The risk of information security breaches is a large concern for all companies, or it should be, if not. These days, responsible companies are throwing endless resources at preventing hackers from accessing their valuable information and/or customer information at the hands of hackers. While this is very important, they sometimes fail to see the potential information leaks due to little or no formal process to handle their retired or End of Life (EOL) equipment. Every year we see more and more companies experiencing information leaks coming from their equipment, that is no longer in use.
Retired assets need to be given the same care and consideration as any other valuable asset within a company. So often there is no budget set aside for the proper handling of this EOL equipment and therefore it is treated as basic e-waste and given to a local scrap company or the first person willing to take it off their hands for free. Sometimes they negotiate a deal to get paid for these assets as they exit the back door. Once they leave their facility no more thought is given to them. Quite often these assets still have HDD’s still in them. This is a recipe for a security breach that was not expected.
Every company needs to establish a formal process for handling all their EOL equipment. If this process is set up with a trusted EOL processing partner, they will assist you from start to finish. This should always include and itemized report of all equipment removed from your facility. You should have a documented procedure with your EOL processor that details how each piece of equipment will be documented and ultimately disposed of. Sometimes this includes some reuse or re-purposing of the equipment, be sure this is agreed upon up front. Also, there needs to be an established form of information destruction and/or physical destruction of all HDD’s or any other information containing device to be processed. This destruction should also include a separate itemized audit report for your records. Most reputable EOL processing companies will also include a sustainability report, that states your landfill diversion weights, for any corporate directive stating the company’s desire to be Green, which is important these days to protect the environment.
While you are taking the time to protect your company from outside hack attacks, it is also vital that you give attention to the attack that can come from what you freely hand to others to process for you. This should be part of an overall security program concerning all IT assets.