Author: ironcore

Securis had a birthday last month and turned 19 years old. We found ourselves reflecting on our history and goals for the future.

Some of our company’s milestones are:

2000

• Our founder, Jeremy Farber, established PC Recycler in New York

2003

• First Fortune 500 customer (Coca Cola)

2005-2007

• NYC to DC
• Expansion from 4,000 square feet to 8,000 square feet
• Scanning technology implementation
• On-site Hard Drive Destruction
• Salesforce.com implementation

2009-2010

• GSA Contract Schedule
• Expansion to 12,000 square feet
• NAID AAA Certification
• On-site High-Speed Data Shredding
• Custom Cloud CRM & ERP software on Salesforce.com

2010-2011

• Added on-site degaussing services to our portfolio
• Implemented capabilities to provide on-site, high-speed degaussing and shredding

2012

• Rebranded the company from PC Recycler to Securis with a focus on ultra-secure data destruction services
• Obtained R2 Certification
• Earned the Inc 500 fastest-growing private companies award

2013

• Added micro shredding technology to our service portfolio, allowing for data destruction that goes beyond traditional shredding and pulverizes devices into 2MM e-crumbs
• Advanced cloud-based mobile inventory tracking system
• Customer inventory portal

2014

• Began offering franchise opportunities

2017

• Sponsored a young woman in Moldova. Victoria, a 16-year-old who loves the color yellow, is at risk. In Moldova, the government institutional care of abandoned and orphaned children only lasts until they turn 16 years old. At that time, without support, they’d be on their own with nowhere to stay and no family. Read more about giving back and being of service here.

2018 

• Partnered with Service Source to provide additional employment opportunities for people with disabilities 
• Added a second warehouse, expanding our facilities from 12,000 to 22,000 square feet
• Traveled to The Amazon alongside Justice & Mercy, who aids in providing people in remote villages with health and dental care while spreading the love of Jesus

2019

• Created and implemented the customer rebate program allowing for agencies and organizations to save more on ultra-secure data destruction and IT recycling
• Celebrating 19 years of business with cake – because what’s a birthday without cake?

We celebrated with a catered lunch and passed out six Beat Your Best awards. Beat Your Best is an incentive program where employees receive quarterly bonuses for achieving a predetermined goal.

To each of our customers, vendors, and supporters, we thank you for traveling this journey with us. Together, we’re confident in another 19 years of success (and another 19 after that).

Thank you.

This week, Securis was able to host the NPMA NOVA (National Property Managers Association – Northern Virginia Chapter) for their Chapter Elections meeting. 20 attendees enjoyed lunch, a data destruction shredding demonstration, and were able to bring personal and business hard drives, cell phones, and other electronics for data destruction and recycling.

A Successful Food Drive

Prior to the meeting, attendees were invited to bring non-perishable food items to benefit Northern Virginia Family Services. We’re pleased to announce that the short event generated $220 and a full trunk of food for those in need.

Giving back is an important mission for the NPMA and for Securis. With the holidays and colder weather approaching, people feel more pressure than ever to provide for their families. Being able to help alleviate hunger through food collection efforts such as this brings our community closer together.

If you’re interested in donating to Northern Virginia Family Services, click here.

About National Property Managers Association (NPMA)

NPMA is a non-profit membership association for professionals who are responsible for the effective and efficient management of equipment, materials, and other moveable and durable assets for their organization. Learn more about The NPMA.

About Northern Virginia Family Services (NVFS)

Northern Virginia Family Service’s (NVFS) breadth, depth, and scope of services offer the resources and support to ensure that everyone in need, at every stage of life, maximizes their potential and fully contributes to a thriving community. We provide the essential building blocks for financial, emotional, and physical well-being, serving as leaders and innovators for the Northern Virginia community. Every year, we empower 35,000 individuals to achieve self-sufficiency. With these essential resources, our community is better equipped for future success and engagement among all of our neighbors.

Professionals in the medical industry are all too familiar with HIPAA and the responsibilities it brings. Failure to follow HIPAA can result in fines, sanctions, and even loss of licenses. But even today, violations are commonplace.

HIPAA, or the Health Insurance Portability and Accountability Act, was established in 1996, the first standard created to protect patient information. Under HIPAA, healthcare providers are restricted from sharing or transferring protected health information (PHI) without patient authorization. Other rights under the act include the right to obtain or amend a copy of one’s medical record.

