It seems like a no-brainer practice that any good business person would follow. When you send your old computer equipment to the recycling center or off for resell through a hardware broker you first ensure any sensitive electronic information is erased or otherwise destroyed. Given that we’re well into the era of information privacy and security compliance, you’d think it’d be safe to assume that most people understand the importance of proper system disposal.
A quick peek at the Chronology of Data Breaches paints a different picture as there have been numerous computer disposal gaffes this year. This isn’t a problem isolated to the United States according to a study by Vanson Bourne that found that 75% of e-waste is unaccounted for. It is clear that we’ve got a problem that, like malware infections, will likely get worse before it gets better. Systems VARs can help fix the problem and make some money at the same time.
By helping your customers ensure proper wiping or the secure encryption of sensitive information on decommissioned systems you can alleviate risk for customers and offer a needed, and billable, service.
One approach is to help customers establish in-house processes for securely preparing all devices before they leave the building. Many IT managers don’t know where information is located across the enterprise, so you could help your customers establish an information classification and location process so they have their ducks in a row prior to unloading old hardware. Some business managers aren’t even aware of their basic compliance requirements, which is a great opportunity for new services, and e-waste can be a great foot-in-the-door approach. You can also work directly with a hardware broker or refer your clients to trusted sources and receive a commission.
Keep in mind that proper e-waste disposal is not just a matter of wiping hard drives. You can help your clients protect sensitive information on:
- Wireless access points
- SD and micro SD cards
- Tape backups
The reality is, if a piece of hardware is somehow configurable and stores any type of sensitive information such as passwords, network configurations, client records, intellectual property and the like, then it’s fair game and needs to be handled appropriately before it’s disposed.
The security issues surrounding e-waste provide a great opportunity for additional consulting fees, software licenses and hardware commissions. So many people are jumping on the “green” bandwagon. Why not use it to your advantage so everyone benefits?
About the author
Kevin Beaver is an information security consultant, expert witness, and professional speaker with Atlanta-based Principle Logic, LLC. With over 22 years of experience in the industry, Kevin specializes in performing independent security assessments revolving around information risk management. He has authored/co-authored 10 books on information security including The Practical Guide to HIPAA Privacy and Security Compliance and Hacking For Dummies. In addition, he’s the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Follow @KevinBeaver on Twitter or connect to him on LinkedIn.