End-of-Life Equipment Security Risks
uest blog by Brad Cohen
Have you ever visited a customer and seen a room full of used, retired, unwanted or unloved IT gear?
Have your customers asked you to help with disposal of old IT hardware?
Do you have old IT hardware lying around your own office?
Have you ever resold a customer’s old IT hardware or redeployed it for another customer?
Do you ever receive out of production IT equipment from your customers?
Let’s take a step back…. Many companies and the MSPs (IT service providers) who serve those companies are concerned about a network intrusion and the security protocols protecting personal and company data on a live network. But what happens to those security protocols and data once a device has finished its useful life? Believe it or not, even though the equipment is sitting in a closet, it could pose a security risk.
When it comes to IT Asset Disposition, there are two main risk factors to be aware of:
1. Environment Compliance: What documentation do you need to protect your company and prove your equipment was disposed of properly?
2. Data Security: How can you ensure that all sensitive data is permanently erased using the highest standards possible?
First, let’s discuss environmental compliance. Being associated with an environmental incident resulting from improper disposal of e-waste can have far-reaching negative consequences on your customers and your company. If a violation is found, the cost to your business could be enormous.
In 2018, AT&T was fined $52 million for dumping e-scrap —“This settlement holds AT&T accountable for unlawfully dumping electronic waste,”
Also, $7.4M Settlement with Target for Environmental Violations —“A major retailer will pay $7.4 million to settle allegations it again broke California law by illegally tossing used electronics and hazardous materials in the garbage”
Second, let’s look at the data security risks associated with IT hardware disposal. A surprising percentage of IT devices are re-sold without being properly wiped. According to a survey from a Blancco / Kroll Ontrack Study:
Residual data was found on 48% of hard drives and solid state drives they purchased and tested from online marketplaces.
Residual data found on 35% of mobile devices.
Ineffective deletion attempts made on 75% of drives and 57% of phones that still had residual data.
The average cost of a single data breach is $3.86 million.
In a 2018 study by IBM & Ponemon Institute, U.S. consumers demonstrated an unwillingness to work with companies who had been breached:
When surveyed, 70% of customers said they would stop doing business if a breach occurred.
Only 27% of customers believed companies took their data seriously
The average cost to a company for a single lost or stolen data record is $148
The best way to protect your customers and your company is to work with a certified IT Asset Disposition company.
What to look for in an IT Asset Disposition (ITAD) company:
They must be certified (this confirms that they’re doing the right things the right way).
The process should be simple. From de-installation, on-site packing, and shipping, the logistics should be simple. Find an ITAD partner who can help you plan (or better yet perform) these logistical services for you.
Reporting. Your ITAD partner should provide detailed reporting and communication throughout the process for each specific item they handle (make, model, serial number).
Recycling standards. Look for a company who is fully compliant with R2 standards (the most stringent recycling standards in the industry). The de-manufacturing process should break all material down into the appropriate recycling stream.
Go green. Make sure your ITAD partner has a ZERO landfill policy for all material received.
NIST800-88 Data Erasure. Look for companies who are NIST800-88 compliant when sensitive data is in question. On-site and off-site destruction services are a plus here as well.
NexTech enables our MSP partners to protect their customers and close the loop on the technology lifecycle. The NexTech process is simple, secure and cost-effective; we are here to ensure that your assets are handled with care in order to maximize and return value to you. We’ll help you bring order to the chaos of IT hardware disposal. If it plugs into a wall, we can handle it.
Brad Cohen NexTech email@example.com