Safeguarding PHI isn’t just a matter of compliance but of patient safety. By reducing HIPAA violations, healthcare providers can protect their personnel as well as their patients.

Here are a few of the most common explanations behind HIPAA violations:

1. Employee Negligence

Whether by willful or genuine ignorance of the act, HIPAA is often broken by employees sharing information when they shouldn’t be. Typically, this is when personnel inadvertently share patient names, health plans, conditions, and other information with friends or family. This can be through:

• Gossip with another employee, friend, or family member
• Sharing access (password/login info) with unauthorized parties
• Casual discussion with a patient’s friend or acquaintance
• Leaving data unattended 
• Lack of proper HIPAA training

But this can also happen when coworkers are talking to each other (without peer review or necessary authorization).

Solution: Every new hire, intern, partner, and medical professional in the company must be educated on the importance of HIPAA. Remind employees frequently not to discuss patient information in open, public. Patient info should never be shared without their explicit authorization, even at home.

2. Unsecured Data Storage

Employees may use printed readouts on a clipboard, or they may read the information on a computer. But they must always remember to secure the data when not in use — leaving sensitive data in the open leaves it vulnerable to hacking or theft. Even data on a digital device is at risk of being stolen if the device itself is not locked down or adequately secured.

Solution: Keep physical documents locked in storage cabinets. Patient data should be encrypted, password-protected, on physically and electronically secure devices. 

3. Texting, Social Media and Other Unsecured Communication

While this may be categorized under the previous point, data leaks through texting or posting on Facebook are so commonplace that it deserves its own spot. Even on popular phones like iPhone and Android, texts may seem innocuous. But without full network security, hackers and other cyber criminals may be able to intercept the messages. The same goes for any social network, no matter how private, is always at some risk. 

Solution: Avoid transmitting sensitive patient information through conventional means. Always rely on trusted, industry-approved technology solutions for delivering sensitive data. The application itself may vary from healthcare providers.

4. Accessing PHI From Unsecured Locations

Medical professionals may sometimes need to access patient data remotely- whether at home, at a cafe, or abroad. Unfortunately, there’s no guarantee that these networks or devices are up to HIPAA regulation. Public Wi-Fi may allow other guests to intercept the data, or computer screens left unlocked may attract unwanted attention.

Solution: Restrict personnel from accessing data on unsecured locations like libraries or cafes. If they must access data from home, make sure their devices are compliant with HIPAA, and that the professional has adequate training.

5. Unauthorized Personnel Access

Medical professionals may choose to access patient data without patient authorization. Whether it’s out of curiosity, spite, or personal gain, this is still illegal and subject to major fines or imprisonment. Just because you work in the same unit, company or building, does not give you the right to access HIPAA protected information. 

Solution: Always get written consent and go through the proper channels before assuming access. Make sure that every data request from new hires and interns has the necessary authorization, even if it’s to check a patient’s name.  

6. Improper Device Disposal

Computers can eventually malfunction or become obsolete, but healthcare providers must still ensure they are disposed of properly. Just because a computer will no longer turn on does not mean the data is destroyed. Cached or downloaded files may still live in the hard drive or SSD.

Solution: Hire a reputable data destruction company to remove and erase sensitive information properly. Companies like Securis are known for safely shredding and incinerating hard drives, phones, and other storage devices, even going as far as to GPS track trucks.

7. Form Violations

Patients can set the window for authorization and the purpose. If the healthcare provider continues to disclose or access the patient’s information after the terms of the form have lapsed, that would constitute a HIPAA violation. In addition, they may fail to get the patient’s signature, rendering the form useless and unauthorized. 

Solution: Always ensure the patient is fully aware of the authorization terms, and that their consent has their signature. Don’t forget to educate them on the right to revoke clause: their legal ability to void the authorization. 

8. Misidentification

While usually an accident, this occurs when a doctor incorrectly accesses a different patient’s file. This may happen through computer glitches or simply human error. In any event, the consequences remain just as dire as all the other violations. 

Solution: Double verify every patient’s identity before accessing data. Biometric patient identification is also becoming more common- a safer way of preventing identity mistakes.

