There aren't many corners of life that 2020 didn't test. Adapting, flexing, and finding new ways to get old things became normal. As everything shifted more predominately online – from work, to school, to the knitting clubs' weekly stitch-ins – data security became a hot topic around the virtual water cooler.
While a lot of focus has naturally been on cloud-based ransomware attacks, there's another quiet threat growing on the sidelines: electronic waste and data security.
Even the best information technology asset disposition (ITAD) plan can have holes in it, especially when large parts of your workforce work remotely with their devices. And while you can push software security updates from a central location, the need to manage potential data breaches via hardware is just as important.
Whether on a hard drive, memory card, flash drive, SIM card, most electronics hold personal and corporate information. Most of us keep our most prized possessions in the form of data on devices: Personal bank accounts, health information, and credit card numbers – even on our work devices. What's more, professional information such as contacts, logins, passwords, sensitive documents, research reports, and personal plans all live on these devices and are potentially susceptible to data security breaches.
In order to avoid a hardware data breach, it's vital to sanitize devices of data at the end of their useful life. Examples of such devices might include a laptop or cellphone that you upgraded, a memory stick that is no longer needed, or a hard drive that no longer turns on. In the hands of cybercriminals, this information is a goldmine of potential value. According to the annual report from IBM Security and the Ponemon Institute, the global average total cost of a data breach in 2020 was $3.86 million.
Additionally, cybercriminals can not only capture personal and corporate credentials but client and patient information, as well. Suppose you do expose an individual's personal financial or health information in a data breach. In that case, you could violate either the Gramm-Leach-Bliley Act (GLBA) of 1999 or the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Both come with hefty fines – not to mention the loss of public opinion.
E-waste Recycling for Data Sanitization
When a device has reached the end of its useful life, it must be recycled appropriately – not just for the benefits to the environment and to meet potential local, regional, and state laws and guidelines, but for the sake of data security.
While you might assume that removing parts of a hard drive and damaging them will destroy all of the sensitive information housed in the equipment, drilling hard drives aren't enough. Not only is it possible for data to remain recoverable, but it also exposes harmful chemicals to the person holding the drill. In short, it's neither safe nor effective.
There is a documented and secure process for handling data-storing devices and sensitive data developed by the International Organization for Standardization (ISO). E-Stewards are ISO-certified experts in the management and handling of data-bearing devices for electronics recycling. They understand and know how to comply with the core set of standards to provide products and services that meet customer and applicable statutory and regulatory requirements.
An entire industry has grown around responsible reducing, reusing, and recycling methods for electronics. By partnering with certified third-party e-waste recycling experts, you can most effectively minimize the impact of your dead tech on both your data security and the environment.
Learn more by reading, "10 Facts about Electronics Recycling" here.