When technology expires it’s easy to shut down the device and think the risk is gone. The reality is, a new type of threat begins: Physical Security.
Securing equipment against physical intruders seems like one of the easiest ways to protect company data. However, it's usually one of the most overlooked steps at the disposal phase. With a focus on managing the new IT equipment, the old devices get turned off and stashed somewhere until someone has time to figure out what to do with them.
Equipment gets stored haphazardly in places with easy public access like hallways, garages, or storage rooms until it can be dealt with, leaving all of your company's and customer's information vulnerable. Some companies may even still be tossing their IT devices in the dumpster, which is not only illegal, but again leaves data-filled equipment up for grabs for any dumpster diver who may come across a hard drive.
For a company to have a truly secure information system, the entire lifecyle of each device must be planned for, documented and enforced. With just 3 years for the average lifecycle of a computer, retired equipment is constantly being cycled out, especially for companies with multiple locations or hundreds to thousands of employees. If just one drive is not secured, the consequences could be catastrophic.
In a recent data breach of an insurance company, 57 hard drives were stolen from the facility before they were sent to a vendor to be destroyed. The company has since spent $7 million and over one million customers were impacted.
Disposal Security Checklist:
Keep an Inventory
Use a tracking system to maintain a log of all equipment by type, manufacturer, model and serial number. This inventory list should be updated each time a new IT asset is introduced, moved or disposed of. Quantities can be used to reconcile counts with your disposal vendor to make sure all assets are accounted for. Along with hard drives from computers and laptops, rembember other data-bearing equipment like copiers, cell phones, scanners, fax machines, printers, usb drives, and industry specific items like personal medical devices.
Create a Secure Environment
To minimize the risk of theft and loss, a location should be secured for obsolete equipment to be moved to as soon as it comes offline. Limit access to only necessary personnel and implement a schedule to ensure devices do not sit for too long. Monitored, locked security bins or carts (usually provided by ITAD vendors) can be used to easily collect smaller devices and hard drives from employees.
Implement a Security Policy
Put an explicit end-of-life process in writing with clear instructions on what needs to happen with decommissioned computer equipment and technology devices, including portable assets. Ensure all staff read and agree to the policy and don't say it if you don't mean it - instituting policies must be enforced for users to know you're serious about the rules.
At SEAM, we take IT Asset Lifecycle Management seriously. If you are looking to protect your Sioux Falls, South Dakota, Iowa or Nebraska business equipment, let us help you implement a secure disposal plan. Contact us for a free quote to properly plan, securely resell, or safely dispose of your used IT equipment.