Half of Used Enterprise Routers Still Contain Sensitive Data: A Wake-Up Call for Secure ITAD
In today’s era of digital transformation, securing sensitive information is becoming increasingly important. Not only do businesses need to take care of PCs, servers, and network equipment on the network, but they also need to ensure that sensitive information is wiped before reselling or disposing of devices when they come offline.
A recent study by security firm ESET found that more than half of used enterprise routers purchased for testing still contained sensitive information like login credentials and customer data. Only five out of 18 routers were properly wiped before being sold. This serves as a stark reminder of the importance of securely disposing of networking equipment and ensuring sensitive information is protected.
According to the article, the wealth of information on these devices is incredibly valuable to cybercriminals and even state-backed hackers. Attackers can sell information about individuals for use in identity theft and other scamming, and corporate application logins, network credentials, and encryption keys have high value on dark web markets and criminal forums. Since secondhand equipment is often discounted, it would potentially be feasible for cybercriminals to invest in purchasing used devices to mine them for information and network access and then use the information themselves or resell it.
The ESET researchers say that they debated whether to release their findings, but they concluded that raising awareness about the issue is more pressing, stating: “One of the big concerns I have is that, if somebody evil isn’t doing this, it’s almost hacker malpractice, because it would be so easy and obvious.”
To ensure the protection of sensitive information, it is crucial to rely on a certified ITAD vendor for secure and responsible disposal of networking equipment. ITAD, short for IT Asset Disposition, is the process of properly disposing of or repurposing unwanted or obsolete IT equipment, such as routers, computers, servers, and other electronics. ITAD comprises a range of activities, including data destruction, hardware testing, refurbishment, and environmentally responsible disposal. ITAD has become increasingly important for businesses and organizations to guarantee that their confidential information is securely erased, and that their old equipment is disposed of ethically and sustainably.
Here are some steps to follow when looking for and working with a credible ITAD partner:
- Choose a certified ITAD partner: Ensure that the ITAD partner you choose is certified by the National Association for Information Destruction (NAID), which sets the standards for data destruction, and its certification ensures that the ITAD partner follows best practices. R2 and e-Stewards certifications are also specific to the ITAD industry that hold vendors accountable.
- Create a data destruction plan: Work with the ITAD partner to create a data destruction plan that outlines the process of destroying sensitive information. The plan should include a list of devices that require destruction, the methods used to destroy the data, and the measures taken to ensure that the data has been successfully destroyed.
- Chain of custody: Establish a chain of custody process with the ITAD partner. This process ensures that the devices are handled securely from the point of collection to the point of destruction.
- Certificates of destruction: Request certificates of destruction from the ITAD partner. These certificates provide proof that the devices have been destroyed and ensure that you have met your legal obligations.
- Audit the ITAD partner: Conduct regular audits of the ITAD partner to ensure that they are following best practices and standards.
Businesses in South Dakota and North Dakota must take the issue of securing sensitive information seriously. Using a certified ITAD partner ensures that proper data sanitization practices are followed, minimizing the risk of data breaches and protecting sensitive information. Don’t take chances, choose a certified ITAD vendor for secure and responsible disposal of networking equipment.
Contact SEAM today for a free quote on how we can help you protect your data!
SEAM provides IT recycling and data destruction services including onsite shredding and hard drive wiping to South Dakota, North Dakota, Minnesota, Iowa, and Nebraska.
Schedule a pickup or contact us for more information.