Protecting Personnel and Patients

HIPAA is admittedly a challenge for any major healthcare provider. Ensuring thousands of devices remain secure while training tens of thousands of employees will not always go according to plan. 

But even if the reason seemed innocent or concerning, and regardless if it was a small error or a significant breach, always report HIPAA violations. At the end of the day, the act is there to protect the providers as well as the patient. 

Learn more about how Securis helps medical providers protect sensitive data at our website. 

 

The biggest news in data protection in the last several years was the GDPR changes in the European Union. Those privacy updates gave consumers the right to know what data a company collects. Furthermore, it aimed to hold companies more responsible for the data they collected.

However, GDPR was just the first wave of regulations to impact the way IT leaders approach data protection and privacy. There’s no question that privacy, compliance, and data management will be an increasingly important IT responsibility. So here are some trends and upcoming regulations and opportunities to keep in mind.

Privacy Has a Global Reach

There are a few things to understand about GDPR. These apply to other upcoming regulations as well. First of all, most privacy laws have a broad range of coverage. For example, GDPR applies to more than just EU firms. The laws protect citizens more than they regulate companies. That is to say, if an EU citizen uses an American service, that business will have to comply with GDPR. The goal is to protect the individual.

That’s why global technology companies like Facebook, Apple, and Google have to comply with GDPR. Their user base lives in the EU. If you operate a global business, know that you must abide by the rules in each country and region you do business in. Some laws contain cutoffs and qualifications, as we’ll see in California’s laws. However, GDPR and others will apply to any company that keeps data about customers on hand.

Expect Laws from the State and National Level

At first, GDPR may seem like this monolithic law. As such, it has set off a course of action that will begin to affect the United States. Already, at the state level, privacy laws are coming into effect. Like GDPR, the different state laws apply to businesses that serve anyone in that state. Consider a few examples.

One of the most stringent data laws is California’s CCPA. The biggest outcome of this law is that customers can file class-action lawsuits against any company who mishandles their data. Additionally, the state of California can charge the company a fee per person impacted. In Colorado, the law now reads that data destruction procedures, one of our services at Securis, must be documented. 

The responsibility rests on the firm to ensure they have the right processes in place to protect consumers. Thus, state law requires that a firm comply and document its methods. Finally, Oregon tightened up the language about security audits and breach notifications in their state law. Each business must take on a proactive approach, especially in their communication with customers.

All of these are examples of what’s going on at the state level. What about at a national level? Until recently, data laws have not been a priority at the national level. In fact, aside from HIPPA laws in the health sector, there really isn’t a single, unified policy on data privacy in the United States. That may change, however, and more voices want a federally enforced privacy law. Keep an eye out for these discussions. Federal laws will have wide-sweeping effects.

Data Protection Will be a Requirement for Smaller Firms

Just as data laws are becoming more widespread, they’re also starting to affect smaller businesses. Take California’s CCPA law. CPPA requires a business to comply if they meet one of the three qualifications. First, the business earns over $25 million in revenue. Second, they possess the data of over 50,000 individuals. Third, they earn more than half their annual revenue by selling customer’s personal data. 

Most small businesses wouldn’t match those requirements. Still, it doesn’t take a huge corporation to hit $25 million in revenue. In the future, these laws could apply to smaller companies. Begin preparing now to comply with the data privacy laws that affect your customers.

Privacy Compliance Has Its Benefits

Data regulations require firms to stay on their toes and comply with strict laws. However, that doesn’t mean there aren’t any advantages to protecting consumer data. Cisco, in their 2019 Data Privacy Benchmark Study, found some interesting results. When a company complies with data protection laws like GDPR or state-level regulations, they experience a shorter sales cycle. How so?

Well, it comes down to customer trust. When a company complied with data protection laws, the customer trusted them more. Those firms shrunk sales delays from 5.4 weeks to 3.4 weeks. Cisco also found that complying companies had fewer breaches and less system downtime. As it turns out, clients and customers care about their data. By having the right systems in place, you’ll save time, money, and headaches both in the sales cycle and in day-to-day operations.

Another study by Forrester and Evidon found that companies complying with data protection regulations expected several outcomes, including improved customer satisfaction, customer loyalty,  brand perception, and deeper customer engagement. Don’t let fines motivate you, let customer-centric data protection be a highlight of your brand.

