Vulnerabilities exposed during disposal of used computers

Don’t create a security breach.

That should be the mantra of anyone who has a hand in managing information

    Requires Free Membership to View

risk, but so many people overlook the realities of disposing old computers and related equipment. I’d venture to guess more effort and money go into “green” marketing initiatives than proper system disposal. The focus is on business reputation as it pertains to good corporate citizenship, but sensitive information is being exposed when old electronics go out the door. There’s a bit of irony in it all.

Kevin Beaver

Proper disposal of used computers is not just about wiping hard drives. There are personal records, intellectual property and sensitive system configuration information on routers, firewalls, telephone equipment, backup tapes, smartphones and so on. It’s everywhere. If you’re not taking the proper steps to identify sensitive information before it leaves the building, you’re opening your business -- and yourself -- up to big headaches, at best. These headaches can quickly turn into nightmares if sensitive information is ever brought out and used against you.

Take a look at your company handles the disposal of used computers . Can you truly say that sensitive information is completely cleared off your systems that are traded, sold or otherwise thrown out? Based on your experience managing information risk and the misfortunes of others, what should you be doing more of? Is there anything you should be doing less of, or not at all? These are the kinds of questions that can help improve your compliance and information security initiatives.

At a minimum, your disposal program should include the elements shown in Figure 1:

In essence, you need to know what you’ve got, ensure that everyone knows the requirements and processes, enforce the rules and never let up.

There are enough security threats and vulnerabilities to information risk management as it is. Breaches borne out of improper disposal of used computers are totally preventable. You should vow to get your arms around computer equipment disposal. Systems and sensitive information will no doubt slip through the cracks, but your goal isn’t to eliminate all risk. That’s an impossible task. Instead, develop a solid and repeatable process that shows your business is doing the right thing to minimize risks and reduce the impact when a breach does occur. It’s when businesses ignore basic due diligence and stand out from the crowd that they get into trouble.

Kevin Beaver is an information security consultant and expert witness, as well as a seminar leader and keynote speaker at Atlanta-based Principle Logic LLC. Beaver has authored/co-authored eight books on information security, including The Practical Guide to HIPAA Privacy and Security Complianceand the newly updated Hacking For Dummies, 3rd edition. In addition, he's the creator of the Security On Wheels information security audiobooks and blog.

This was first published in February 2012

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.