 

This type of nightmare scenario can happen to virtually any type or size of businesses, even large multinational corporations with well-staffed IT departments. Throw in a pandemic, driving the migration of employees to a work-from-home model, and I fear the risk has increased significantly.

Think about it. IT departments, accustomed to functioning in a highly controlled, centralized manner, now must manage laptops and other devices at hundreds or even thousands of remote locations. So, what happens when those devices need to be decommissioned? And how does a company safeguard sensitive data on those devices, especially while in transit?

As reported in an industry trade journal, the financial institution mentioned above trusted an IT asset disposition (ITAD) vendor to scrub data from the decommissioned devices. You’d think a company specializing in ITAD would be extra vigilant in the handling of hardware with sensitive data, particularly at a time when data security has received so much attention.

In fact, doing ITAD right is inherently difficult – and the challenges are compounded when employees and their devices are widely dispersed, as they certainly are with today’s work-from-home model. Clearly, it’s more important than ever to choose a partner that possesses a proven track record with remote IT hardware services (RITHS). Criteria used in the vendor evaluation process should include:

  • Robust industry certifications, especially NAID AAA Certification®, which verifies compliance with all known data protection laws through surprise audits by trained, accredited security professionals
  • Data sanitization or destruction that complies with Department of Defense, National Institute of Standards and Technology (NIST) 800-88, and NAID standards
  • Control over the entire “chain of custody,” from the time a device is picked up at an employee’s work location until it is processed and scrubbed of sensitive data
  • The option of a cloud-based, scalable solution for employees to perform their own data sanitization before shipping decommissioned hardware
  • Adequate liability insurance (minimum $10 million) to cover data breaches

I’m proud to work for a company that “checks the boxes” when it comes to meeting or exceeding all of these and other criteria; see our new ITAD page for additional detail. I also invite you to check out a new eBook that goes into more detail about the challenges of IT hardware management for a remote workforce and how the right remote IT hardware services partner can ease this burden while ensuring the protection of sensitive data. Download the complimentary eBook right here.

Sean is a Corporate Sales Executive at Dynamic Lifecycle Innovations. You can reach him at sjarosh@thinkdynamic.com.