Disposing of devices in a sustainable manner, while also safeguarding sensitive data, is a dual challenge that many organizations face today.
If the old computer was not encrypted, someone can simply go dumpster diving and retrieve it to gain access to any local files and data stored on the device.
Organizations have suffered data breaches due to improper disposal of computers, leading to unauthorized data access and all the financial and legal ramifications that come with that.
Even if an organization takes a more thoughtful approach and reuses or resells old devices, secure data disposal is not a guarantee.
In 2022, Morgan Stanley had to pay $60 million to settle a data security lawsuit after reselling unencrypted equipment that still contained customer data.
Organizations must adopt secure data disposal methods to follow data protection laws, such as GDPR and HIPAA. At the same time, many must adopt sustainable IT asset disposition methods to follow the e-waste laws that several governments have in place.
To balance these needs and avoid environmental and security risks, IT should learn how to securely recycle enterprise computers.
Regardless of the proper use of cloud-based tools, most Windows computers still store data locally, such as Outlook PST files, which can contain months of email, contacts and calendar information - data that should not fall into the wrong hands.
Formatting a disk doesn't delete the data on the disk; it only removes the pointers to the data.
As long as IT isn't doing a low-level format or using software that overwrites the old data, there is a chance that the data is still easily accessible through recovery software.
Software-based methods can overwrite all data on the storage devices and ensure no trace of the original data remains.
It's important to use tools that meet recognized standards, such as NIST Special Publication 800-88, for data erasure.
In cases where data wiping or degaussing isn't feasible, the next option is physical destruction, such as shredding the hard drives.
For federal data, compliance with National Security Agency data destruction requirements might be necessary.
In addition to completing data destruction IT should confirm that the device is at its end of life and make sure that its parts don't become e-waste.
After properly erasing all the sensitive data, admins can decide on the most practical way to get rid of the hardware.
Before a computer is either repurposed or recycled, ensure that all valuable data is backed up securely, preferably in a cloud-based service.
Regardless of how an organization decides to retire its hardware, it's crucial to perform secure data erasure on the devices.
Provide guidelines to employees for backing up their data safely and ensuring that they do not store any data locally on the device.
Properly recycling enterprise computers is a comprehensive process that involves employing secure data deletion, analyzing the potential for reuse and working with responsible recycling programs.
This Cyber News was published on www.techtarget.com. Publication date: Thu, 11 Jan 2024 17:43:04 +0000