By Veena Clay December 1, 2014
Data breaches as a result of hacking and security breaks are increasingly common. The recent Gameover Zeus hacker virus controlled 250,000+ business systems and resulted in the theft of more than $1 million from accounts worldwide. And, who can forget the huge Open SSL breach, Heartbleed, which recently wreaked havoc on computer passwords around the world. Such breaches are usually caused by hackers and result in criminal charges when resolved.
However, there are other types of data breaches, particularly from the risk of inadvertent data exposure. Consumers and businesses alike should be aware that recycling electronic waste could pose a threat to data systems located on hard drives if not handled properly. However, finding a responsible electronics recycler can help reduce the risk of data breaches and grant the much-needed peace of mind that companies need.
The risk of data leaks through improper disposal
First, it should be mentioned that the risk of electronic data leakage due to improper disposal is absolutely real. Health organizations are particularly vulnerable because of informal methods of transporting and storing devices marked for disposal by employees. Information contained on the electronic devices is sometimes leaked, stolen or lost on the way to recycling centers.
The number of data breaches due to improper disposal in the health industry increased from 2011 to 2012, the latest year for which information is available. According to reports submitted by the Office for Civil Rights, a large portion of data breaches occurred due to theft and loss, with about 4% attributed to improper disposal in 2012.
Governments and retail chains are also vulnerable to data breaches resulting from improper disposal or the lack of a viable disposal plan. The phenomenon is causing legislators and regulators to take action to protect consumers, but businesses and nonprofits should also take precaution. Implementing a positive plan to combat electronic waste data breaches may be the only viable way to ensure that information remains uncompromised, even when a device is sent away for recycling.
Tips to protect your valuable data
Here are a few key tips to protect the valuable data contained on devices within your organization or business:
1. Get the best physical data destruction
Laws and regulations regarding the proper disposal of electronic waste often ban dumping in landfills and require specific methods for collection and disposal based on government guidelines. This means that physical data destruction must go beyond merely discarding into the landfill. Instead, it must be sufficiently sophisticated so that sensitive date is completely removed or destroyed.
Relying on electronic waste disposal plans managed by employees and staff alone for physical data destruction may not be effective in this area. Instead, consider relying on a responsible recycling company with specific measures in place, such as high-efficiency shredders, to handle the proper removal of sensitive data before the recycling process is complete.
2. Avoid long-term storage of end-of-life devices
Long-term storage can increase the risk of loss or theft, which leads to serious data breaches. In fact, many recent data breach cases were the result of computers left to sit in off-site storage facilities with little or no regulation or supervision of the information contained on hard drives and storage devices.
Rather than choosing to place end-of-life devices in storage, creating an electronic waste disposal plan may be a better choice. The plan should ensure that storage time is minimal or completely eliminated, thereby decreasing the risk of theft, loss or inadvertent exposure of sensitive information.
3. Invest in software-based data destruction
Though software-based data destruction has been around for quite some time, many businesses may not be aware of its significance in relation to proper electronic device disposal and recycling. In some cases, such software may be absolutely essential for businesses and organizations in terms of the cost savings and time management advantages.
The way the software works is key. Many of the products available on today’s market offer a means of wiping hard drives or storage devices so that no information remains on a device marked for disposal. This is an effective way of ensuring that thefts and data breaches attempted after the device is sent for recycling do not risk the loss of valuable information. It also is a much better solution than simply erasing files, a method that is easily thwarted by hackers with the ability to recover files or restructure data from hard drives.
4. Obtain a certificate of destruction
Certificates of destruction are often issued in addition to the data security measures offered at some recycling centers and companies. Readers may be familiar with certificates of destruction in relation to cars and other motor vehicles as a means to clear title. Here, certificates of destruction work similarly as legal documents that exonerate owners of recycled goods. In other words, once an owner hands over a device to a recycler, a certificate of destruction passes on all legal responsibility for the item, including destruction of sensitive data, to the recycler.
5. Investigate the laws on data destruction
Many governments around the world are concerned with the loss of sensitive data through theft, hacking and improper disposal. Laws and regulations are in place in nearly every country requiring companies to secure data even during the disposal process. These laws include penalties and fines that can be avoided if given proper attention. For instance, in the U.K., fines and penalties can equal up to $7 million per event for data leaks impacting consumers.
Here in the U.S., most states with electronic recycling laws also require vendors to followed government regulations to ensure that consumer information remains safe. It is important to be aware of which guidelines apply to your organization and to organize an electronic waste disposal plan around them.
The best tip to protect your valuable data: Choose a reliable electronic recycler
The best tip to avoid data breaches involving electronic waste is to choose a reliable electronic recycler. ERI is home to the largest and most advance shredders in the U.S., ensuring that data contained on electronic devices are completely destroyed during the recycling process. ERI offers physical and software-based data destruction and issues certificates of destruction to all of its clients. As an added measure, clients can watch a video of the recycling process via a live feed for additional verification that sensitive data is securely removed and destroyed. To learn more about the specific advantages of recycling with ERI, click here.