You have likely heard about the recent NASA information security incident where PCs were sold without first having their hardrive’s properly wiped. Failing to perform this essential information security step has resulted in an embarrassing public disclosure and also the possibility that sensitive shuttle information that was subject to export control restrictions may have been disclosed.
What are the information security lessons that you should learn from the NASA incident?
1. Old assets are often overlooked in the desire to quickly get rid of them. Out with the old in with the new right? Not so fast remember that if you do not take security steps to securely wipe the data prior to selling or returning the asset your information is at risk.
2. Build the requirement to secure data prior to asset disposal into your security policy (NASA did this but failed to enforce it which brings up pt #3)
3. Audit compliance against your policies to validate that actions are happening as they should be and take corrective action when you find a problem.
Make sure to follow our previously published hard drive wiping recommendations to take the necessary steps to protect your data before it leaves your location to help keep your company’s information secure.