Today in the Evolve IT Lab, Lachie and Ben tackle your storeroom full of old office equipment,. We explain the security risk of having filing cabinets, phones and old computer equipment gathering dust in your store room.How much data do you keep in your storeroom and how often do you archive it?
Need some help? check out our video below.
Ben: Thanks for having me again.
Lachie: Ben is a cyber security expert at Sophos, and today, we're going to be discussing getting rid of old assets within your organization. Ben, why don't you describe to our watchers or our viewers what an asset is within an organization?
Ben: Absolutely. So people think like computers and monitors and things like that, and traditionally have liked to leave them, say, in the storeroom or disposing of them insecurely, but you also need to think about filing cabinets, even phone systems. Like, if you dispose of an old phone system and someone manages to power it on, and they could, say, get access to your users and the PIN numbers, then that's a loss of data. And most people like to reuse PIN numbers. So you really need to think about every asset, what it contains, and how to securely dispose of it.
Lachie: Yeah, right. I dare say a lot of people watching would have some of those old assets in their storeroom at the moment, just going, "How am I going to get rid of these?" So, firstly, why don't you tell them what the risks are of allowing some of these things to be stacking up in their storeroom?
Ben: Absolutely. Well, generally, storerooms aren't that well secured. That is one of the biggest concerns. And it gets to a point where it's so old that someone will say, "Let's just put it in the bin," or, "Let's take it down to a tipper or a computer recycler." So if it ends up at one of those places and, say, an intern decides to power it on and doesn't follow a secure means of control, then potentially, people are having access to data in that organization.
Lachie: Yeah, wow, and especially with the new, the data breach law that's just come out, that's a real risk.
Ben: Absolutely, it is.
Lachie: So, Ben, how can people, or how are you meant to get rid of some of your old assets within your organization?
Ben: Absolutely. Well, the first thing I like to do is take out the hard drive because that stores the crux of the information and that's going to be what people want. So get out the hard drives and use a secure disposal service. With the PCs, it doesn't matter. You can get rid of that hardware that takes up a lot of space. Same with filing cabinets and things like that. Say, if you store confidential documents, you can, say, opt to have them in a red filing cabinet instead of a black filing cabinet so you know that is an asset that you need to treat and handle with care. Those kinds of policies really need to be thought about.
Lachie: Yeah, because there is organizations out there that can shred your stuff for you, wipe the stuff, and it's always good to do it, environmentally friendly as well. You don't want your stuff getting shipped off overseas and things like that, so you want to do some research on those companies as well and make sure you get the right one.
Lachie: All right, guys. That's all we have for today. Thank you, Ben.
Ben: Thanks for having me.
Lachie: And thank you, guys. We'll see you next time.