Iron Mountain Offers Basic Rules for Maintaining Data Privacy | eWeek

Iron Mountain Offers Basic Rules for Maintaining Data Privacy

Iron Mountain Offers Basic Rules for Maintaining Data Privacy
Jan 28, 2015
3 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

SAN DIEGO, Calif.—Iron Mountain, which opened for business in 1951 and knows a few things about how to secure paper and digital documents, came up Jan. 28 with some workable basic rules about how enterprises and individuals can do just that: maintain personal data security and privacy of data and documents.

Data Privacy Day, an international event created two years ago (and held every year on Jan. 28 in the United States), aims to bring awareness to the need for solutions to issues involving the Internet of things and data protection, security and privacy. The rules were among a number of working documents discussed at a roundtable at the CyberTECH Data Privacy Day 2015 event, held at the San Diego Gas & Electric Innovation Center here.

eWEEK will publish a separate story later today on highlights from the San Diego event. San Diego, with its increasing number of cyber-security-related companies and startups, ranks with Maryland and the Washington, D.C., region; Atlanta (with Georgia Tech University); and San Antonio, Texas, as the hottest areas for cybertech security research and product development in the United States.

It isn’t surprising that Iron Mountain’s 2014 Data Protection Predictors survey reveals that data loss is IT leaders’ primary concern. Adding to these concerns is the fact that the amount of data and devices they manage continues to soar—and this data lives in multiple formats throughout an enterprise.

Here are five steps Iron Mountain suggests that enterprises and consumers can use to improve a security plan:

Step 1: Learn where your data lives. A security administrator cannot complete a security plan until he or she knows exactly what they are protecting and where it’s stored. Most businesses store data on multiple media types: local disks, disk-based backup systems, offsite on tape and in the cloud. Each technology and format requires its own type of protection.

Step 2: Implement a “need-to-know” policy. To minimize the risk of human error (or curiosity), create policies that limit access to particular data sets. Designate access based on airtight job descriptions. Also be sure to automate access-log entries so no one who’s had access to a particular data set goes undetected.

Step 3: Beef up your network security. A network is almost certainly protected by a firewall and antivirus software. But are those tools up-to-date and comprehensive enough to get the job done? New malware definitions are released daily, and it’s up to the antivirus software to keep pace with them. The bring-your-own-device philosophy is here to stay, and an IT team must extend its security umbrella over smartphones and tablets that employees use for business purposes.

Step 4: Monitor and inform your data’s lifecycle. By creating a data lifecycle management plan, security admins must ensure an enterprise’s secure destruction of old and obsolete data. As part of this process, they should:

–identify the data they must protect, and for how long;

–build a multipronged backup strategy that includes offline and offsite tape backups;

–forecast the consequences of a successful attack, then guard the vulnerabilities revealed in this exercise;

take paper files into account, since they can also be stolen;

–inventory all hardware that could possibly house old data and securely dispose of copiers, outdated voicemail systems and even old fax machines.

Step 5: Educate everyone. Data security is ultimately about people. Every employee must understand the risks and ramifications of data breaches and know how to prevent them, especially as social engineering attacks increase.

Talk with employees about vulnerabilities, such as cleverly disguised malware Web links in unsolicited email messages. Encourage them to speak up if their computers start functioning oddly. Build a security culture in which everyone understands the critical value of your business data and the need for its protection, Iron Mountain said.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.