Emma Mak • Staff Writer

In January 1981, the first legally binding international treaty dealing with privacy and data protection was signed. Since then, the extent of the world’s digital interconnectivity has grown exponentially, with individuals and organizations accessing data from almost everywhere in the world. 

In honor of National Data Privacy Week, a celebration of that signing and a call for individuals and businesses to understand and respect privacy and data protection, here are five ways to improve data privacy in your hybrid workplace. 

1. Understand Your Risk Posture

A clear-eyed view of your company’s cybersecurity posture helps identify vulnerabilities and improvement opportunities. An assessment should include quantifying risks, finding gaps, and comparing your overall posture to industry and global standards.

Don’t be shocked if your company falls short. A 2023 Cisco Cybersecurity Readiness Report indexed companies on five pillars of security: identity (users), devices, network, application workloads, and data. They concluded that only 15% of organizations globally had a mature level of preparedness to handle the security risks associated with hybrid work. 

2. Implement Zero-Trust Access 

Zero-Trust Access is a security model that requires continual authentication of users, devices, and applications, whether inside or outside the organization’s perimeter. It operates under the valid assumption that breaches will happen and focuses on detection, response, and rapid recovery to limit their consequences. Implementing Zero-Trust Access helps enhance data privacy in a hybrid workplace by:

• Reducing risk to endpoints by ensuring that every access request is fully authenticated, authorized, and encrypted before granting access
• Improving compliance and intellectual property protection by verifying each transaction and asserting least privilege access
• Safeguarding identities with multifactor authentication (MFA) for all user identities accessing the environment, providing an additional layer of security from unauthorized access

Your security model should balance safeguards with good user experience to ensure productivity is maintained and users don’t consider circumventing systems just to get their work done. 

3. Protect Your Last Line of Defense — Your Users

Distributed workers may access your company’s data from any location and be required to manage multiple passwords. This makes users a useful “gateway” for bad actors to exploit, especially for companies using a weak security model that allows attackers to move laterally within the network. 

Having multiple layers of security to protect users is a wise investment. As part of a broader Zero Trust approach, implementing a comprehensive security product like Cisco’s Duo helps protect your users with features including:

• Multifactor Authentication (MFA)
• Device Trust
• Adaptive Access Policies
• Single Sign-On 

4. Educate Employees on Phishing Scams

Implementing comprehensive security solutions goes a long way to protecting your company, but criminals are unrelenting in their pursuit of valuable data. Phishing scam strategies are always changing to get your employees to divulge sensitive information – and generative AI has been a big boost for attackers, enabling more sophisticated phishing campaigns.

Providing regular training to your workforce will set them up to guard and remain vigilant against the latest phishing attacks — and is an essential part of your cybersecurity strategy.

5. Take Care of Old and Decommissioned Assets/Devices

Ensure the safe disposal of obsolete or unwanted IT equipment in a manner that is mindful of your data security and environmental impact with robust ITAD (IT Asset Disposition) policies. These can significantly improve data privacy for your hybrid workforce by completely wiping data from devices before they are disposed of or repurposed – preventing sensitive information from falling into the wrong hands. 

How a Managed Services Provider (MSP) Can Help 

When looking for an MSP to help fortify your company’s privacy and data protection capabilities and keep up with the constant wave of ever-evolving cyber threats, look for one with strong, long-term partnerships with industry leaders like Cisco.  

At Compucom, we can advise you on developing and maintaining a resilient cybersecurity posture, from assessing your current tools and systems to helping you navigate the deployment and integration of best-fit security solutions across your IT infrastructure. 

The post 5 Ways to Improve Data Privacy in the Hybrid Workplace appeared first on Compucom.

Jennifer Brooks • Senior Director of Operations

How IT Asset Disposition Drives Data Security and Sustainability

Every year, organizations discard millions of tons of outdated equipment. If not handled correctly, your old devices could become a security Achilles heel, damaging your reputation and your brand.

With the average cost of a data breach in the United States topping $9.44 million in 2022, almost double the global “all-time high” average of $4.35 million, it’s critically important that none of the information stored on old computers, servers, tablets, smartphones, or printers falls into the wrong hands.

There are three major tenets of a proper IT Asset Disposition (ITAD) process:

• A detailed chain of custody
• Secure facilities
• Data security

Having these in place helps safeguard our customers’ data and protect their reputations while simultaneously promoting and adhering to sustainability goals and best practices.

Detailed Chain of Custody

Protecting your retired devices’ data means keeping track of where they are and controlling access. From when devices leave your hands to the end of disposition, it’s essential to have a detailed chain of custody and extra measures such as secure packaging and shipping with vetted freight carriers.

Our customers trust us with their assets, data, and network access, and we don’t take that lightly. We have Advanced Configuration Centers in Paulsboro, New Jersey, and Markham, Ontario, that are central to our overall device lifecycle services. From procurement through delivery and ending in secure disposition, we treat all asset data as proprietary and confidential and ensure the integrity of a well-documented chain-of-custody process. 

Facility Security

A tightly controlled environment is a crucial aspect of any facility dealing with your IT assets. Some examples of risk mitigation we use include:

• Perimeter alarm system monitored by a central station
• Metal detectors, camera surveillance, and a 24/7 on-premises security team
• Strictly enforced access and visitor policies
• Required background checks and regular training for all personnel

Who enters the facilities is limited by key-card access. Customer assets are in alarm-protected segregated areas; the system is triggered by any attempted entry by an unauthorized individual. We ensure visitor escorts accompany customers, truck drivers, or third-party vendors who need access. All visitors are accounted for — a visitor sign-in log maintains visibility of who enters the building at any time. 

Data Security

For customers with assets that still have market value or hard drives, they plan to redeploy, an ironclad data wipe renders data scrambled, leaving no traces of the original data to be recovered. Any facility with disposal methods should present customers with certificates of destruction. This allows customers to hold their facility partners accountable, as well as keep a record of their devices.

Protecting corporate identity is top of mind for us. And the devil is in the details. For example, we ensure the removal of asset tags and other identification labels before disposition. 

The Compucom Difference 

Electronics are the fastest-growing solid waste stream in the US and are 70% of the toxic waste, yet less than a quarter of it is recycled. Keeping as much e-waste as possible out of landfills helps meet organizations’ sustainability goals and enhances a brand’s reputation. 

Compucom’s Advanced Configuration Center in Paulsboro, NJ, maintains environmental standards through stewardship programs like the ISO 14001 Environmental Management System. This program encompasses a framework designed to minimize a facility’s impact on the environment, help reduce the risk of pollution, and meet local, state, and federal regulations. 

Reducing e-waste is a key component of IT sustainability, and one way to do this is by identifying devices with resale value. A perk is the extra income your company can make from reselling devices, which can help offset your cost of buying new technology. Devices that no longer have value and cannot be resold are transferred to a certified partner for EPA compliance, eco-conscious disposal, and e-waste recycling. 

Don’t Let Old Devices Come Back to Haunt You

While many organizations focus on implementing new technology, what happens to the devices you replace is just as important. Improper IT asset disposition can lead to data breaches and damage your brand reputation. Proper recycling supports your sustainability initiatives and helps keep dangerous e-waste out of landfills. 

Reach out to learn more about ITAD security and sustainability methods and hear how Compucom’s Advanced Configuration Centers can help you reach your goals. 

The post Protect Your Brand: Don’t Let eWaste Become Your Achilles Heel appeared first on Compucom.