Securis Can Help You Comply

At Securis, we specialize in data destruction and IT recycling. This means cleaning up your IT equipment digitally and physically. Our goal is to protect your data by destroying it. Furthermore, e-waste, or outdated and thrown away computers, electronic devices, etc., fill up landfills and are potentially toxic to the environment. 

We dispose of these in safe, compliant ways, saving you the headache of figuring it out on your own. We maintain federal and state standards on all our practices and help your business prepare for the incoming data privacy changes. Contact us for a free quote.

Are you in the market looking for a good e-waste recycling partner? Or are you currently working with a partner and you think it’s time to renew your terms? Either way, here’s something you need to know. The Sustainable Electronics Recycling International (SERI) recently revised their R2 (Responsible Recycling Practices) standard. 

R2 director, Sean De Vries, presented the third version of the R2 standard known as R2V3 during the National Recycling Coalition (NRC) and the Pennsylvania Recycling Markets Center (RMC) Sustainable Materials webinar series in March 2019. According to Sean De Vries, the new standards are likely to be “more effective of the time we’re in.”

But before we get into what the revised standard entails, here’s a word about SERI.

About SERI

SERI is an ANSI-accredited standards developer best known as the creators of the R2 Standard, which outlines best practices for electronics repair and recycling issues around the world. 

As part of the Manual of Policies and Procedures for R2 development, SERI states that certification standards are required to be continuously improved and updated regularly.

These updates are implemented by an independent board who decide the on the changes to be made to the standard. Think of them as the gatekeepers for everything that concerns electronics recycling in any industry

They get together regularly to review and revise the standards to ensure they are up to date with the latest industry developments. And every five years, a select committee that called the Technical Advisory Committee (TAC) reviews everything to make sure it complies with best practices. 

The TAC has been reviewing the R2 standard since 2015, and it consists of different types of stakeholders, ranging from recyclers and electronics manufacturers to other certification agencies. As of today, there are 28 active members on the TAC. And members span four continents.

What the revised standard entails

The new version of the R2 standard maintains all the general principles of the original R2. But it aims to make them easier to understand. For instance, it has new rules about destroying data contained in electronics up for recycling. And adopting environment-friendly practices while recycling.

These new rules have come about because of the realization of the value of data in recent times. “Everything really contains data, so it has to be treated that way,” said  Sean De Vries. “Small devices, such as cross-function devices that look like a watch but function as a computer, can contain quite a lot of information.”

The new standards will also have additional details about how different facilities should approach their electronics recycling process. With more than 800 facilities in 35 countries holding R2 certifications, these new changes will be designed to help the recycling industry raise the bar and ensure everyone’s doing the right thing.

The changes will highlight issues such as data sanitization and test, repair and reuse. It will also recognize specialty services and expertise. And it will provide flexibility for how recycling companies carry out their operations under the new standard. 

In effect, version 3 will move away from being rigid to more flexible. It will provide industry experts enough room to adopt the standard to their natural workflow. At the same time, it would also ensure that the processes they follow are more transparent to the customers as well. 

Suffice it to say that the new standard would perhaps allow for smoother and clearer handling of electronics. This goes for manufacturers as well as recyclers.  R2 certified organizations will be given time to change to version 3 until the summer of 2021. That is a two-year long period to go through the details. And it allows them to see what applies to their business model and determine what changes need to be made.

If you’re looking for a new recycling partner, it’s essential to stay up to date on the upcoming changes in the R2 standards. You want to pick a partner who knows the R2 standard in and out. And who understands the implications of the new revisions.

As an R2 certified company, Securis can help you navigate through all the upcoming changes and ensure your company remains compliant when disposing of its electronics. For more information, contact us today. 

While it’s true that switching to digital applications has helped us reduce paper and plastic waste, the cyclical release and degradation of electronics have resulted in unprecedented streams of wasted products. In fact, the United Nations estimates that 50 million tonnes of e-waste are produced each year, worth over $62.5 billion. Yet only 20% of that waste is recycled.

Fortunately, small businesses have the power to make a significant difference by enacting a change in their business habits. We’ll cover a few ways that organizations can reuse and recycle their yearly e-waste.

What is E-Waste?

