Remember to wipe your equipment!
Don’t overlook data destruction, a critical data management internal control. Numerous state and federal data and privacy laws mandate that data, particularly data containing Personally Identifiable Information, be destroyed to prevent breaches.
Most office equipment has some hidden danger in the form of a hard drive or removable memory chip. Special steps to “wipe” all devices prior to disposal or return to a leasing vendor must be taken as part of equipment and data inventory management. Workstations, printers, scanners, tablets and other mobile equipment should be thoroughly reformatted, or the hard drive or data cards removed and physically destroyed, to minimize the risk of data breaches.
Effective internal controls include full life cycle data and equipment management, with the final step being documenting that the equipment and data were properly wiped and destroyed.
See our Cyber Center for additional resources and links for cyber alerts, and contact CTREmergencyNotification@mass.gov with any incidents or suspected incidents of fraud or cyber attacks.