Even though the world is starting to enter the post-pandemic era, many companies are not getting rid of the hybrid working environment, creating a bigger attack surface for cyber felons and posing risk to digital data.
Since data has become a currency for cybercriminals, companies have become great targets for cyber felons. Data theft can cause major financial and reputational damage. However, many don’t consider that when disposing of devices without properly destroying the data stored in it, it’s not always enough to fry your device in a microwave.
And even if the data on that device was encrypted with a VPN service, sensitive data can still become stolen. That’s why Cybernews invited Tomasz Filipów, the CEO of data removal company – ProDevice. Filipów agreed to share his views about cybersecurity and the best device destruction methods so that data would become unretrievable.
How did ProDevice come about? What has the journey been like since your launch in 2012?
Back in 2012, we didn’t even think that our products could become a part of a cybersecurity strategy of any company. Today, because of the regular risk of data leakage for all business sectors, it became a must-have if not a must-rent appliance.
We have made ProDevice a brand in 2012. It was a response to the growing market demand for professional solutions for effective data removal from storage media. At that time, we established cooperation with the AGH (University of Science and Technology) and the Institute of Electron Technology. After months of cooperation, R&D, tests, and certifications, the production of degaussers started. Our first model, ProDevice ASM120, is still produced today – it’s a device based on the innovative PPMS technology.
We look at our machines a little bit differently. It has to be hardware supported with a solid portion of software behind it. As for newer models, we equipped them with a server inside, working as Mini Portal (for communication between our machines & mobile phones, Mac or Windows PC’s) and Cloud Portal (for more demanded Customers). Parallelly, we developed MobileApp to be used within Android or Apple users, which is useful for scanning and reporting data.
Our idea from the beginning was to:
- Create New Products (R&D)
- Manufacture (Production)
- Open offices in Germany and the United States
- Develop a trusted Partner chain worldwide
- Recycle (recycling project)
Having all the above pillars working smoothly within our organization, we assume to have the best ready-to-market products, needed in almost every business sector. It seems that all of the mentioned ideas lead us in the right direction and in accordance with our plans.
Tell us a little bit about your media shredding tools. Why simply deleting a file is not enough?
For an organization’s security posture, it is fundamental to protect data during the whole lifetime. This includes figuring out what to do with data and when it is no longer necessary. Millions of obsolete, unused, broken, or faulty smartphones, disks, and various electronic carriers are tossed away in the trash every day. That is done after simple formatting, frying in microwave ovens, or smashing with a hammer believing that this is enough. However, this data can still be successfully recovered and used. And this is exactly what leads to mass data leaks, GDPR violations, theft, blackmail, sales of confidential data, PR disasters, or scandals. So, the question is – if not with a hammer or formatting, then how?
To perform a data destruction service professionally and following the highest standards of security, companies have a few main solutions. These solutions can be summed up into two most common professional ways to dispose of digital information: degaussing and physical destruction. These methods are recommended as they are the most secure, easy-to-use, time and cost-effective solutions approved by all the main international data protection and cybersecurity associations. We produce advanced degaussers for secure destruction of data from magnetic media and different types of destroyers and shredders to guarantee a proper destruction procedure of the media before disposal. Each of our products can generate a professional report thanks to a dedicated MobileApp, guaranteeing a professional and complete data destruction solution, easier implementation with the company’s retention policy, and higher compliance with data protection regulations.
Have you noticed any new threats arise as a result of the recent global events?
Data is the most valuable asset in the digital era. Data that may become insignificant to us could be highly significant to others, including cybercriminals.
Many of us have noticed that during a pandemic, cybercriminals tried to steal personal data more often than before. At the same time, the number of people who have experienced such an attack has increased.
Currently, a huge number of institutions and enterprises, unfortunately, still do not care enough about the security of the data they manage. The media regularly report on confidential information found in rubbish bins, the theft of personal data, etc. It is worth knowing that not all data deletion methods are effective and safe. Therefore, if there is a need to delete data in an enterprise or institution, it is worth asking for help from a specialized company that provides this type of service or buying a professional degausser.