Although it sounds fairly straightforward, it can actually be confusing as to what can be considered e-waste. Encyclopedia Britannica defines e-waste as “electric and electronic equipment that have ceased to be of value to their users or no longer satisfy their original purpose.” That can include anything from a defective kitchen appliance to outdated computers.

The Dangers of E-Waste

E-waste is toxic to humans. When improperly disposed of, e-waste materials can be deadly. Components may have chemicals that, when exposed, can be highly flammable. They may release gases that can cause respiratory issues or cause health issues that even lead to cancer.

E-waste is a missed opportunity. Each device has microchips and materials that can be repurposed for new devices. When it is simply thrown away, the materials are lost, and the chance to reuse is squandered.

E-waste is harmful to the environment. Since e-waste isn’t biodegradable, it stays around on earth long after being thrown away. This leads e-waste to contribute to liquid waste, air pollution, habitat destruction, and toxic landfills.

Tips for E-waste Recycling

Now that you know what’s at stake, what can your small business do about it? Here are a few solutions:

Return to seller

These days, big companies like Apple and Best Buy offer programs that will accept e-waste to be recycled. Once accepted, these items will either be repaired and reused or stripped down for parts. Last year alone, Apple refurbished over 7.8 million devices and prevented 48,000 metric tons of e-waste.

Switch to the cloud

With ever-expanding cloud storage available to everyone, USBs and discs are becoming obsolete. Why use a finite storage system when you can have terabytes of space online? Switching to the cloud is a preventative action- meaning you won’t need to recycle or throw anything away because it’s all saved digitally. Google Cloud and Dropbox have become popular consumer cloud choices.

Donate or recycle

If the device isn’t totally useless, take matters into your own hands and reuse or donate them. While your business may no longer find use in an old printer, other companies may be able to find a new home for the device. Visit the EPA’s Electronics Donation and Recycling page to find out where you can send your old devices. Alternatively, visit Securis’s IT recycling services page for a more straightforward option.

Destroy data devices

Work with sensitive information in your company? Then it’s totally understandable if you have reservations about recycling your devices. Instead, hire a trustworthy and reputable company to destroy the data so it isn’t accessed by the wrong people. Learn more about the best way to destroy hard drives, cellphones, and other storage devices.

Cultivate a greener culture

Change starts from the top down. If you want your business to start reducing e-waste, make it a company-wide policy. Set quantitative, attainable targets for your leaders to hit during the year, like reducing e-waste by 30%. Hold people accountable each month, even conducting regular check-ins. Finally, reward people for striving towards a more sustainable business process.

Building a Brighter Tomorrow

More than ever before, companies hold greater responsibility and influence in the course of reducing e-waste. It’s true that a majority of e-waste is derived from corporate activities, it’s also true that much of the change taking place is a result of those same companies.

So don’t just sit back and leave it to someone else- take responsibility and do your part. Retool your company culture to tackle this issue head-on. Start taking inventory of unused devices and seeing how they can be repurposed or recycled. It’s a world shared by everyone, including our future generations. It’s time we do what we can to give back and take care of the planet.

Learn more about how Securis can assist your business in responsible IT removal and recycling today.

 

Despite our security innovations, human folly continues to be the source of hacks and breaches. Just last year, vulnerabilities were found in Android’s API that allowed cyber attackers to access device data and user tracking. Social network Google Plus was forced to shut down after a major profile data leak that went undisclosed for months. And most recently, Facebook faced another privacy breach, this time affecting 1.5 million users.

This wasn’t the fault of some system or AI. This is an oversight by the world’s greatest engineers and developers. If it can happen to companies like Google and Facebook, it can happen to small startups and growing enterprises.

So what are the main reasons that data security is impacted?

1. Unauthorized user or application access

According to Cisco, 44% of IT professionals have dealt with unauthorized network access or unsupervised device sharing. 70% believe that unauthorized programs resulted in “as many as half of their companies’ data loss incidents.”

It’s no surprise- with the surge of mobile devices and laptops, anyone can access a secure portal from almost anywhere. Friends and family may use an employee’s login without their approval, or even their notice.

2. Falling for scams, trojans, phishing sites

Even emails that appear innocuous could potentially devastate a company’s entire system. In the Check Point Research Security Report of 2018, 64% of organizations faced some sort of phishing attack in the previous year. Verizon reported that 28% of phishing attacks are targeted.

