What happened that fines are still being assessed and we are still talking about this mayhem?

Morgan Stanley originally hired the moving company, Triple Crown, in 2016 to decommission IT assets from two data centers. It was known that Triple Crown was strictly a moving company and not experienced with electronic data destruction. The contract identified an unnamed e-scrap management company that would sanitise the devices and resell them for a commission, with Morgan Stanley obtaining a cut. It’s become known that early on, Triple Crown stopped working with the unidentified company and began working with AnythingIT without Morgan Stanley’s knowledge. AnythingIT was sold the eletronics with data still on them, having been told by Triple Crown that they had already been wiped. They in turn resold these devises downstream to KruseCom, who either destroyed or sold them on an auction site.

Truly a story in passing the buck and a loss in accountability. Where is the certificate of destruction? Where is the vendor due diligence? There was none, which is why Morgan Stanley is paying dearly.

If you look-up AnythingIT today, you’ll note that they are NAID AAA Certified. There has been some confusion on if this third-party vendor who worked in the Morgan Stanley debactle was certified, how could all of this have happened? As you can see, 1) they were given misinformation and not contracted to do the actual data wiping, AND 2) at the time of them being contracted they were not yet NAID AAA Certified. Since this incident, AnythingIT has become NAID AAA Certified and shown that they in fact DO robust quality best practices, even submitting to unannounced audits.

There are many lessons learned through this incident for everyone, clients and service providers alike.

Morgan Stanley did not take the correct precautions to ensure they hired a reputable service provider, such as a NAID AAA Certified company who would have had rigorous guidelines in place for wiping the hard drives. And it seems that service provider to service provider contracts may have been lacking as well regrading the goods being transferred (do you have language in place when you take acquisition of assets without destroying it?).

Why You Should Earn Your NAID AAA Certification >>

Why You Should Use a NAID AAA Certified Company >>

The post Updates on the Morgan Stanley Data Breach appeared first on i-SIGMA.

I was being responsible and cleaning out our electronics bin. Do you have one of those in the garage? The place where random cords, Ethernet cables, and broken PS2s go until they are needed (ahem – yeah right). I remember coming across lots of outdated goodies like my husband’s old palm pilot and even his as-seen-on-TV aluminum, wallet organizer he never used (I don’t know why it was in there). I kept too many random things, threw out a few, and donated the rest of our outdated technology to Goodwill. Are you bristling yet? It gets better.

We moved. I cleaned out the bin again.

Several months later I went to look up some photos of my oldest child from when she was baby. We had saved these on an external hard-drive for safekeeping since our computer was getting old, which was a good call since it crashed shortly thereafter. The hard-drive wasn’t in the desk. But we’d moved, so that made sense. Where else, could it be? I went through a few straggler boxes in the closet with no luck. Then I thought of the electronics bin?! This is where we put random things, so I searched it. No drive. I searched everywhere. I re-looked everywhere. I was so sad. Maybe it would show up in a random, mismarked, unpacked box in the garage.

I went to the store to purchase a new external hard-drive in the interim. I bought the same kind as before, because we had been happy with it. But when I saw the hard-drive, my stomach dropped. Do you know what that brand of hard-drive looks like? Almost exactly like the as-seen-on-TV aluminum wallet…. I am now positive I had donated my firstborn’s baby photos to Goodwill.

Guess what? We didn’t just store photos on our external hard-drive either… *gulp.

***

I never recovered my terabyte hard-drive, or my precious data back. People accidentally donate stuff all the time.

You’re probably still cringing that I donated a palm pilot without second thought, aren’t you?  I mindfully donated it, because the technology was so outdated. If it had been a computer, I would have wiped it, but that didn’t seem important in this instance. And you know better than I that even my precautions wouldn’t have mattered.

How many individuals are just as clueless as I was before I joined NAID?

***

So, where do we go from here?

Well, I started by saving low-res images of my kid off of email and Facebook to piece-meal together a new make-shift photo library. I also have identity theft recovery insurance just in case.

NAID is busy educating the public to be a little wiser. This includes the recent formation of the Industry Action Committee, which focuses on the industry, commercial and government decision makers and policy writers to demonstrate the value of NAID Certification. Later this month NAID will be releasing the results of the largest second hand electronic device study, which should bring awareness to the need for proper data destruction in this area. And NAID is also releasing a textbook this month, Information Disposition: A Practical Guide to the Secure, Compliant Disposal of Records, Media and IT Assets, by Bob Johnson (currently available for pre-order). The publication will serve as the CSDS training manual, a university-level textbook, and most importantly a tool for educating clients on the nature and importance of proper data destruction. NAID will work to continue to make headway in every way possible, so that more people make less stupid mistakes like me.

Kelly Martínez
Learning More Every Day

The post That Time I Donated my Outdated Technology appeared first on i-SIGMA.