Every company and institution must take care of the data it manages. Regardless of whether it is a small business, large corporation, public institution, or military service. We never know what consequences an uncontrolled data leak may have for the security of an ordinary person, company, or even your country.
In your opinion, what are some of the worst behaviors that can lead to both the company’s and their customer data being compromised?
Our experience shows that many companies do not have any data security regulations implemented. Additionally, IT managers do not train regular employees in this area. The employee is most often the weakest link in an enterprise, and the uncontrolled data leakage is often the result of his ignorance in the field of data security.
Therefore, it is important to implement a data destruction policy in the company and proper media carriers disposal procedures – when the life of data comes to an end, destruction and erasure mechanisms must be used to prevent it from remaining within the reach of third parties.
Why do you think data protection measures are often overlooked?
The recent years and the unfortunate data breaches that occurred to several well-known companies and enterprises have contributed to increasing the general awareness of the topic of the importance of protecting confidential data.
Today, some people become extremely aware of the importance of data protection and all the risks associated with insufficient cybersecurity. These individuals are then clients or partners of different companies and may be directed towards different suppliers or partners if these can guarantee higher security measures for the confidential data.
Still, the process is long and requires a lot of training and courses to raise the consciousness of the organization’s leaders and employees.
When it comes to the topic of data destruction as a data protection method, in our webinars, conferences, or training, we always make the same example. What are we all doing with a confidential document on paper when we have to throw it away? Aren’t we shredding it or destroying it? Aren’t we doing that because we don’t want anybody to read our confidential information? Generally, the answer to all these questions is yes. Everybody destroys paper documents before putting them into the garbage bin.
So why don't we do the same with digital documents inside data carriers?
What are the best practices companies and individual users should follow when handling sensitive data?
Depending on the Country and the field of the organization’s business, there are some guidelines, standards, and laws to regulate the management of sensitive data.
These regulations can guide organization leaders into the implementation of internal policies and procedures to increase the awareness of employees and the accountability of the company in the topic of data protection.
Most of these standards would also recommend specific technologies and practices to be adopted in each step of the lifecycle of the data, including its proper destruction before the disposal.
Besides proper data protection solutions, what other security measures do you think everyone should look into?
There are a lot of useful tools to guarantee the highest possible protection in the different steps of the lifecycle of data. Some companies already defend themselves against break-ins and data theft by using various robust firewalls, antivirus software, cloud storage solutions, network and endpoint security, awareness training for employees, the most recent AI and machine learning technologies, degaussers, and media shredders.
We believe that all these latest technologies and solutions are and will be much more effective when combined with a precise policy, data minimization, internal audit, and regular awareness training. Our life and our business are constantly online. Most of our confidential data may be accessible online. So, the combination of technology, awareness, and data minimization could ensure risk reduction for a company.
Of course, everything is combined with regular training. You can have the most advanced solutions and all of the most effective policies, but if just one employee in the company falls victim to a phishing attack, all the measures you adopt may become useless.
That’s why the cooperation between organization leaders and the introduction to data protection and cybersecurity topics into the company’s board are fundamental. All the practices we mentioned require knowledge, communication, organization, a proper schedule, and a budget.
Talking about the future, what predictions do you have for the data security landscape for the upcoming years?
We are slowly entering the post-pandemic era in which the trend of remote work is likely to continue in many companies. Therefore, I expect more aggressive attacks on data and company networks.
Security teams will have to focus on educating users, detecting threats, and responding to them quickly.
I think that in the upcoming years, we will observe a growing awareness among entrepreneurs of the need to protect confidential data.
What does the future hold for ProDevice?
Our plans are ambitious. One of our goals is to introduce an innovative method of erasing data from flash memory in 2023..
Currently, effective and fully safe deletion of information from mobile phones, SSDs, or pen drives is possible only through their physical destruction (it is related to the construction of SSD/flash memory). Our goal is to produce a device that emits a kind of impulse that will effectively destroy the structure of the flash / SSD memory bones, and the components from which a product is made can be fully recycled. I am convinced that in the near future, we will successfully sell this type of equipment all over the world, through the constantly expanding network of our Partners. We already have our first successes in this area and I hope we will start production within a year from now on.