Up your IT Asset Disposition (ITAD) Game
Data stored on technology, whether in-use or not, should always be protected. If not, information could easily be stolen from unused hard drives, servers, cell phones, or other devices. With a common focus on cybersecurity, security gaps during the IT Asset Disposition (ITAD) process becomes an easy target.
When IT devices are ready to be disposed of or resold, businesses must take action to avoid lawsuits, customer loss, and compliance issues that commonly follow data breaches of any size.
Steps to fill security gaps and up your ITAD game:
1. Verify Data is Wiped. When done right, data wiping is an effective method for destroying data. If wiping is performed in-house, make sure all drives are being sent to a trusted partner in case any are missed, whether hiding in a system or just not wiped completely. Mistakes can easily be made when it’s not your main job. An experienced partner will recheck each drive, ensure it’s wiped completely, scan the serial number and securely shred or re-wipe the drive. With this “second-check”, nothing slips through the cracks.
2. Make Sure Assets are Secure in Transport. When it comes to in-transit theft, electronics are a hot commodity. According to a 2016 CargoNet report, electronics were the second most stolen commodity with the highest value loss at to $45.6 million, not including the value of lost data. When equipment leaves your facility, it’s crucial to keep it secure even if wiping was already performed by your team. If done in-house, drives can often be missed or not completely wiped due to drive failures. Regardless of where an IT device is lost, you as the company are liable for any data breach, not the transporter. Look for a vendor who offers onsite shredding, secure collection bins, sealed trucks, and proper insurance coverage.
3. Know Where Equipment is Going. After equipment leaves your possession, where does it go? Once IT devices arrive at your recycler or reseller’s facility, they should be secured and tracked to ensure no loss occurs. The building should be physically secure with restricted access and proper surveillance. Staff should be trained and monitored to guarantee nothing is stolen or removed from the secured areas, and all data-containing assets should be immediately controlled. R2 and e-Stewards certified vendors undergo rigorous audits to ensure their physical security is efficient. Non-certified vendors are not held to the same standards and may not be able to provide a high-security service at their facility. Don’t hesitate to ask for a tour of where your equipment is going to be processed for recycling or resale.
4. Know if Equipment will be Resold. If your IT assets still hold value, they may be resold for reuse. If this is the case, you could maximize your return-on-investment through revenue sharing, but more importantly, you must make sure the data will be completely erased and no identifying properties from your company remain. If data wiping is not done properly and data is recoverable, you are responsible for any type of data exposure. Along with data security, it’s important to make sure equipment is sold for current market value to get the highest return possible. If your vendor use uses an eCommerce selling platform like eBay, check out their ratings and reviews. This will give you good insight as to how they do business and if they’ve run into any issues in the past. Ask for a tour to see their refurbishing and remarketing process in person. If you can witness the employees removing asset tags and applying strict security and wiping standards, you’ll have transparency on how the process is performed.
5. Understand the Recycling Process. If your device is not able to be reused, it should be properly recycled. The final disposition of end-of-life equipment is very important. If not done correctly, you could be on the hook for illegal dumping, EPA cleanup fees, or even have your name from an asset tag found overseas plastered in the news. Despite what your recycler promises, the company who generated the material is liable for how the equipment is disposed of. Ask the vendor about their recycling process and what standards they adhere to. Hazardous materials should be properly handled, data containing devices should be shredded, and commodities should be separated and shipped to compliant downstream vendors for processing. Look for R2 and e-Stewards certifications, as these standards guarantee the process is done legally and environmentally sound. You should also receive a certificate of destruction for your records in case you need to prove how your equipment was handled. Many recyclers will also let you witness the shredding process firsthand to give you complete transparency.
These steps will help you step up your ITAD game when it comes to data security. If your company is located in the Midwest, SEAM can help you uncover your current risks and help you avoid costly mistakes. Contact us for a quote for onsite or offsite shredding, recycling and resale services, or ask for a free risk audit to check how your current process holds up.