While it is industry practice to comply with data erasure policies on physical IT assets, many organizations fail to ensure complete information deletion on devices at end-of-life. As such, security threats at device end-of-life is an increasingly worrying IT issue. Research from Blancco Technology Group with 159 drives purchased from licensed sellers shows that sensitive corporate data can still be found on pre-owned devices, even if the seller had marketed the technology as having undergone the proper cleaning procedures.
Avoid Common Mistakes with Data Erasure at Device End-of-Life
As ITAD providers, we are especially aware of the risks of using inappropriate data removal methods. Failure to implement the right measures could open your company to liability, which can be prevented with some pre-emptive action.
The following list presents the highest priority standards to implement in order to avoid negligent data removal practices:
- Use Certified Data Erasure Methods: Unfortunately, common practices like overwriting your devices using uncertified software or simply reformatting hard drives are all insecure means of processing your devices at end-of-life. We highly recommend the use of automated, certified software that allows an administrator to assure complete file deletion.
- Maintain a Chain of Custody: Physically destroying devices using degaussing and shredding without maintaining an audit path is risky and leaves room for data breaches. Considering this fact, keeping a chain of custody is a requirement of many security protocols.
- Declutter: Do not hoard devices that have reached their end of life. Data from Blancco’s research reveals that many companies keep hardware that they do not use, which is a financial drain as well as a huge security risk.
- Educate: Employees should be trained on proper file deletion practices. Many users can be under the impression that a file is permanently removed, when in fact it has only been moved to the Windows Recycle Bin, for example. Another mistake is to assume that the “Shift + Delete” option – which deletes a file and bypasses the Recycle Bin – is a permanent deletion, when in reality the file remains on the drive until it is overwritten by another file or digital deletion software. Numerous free and downloadable tools are available to recover files that have been removed using the “Shift + Delete” key combination, making it easy for criminals to scour for data in old devices. Your employees should be informed of these issues so that they can properly enter the chain of custody for who has had access to company devices and what procedures they have performed on it.
At Tech Reset, we hope to promote the most efficacious sanitation methods for our consumers and will ensure that your data stays secure, therefore not allowing repurposing or criminal breaches. Our customers are each given a detailed Erasure Report on completion of our services to guarantee that we have scanned and sanitized every segment of your devices.
We know the important role that ITAD providers play in making sure that devices that have reached their end-of-life are properly cleaned and disposed of. At the same time, we believe that erasure measures should not be prohibitively expensive. The most cost-effective way to process your device and secure your data at the end-of-life is not physical destruction, as many businesses mistakenly believe. We encourage the use of the proper collection, digital data destruction processes, and recycling of your hardware. An added benefit of recycling is the prevention of e-waste: an important backbone of our practices. Tech Reset promises data destruction at an affordable price while also upholding our zero-landfill initiative policy.