Phishing attacks, scams, and trojans underscore the importance of robust firewalls and anti-virus software. Each week hackers are inventing new ways to trick people into letting their digital safeguard down. That’s why it’s vital to maintain updated security measures and to constantly remind users to be wary of these attacks.

3. Lack of cryptographic or high-level security

You would be astonished to find out how many businesses fail to uphold even the most basic privacy standards. And it’s not just Instagram. In fact, there’s a whole website dedicated to companies that email you your own password, a list called Plain Text Offenders. This careless habit opens up websites to a multitude of data breaches.

That’s also why 2FA or “two-factor authentication” has become so popular recently. With an added layer of protection, the most common attacks can be easily prevented. Encryption is also important, especially in sending and receiving information, to ensure that only the sender and the recipient are allowed to view the contents of a message.

4. Failure to properly dispose of data

Don’t think that just because you delete your data and or password protected a device that your information is safe because it’s not. Even when you dispose of an old computer or phone, there’s still a small likelihood that hackers can gain access to your photos, messages, emails, contacts, and other sensitive information.

Never run that risk. Whenever possible, hire a reputable company to properly destroy these devices in a safe manner. Only then can you sleep soundly knowing that hackers aren’t trying to pry into your recycle bin.

5. Untrained or undertrained employees

Above all, sheer ignorance is the root cause of security breaches. Whether it’s an employee forgetting to lock their computer, or a developer that forgot to implement a second layer of authentication, you can never be too careful in training your employees.

As soon as you hire each new member, conduct a rigid test on your IT security. Educate them on the best practices of handling sensitive information, as well as protecting IT systems the right way. Consider having a dedicated cybersecurity team to handle the most urgent security issues, and to also conduct regular maintenance checks to prevent any leaks.

Brave new world

We’re living in an era of rapid connectivity, social interaction, cloud storage and computation, and even artificial intelligence. Who knows what the future will hold ten, twenty years from now. Perhaps our most robust systems of protection like 2FA and cryptography will prove worthless. Only time will tell.

Until then, there should be no excuse for any company not to employ the highest standards of cybersecurity. You may feel inconvenienced at the time and cost involved. But think of the consequences involved if ever your business faced a major data breach. It could spell the end of your company altogether. Train your employees. Protect your systems. Update your software regularly. And if you’re ever lost on how to best protect your data, work with a trusted partner like Securis.

How many times have you upgraded your smartphone over the last 5 years? If you’re an average tech enthusiast, chances are, at least 3 or 4 times. Because according to Wirefly, an average smartphone user gets a new one every 18 months.

As it turns out, people seldom think twice before buying the latest gadgets. But it comes as no surprise — we’re at the peak of a burgeoning digital age. And tech companies are launching new products faster than ever.

This is great news for consumers, but it puts us amid a huge pile of electronic waste. Recent data shows that almost 20 million TVs are trashed every year in the US alone. And in the case of cell phones, it is more than 100 million. What’s even more alarming is that only 13% of such electronic waste is managed efficiently.

The state of e-waste management

The rate at which such waste is piling up is very troublesome. Even more so because these contain dangerous chemicals. Lead, beryllium, cadmium, mercury and other brominated flame retardants to name a few. The bigger the pile, the deeper the contamination of air, soil, and water caused by these chemicals.

Clearly, there needs to be an immediate action plan to bring this under control. As a company, this means that you must start at the workplace. You need to find better ways to dispose and recycle e-waste safely and efficiently. In fact, the law requires that you do. Failure to comply with these requirements will lead to serious consequences.

So the inevitable need of the hour is a reliable e-waste partner. There are many companies out there that make false claims. That’s why you need to choose wisely and find one that is genuine and well-versed in compliance standards.

Let’s take the case of Total Reclaim for example. Total Reclaim was supposedly the largest e-waste recycler of Pacific Northwest. But in November 2018, they pleaded guilty to wire fraud.

They had been collecting waste and charging companies for “environmentally safe” recycling. In reality, they were sending large amounts of flat-screen monitors to Hong Kong. Think of the amount of mercury affecting the people and the environment!

There are millions of other cases with such fraudulent re-cycling partners, which is why it’s important to exercise a keen eye when choosing an e-waste partner. Here are a few pointers to keep in mind.