You most likely already have a firewall and security software to protect your network. Thus, your systems should be well protected from any unattended probes and intrusions from viruses and other malware. However, data thieves can thwart these efforts by using the following, manual means to steal your confidential business information.

Email Alerts: Don’t worry about opening suspicious emails. In most cases, all you lose is the time it takes to verify that a message is legitimate. What you have to worry about is the message inside asking you to click on a link or download an attachment. The link or attachment may contain the malicious software. Or they may lead you to a fake website that looks like it belongs to the company that sent the message. It asks you to enter your usercode and password, which the thieves then use to access your account. Never click a link in an email, even if it’s from someone you know, because the originating addresses can be faked. Instead, note the contents of the message and then delete it.

Phony Updates: If you’ve turned on automatic updating in your operating system, you may receive several messages asking you to update software. While many of these missives are legitimate, it only takes a fraudulent one to unleash harmful code on your system. All you need do is click one of the buttons on the message and the trouble starts. Close such messages right away without clicking on anything.

Phishing: This refers to phony websites that look like exact copies of legitimate ones. An email or update message may lead you the site, which then prompts you for your usercode or password. A big clue that the site is fraudulent is the URL in the address bar. It may not match the company website at all. In that case, close your browser immediately.

You can rely on one solution to thwart all these attempts. Manually browse to the originating website to determine if an update or change is truly needed. If the site did not originate the message, then report the fraudulent attempt to the website’s security department.

For more information on securing your systems against small business cyber threats, be sure to attend my session, “Protecting Your Company From Growing Connectivity Exposures” at the NAID conference on Friday, April 4.

The post How to secure your systems against cyber threats appeared first on i-SIGMA.

More businesses than ever are changing the way they think about their paper records. From environmental pressures to cheaper alternatives, document scanning and imaging can revolutionize the shredding industry.

Shredding companies that don’t diversify and offer scanning to their existing and future customers will suffer, especially as managing data in the cloud becomes the standard for business document management. What’s more, they’ll miss out on a once-in-a-business-lifetime opportunity to explode their business!

In order to get more shredding customers, you need to also be in the document imaging business. Ray Barry, formerly of Shred School, used to ask, “Are you really in the shredding business?” If you only offer shredding to your storage customers and you don’t know how to sell it on its own, you are not in the shredding business. Andy Sokol, the Dean of Scanning School, was Barry’s third graduate of Shred School and can attest to that. In the same way, if you don’t know how to sell document scanning as its own service and your imaging revenue is based only on archive imaging, you are missing the most profitable imaging business out there, and here’s why.

In 1995, I built CopyScan as a document copying and scanning company without any other services. It was profitable all by itself, and in 2003, I added shredding as an additional service. Although I added other services over the years, document imaging is still the most profitable service I offer.

In order to sell imaging on its own, shredding company leaders need to learn a lot of new vocabulary. If you don’t understand what your customer will do with the images, how they will access them, and what system and software they are using, it will be impossible for you to do the consultative selling required to sell imaging. Archive scanning competes with box storage, which is much less expensive and is usually the most cost-efficient alternative to scanning. The misconception that most shredders have is that document scanning is not profitable. That’s because they don’t realize that document imaging is not about storage, it’s about the customer having instant access to their files. Archiving is only about storage and is the lowest margin work you will do.

In order to do the lucrative imaging of litigation documents for example, you need to be able to speak the litigation language. Selling imaging requires selling trust. Your prospect doesn’t trust someone that doesn’t know their lingo. You will need to learn the language and process of litigation so that you can have a conversation with a law firm like a pro. Since people will be suing other people for many years to come, don’t you want to create this revenue annuity?

In order to sell to corporations, you need to understand the vocabulary of business systems and the workflow that they use within their company. There is an entire language for business processes. You need to know it to confidently have the business process conversation like a pro.

And, yes, there are medical records. Perhaps you are wondering why this subject is last. Medical record scanning is hot right now and will be for some time to come. But document imaging was profitable long before the health care bill provided electronic medical record benefits to doctors, and it will be for many years. Remember, knowing the lingo means gaining trust.

And here’s the best part: All of these industries, and many others, will provide built-in shredding revenue because once the documents are scanned, they need to be shredded. There is nothing to lose by learning the document imaging business. You have everything to lose if you don’t learn.

CopyScan’s scanning customers never bid their shredding work and the local shredding competition doesn’t even know about the job; it’s already taken care of before the documents are ready for shredding. For more information about how to add document scanning as an additional service to your shredding company, come to our workshop at the upcoming NAID conference in Nashville, or check us out on the web at www.scanningschool.com

The post Don’t be left behind: Adding scanning services increases shredding revenue appeared first on i-SIGMA.