One of the problems that most companies have is to implement secure erasure policies. In the first place, it is about having control over the storage devices with which you work in the company and, in this way, the data of our clients that can be confidential.
It is not only our personal data, but also the strategic data of the organization, which can potentially end up in the wrong hands, just because we forget to erase the information when we stop using a device or a computer that contains this data.
We must not lose control of the data at any time
To implement a secure erasure policy in our company, the following is very important:
- Have controlled and documented devices that contain data of our company. We include the hard disks of servers and central storage, but also the backup units.
- Work stations should be included where, in addition to saving information on their own discs, they should do so in some type of online storage. In this case, you need to make sure that if you stop using this storage service, the data will be destroyed.
- USB-type external storage devices are easy to lose or are limited in space to back up data, it is good to document and control the number allowed in our company.
- Employees who work from home can not save information on their computers, in this case, ideally, the backup should be done in the cloud. This also applies to mobile devices such as tablets and cell phones.
- Supervise and document the maintenance of all devices, in case they should be reconfigured, repaired or changed.
- Ensure the chain of custody in case the devices have to leave the company facilities. If they are backup copies that leave the company, they always have to go encrypted.
- Document all removal actions, with the tool with which it was made, if it was a removal of the software or if the disk was physically destroyed, how and when it was made.
- It is also necessary to have a paper document destruction policy. In many companies they are stored in containers and then destroyed. You must make sure that the crushers or the service provider you hire comply with the regulations established for data protection.
-
</li>
Ideally, in these cases, if a computer does not leave the company, that is, move from one place to another within the company, these secure erasure policies are not carried out, it will be sufficient to modify the levels of access to information.
In each specific case, we must perform a secure erasure of the hard disk and this will guarantee us that the free space does not contain data that can be recovered again.