Pick a certified e-waste recycler

A good way to start your search would be to pick only certified partners. R2 certification (sometimes referred to as responsible recycling certification) is a company level certification based on the R2 standard overseen by the R2 Technical Advisory Committee (TAC). The standard is described as “Responsible Recycling (“R2″) Practices for Use in Accredited Certification Programs for Electronics Recyclers”. The standard requires certified companies to have a policy on managing used and end-of-life electronics equipment, components and materials based on strategies such as reuse, materials and energy recovery and/or disposal.

The R2:2013 Standard is the latest version of R2, the electronics recycling industry’s leading certification. Each provision of the R2 Standard is designed to help ensure the quality, transparency, and environmental and social responsibility, of R2 Certified electronics recycling facilities.

Hundreds of recycling facilities are R2 Certified. Whether you are an organization with a large number of units, another recycler looking for a partner, or an individual needing to drop off an old device, SERI’s directory can help you locate a recycler to handle your material responsibly.

Know your needs

This might seem like an obvious one. But this is more important than you think. Once you approach a recycler they will most likely need the details of your e-waste. Right down to the numbers.

So you need to know everything about every aspect of your e-waste needs. What are the sources of e-waste in your company? What is the volume of waste produced in a week or a month? What are the different kinds of waste produced?

Do they include mostly monitors and laptops? Or are they mostly batteries, wires, and cords? All this is important as recyclers charge differently based on the items.

Ask about data security

Another thing to consider is the security of all the data contained in the devices you plan on recycling. They may contain a lot of sensitive information pertaining to your company. So you want to make sure that they are not being misused in any way.

Ask your e-waste partner in detail about their data destruction policy. They may adopt different ways including data wiping, shredding and degaussing. Some of them even offer a certificate of hard drive destruction. This provides a printed assurance of destruction of confidential information. Alternatively, you could also add a clause in your contract for the same.

The right amount of trust and reliability can be built through personal meetings. So make sure that you meet your partner and talk about things clearly.

If you need help finding a reputable e-waste partner, get in touch with our experts to know what your options are. We will be more than happy to help you play your part in creating a safer digital world.

We all remember the infamous Facebook data breach incident that took place last year. Almost 50 million user accounts were rendered vulnerable. And executives kept stating that investigation into the matter was pending.

Well, Facebook made headlines again this year. And this time it was for storing millions of user account passwords in plain text format. It was discovered that user passwords were searchable and accessible by the employees at Facebook. But no one was found to have abused this access.

We Need to Rethink Data Security

Even though Facebook promises that their employees didn’t misuse these passwords, this incident brings light to many data security issues companies face today. It shows that there’s always a risk when we put confidential information on the internet. And while social media channels like Facebook have always assured us of our privacy, we can never be too cautious when protecting our data online.

Data Breaches On The Rise

Of course, this is not the first time that we’ve seen a major breach of user information or a need to rethink data security. In the first half of 2018 alone, approximately 291 records were stolen or exposed every single second.

With this increase in data breaches, users are counting on platforms to do a better job at least notifying them if their data has been compromised. And it’s not just because it’s the right thing to do. The General Data Protection Regulation requires that they do. It has clear security and data breach notification requirements.

As per the GDPR enacted last May in the European Union, companies have a 72 hour notification period. It requires that they inform the people promptly from “awareness” about a breach.

However, it does not state a “perfect’ notice. This essentially means that they will have to tell their customers about the issue. But they won’t be obliged to fill in the details. The purpose is to simply inform users so that they can resort to protecting themselves.

In most cases, the details of data breach incidents need more time to be uncovered. 72 hours is usually not enough time for investigation, which is why the law only requires that users be notified of the progress in phases. And many a time, the phases drag on for too long. This could explain why we only got to know of the Facebook incident now. It has clearly been going on for years. And the officials have not spoken a word about it.

Well, now the flaws of the regulation are starting to show face. After having suffered the vulnerability, all the users got is an assurance. An assurance that nothing went wrong. And a promise to prevent such a thing in the future.

I think we can all agree now that we absolutely need more comprehensive data security and breach notification requirements. Thanks to Facebook!

What’s Currently Under Consideration?

Thankfully, governments are not sitting still on the matter. Several Congress members have proposed bills to improve data security notification programs. And two possible standards are being considered — a harm standard and an occurrence standard.

