Companies must be cautious to safely dispose of data-rich electronics, especially in this rapid pace of technological and digital change. An even bigger challenge is to decide whether it is more economical to destroy or redeploy old equipment.
Recycling old electronics is the right choice when they are broken and beyond repair, but equipment that still works could be sold or donated to needy organisations and charities.
The only way to do this effectively is with a proper IT Asset Management Program and, while doing so, businesses must take proactive measures to ensure there is no trace of sensitive information left behind, particularly considering the growing number of gadgets now linked to network infrastructure.
According to Xperien CEO Wale Arewa, businesses that don’t implement device end-of-life protocols are putting crucial info in unnecessary danger.
“One needs to create a strategy to protect data from cradle to the grave,” he said.
“IT Asset Disposition best practices involve both logical and physical destruction of obsolete or unwanted data and equipment.”
IT Asset Disposal (ITAD) vendors often buy equipment from organisations to refurbish and resell or to strip the device for spare parts. For the company, this approach provides steady and predictable revenue that can be offset against the cost of compliant disposal of electronic equipment.
“Not everyone is thinking about a cohesive strategy when identifying areas of risk,” added Arewa.
“Items carrying critical data will normally have this data erased, the item refurbished or resold back into the market. However, many businesses take the path of least resistance, finding the lowest price vendor to just take away a device for free.”
Arewa believes the biggest misconception is that they can just delete the files and folders, but don’t realise that the data is still there.
“One hard drive can contain millions of files and when a file or folder is deleted, the information still remains on the drive and this includes deleted email messages,” he said.
Formatting or overwriting will not even be enough to prevent confidential, proprietary and sensitive data from being recovered by data thieves using simple techniques and equipment. Physical destruction of old devices is the best way to reduce a company’s data breach exposure.
“There is also a legal requirement that needs to be considered, by destroying your hard drives and tapes helps keep your business compliant with Protection of Personal Information Act 2013 (PoPI) and the European Union’s General Data Protection Regulation (GDPR),” said Arewa.