According to the harm standard, the companies are only required to notify users if the data breach has or will lead to “cognizable harm.” What this is means that they don’t have to say anything unless they think it might lead to answerable issues.

The occurrence standard, on the other hand, requires companies to notify the users, right when the breach occurs. In effect, the occurrence standard seems friendlier for the users. It gives them the chance to prepare and protect themselves. Perhaps before anything bad happens.

The harm standard, which of course the industry favors, is more hostile. It effectively leaves it to the companies to decide whether or not they need to rat themselves out. They don’t have to say anything until something significant happens. What’s more, they get to decide if they even have to.

We know now that we can’t completely trust companies to keep their word. So here’s to hoping that the Congress bills might do something solid for us in the matter. Ideally, we need properly spelled out security practices for companies to follow. Ones that favors the privacy of the users as much as it does large companies.

The good news is you can be proactive in protecting our data to a great extent. Contact us today to know your options.

How threatened are businesses when they fail to implement and prioritize Privileged Access Management? Very threatened.

In fact, companies are losing billions of dollars annually due to the many repercussions they experience from data breaches and the process of trying to recover from them.

The Facts and Figures Behind Data Breaches

According to Centrify, privileged data abuse is the leading cause of data breaches in corporations. This insight comes from a survey it conducted among 1,000 IT executives in the US and the UK. The results were contained in a new report which highlights that “74% of breaches involved access to a privileged account.”

That figure also correlates quite well with the findings from the Verizon 2017 Data Breach Investigation Report.

It found that a massive 81% of breaches were directly related to passwords which were either stolen, weak, or simply default passwords which organizations failed to change to more secure ones.

It is important for companies to realize that breaches are not only outside threats, very often they occur from within the organization.

The Cost of Data Breaches

Data privacy and data protection go hand-in-hand. Data privacy is currently a global hot button issue with most organizations ensuring they are compliant with new laws and regulations.

Many organizations, however, must also face the less publicized but very real threats which lax data protection policies pose. Perhaps the most obvious of those threats is the amount of money companies stand to lose from each breach.

The IBM-sponsored Cost of a Data Breach study reveals that not only are data breaches on the rise, but they are also becoming costlier. Interestingly, breaches based in the US tend to have the highest cost, racking up a bill of nearly $8 million for the organization involved.

IBM breaks that figure down to $148 per “lost or stolen record containing sensitive and confidential information.” The report can be downloaded here where you will also find an intriguing interactive data breach cost calculator.

The ramifications of data breaches involve much more than the obvious monetary losses. There is also the issue of the lack of trust which companies can face from current and prospective customers, as well as from investors and business associates. This demoralizing lack of trust can also settle among employees and affect their productivity.

You Must Secure Your Company’s Data – Here’s How to Do It

The key factor in securing an organization’s data is the implementation of Privileged Access Management (PAM) strategies, sometimes referred to as Privileged Account Management.

A privileged user is anyone who has administrative access to various critical systems within a company’s IT network. It is not just select employees who have privileged access. There are also vendors, automated users and contractors, to name a few.

These privileged users may have the authority to install software and to change or delete user accounts. Their status might also give them access to confidential or secure information.

It is very obvious to most persons that not everyone can or should have privileged access. Where most companies fall short, however, is in realizing that it is still vitally important to monitor and control the actions of those who do. This is where PAM comes in.

It gives you the ability to:

• Minimize or eliminate malware attacks which often focus on gaining access to privileged accounts
• Regulate which systems a particular privileged user account can access so as to prevent access to forbidden data
• Ensure that IT administrators can quickly and easily access the accounts of privileged users when they need to
• Provide (and easily terminate) privileged access to vendors and anyone else who only needs it on a temporary basis
• Fulfill audit requirements by creating a secure audit trail of privileged account actions
• Remain compliant with industry regulations

An effective PAM solution can mean the difference between spending millions of dollars recovering from a data breach and using that money to invest in your company’s growth.

Another effective way to make sure you don’t fall victim to a data breach is to properly dispose of all your IT hardware. This will prevent your sensitive data from accidentally ending up in the wrong hands.

If need help with your IT recycling, get in touch with us today to learn how we can help.  We would be more than happy to help you start safeguarding your company against the threats posed by privileged credential abuse.