Erasing data is not straightforward

Issue 1 2023 Security Services & Risk Management

Takalane Kashane.

Safeguarding your data is a business imperative. Regardless of size or industry, confidentiality is vital for maintaining the trust and positive public standing your organisation has earned. But, in an increasingly regulated and privacy-conscious world, the concerns around a misstep are not limited to your business’s reputation alone; between fines from data protection bodies and potential settlement fees, the fiscal impact of a data leak can be enormous.

The threat of an old laptop

While the threat of cybercrime, phishing and hackers gaining access to digital infrastructure is increasingly well understood and mitigated, the risk of a data breach from tangible physical assets must not be overlooked. Companies that improperly dispose of outdated equipment or seek to destroy documents containing sensitive information with no thought to the privacy concerns involved, put themselves at a far greater risk of harmful data breaches, unwanted disclosures, and vast reputational and financial damage than they realise. With the lion’s share of business data still being stored on computers, hard drives and servers, repurposing, recycling or otherwise discarding your IT assets appropriately is key.

IT asset disposal should always follow a defined process. Most crucially, whatever the method of disposition, it is always the owner’s responsibility to ensure that any data on the assets is destroyed. While businesses today do tend to be savvy enough to know that their IT assets should be erased before they dispose of them, what many do not realise is that erasing data effectively is more complex than simply reformatting a drive or deleting files.

So, with this in mind, here is how to ensure that you are wiping data properly, as well as mitigating other data security risks throughout the IT asset disposition (ITAD) process.

Comprehensive data destruction

Data destruction is the most important part of the entire ITAD process. It must never be overlooked or improperly completed. The very first thing you should do when discarding or repurposing IT equipment is to thoroughly remove any data from it, as best as you are able.

However, truly thorough removal requires specific techniques and tools and sadly, it is not sufficient to simply delete files, empty your device’s virtual ‘bin’ or reformat a disc drive. While a deleted file will be removed from directories, most of the data itself remains untouched. A reformatted drive deletes the pointers to files, but all it takes is the appropriate software to recover most of the content that existed on that device. Instead, purpose-designed data erasure software that complies with the NIST 800-88 standard should be used, or the hardware needs to be completely physically destroyed, if it cannot be wiped.

When entrusting your asset disposal or recycling to a third-party vendor, make sure that they can demonstrate the use of NIST 800-88-certified software or provide proof of the physical destruction and dismantling of the equipment. A reputable vendor will use certified overwriting software to scrub your data entirely, provide audit reports to verify that the data has been completely removed, and provide certificates of recycling, or proof of destruction and appropriate disposal, for every single asset you assign to their care.

The anticipated boom in e-waste

As soon as an asset leaves your IT team’s possession and the confines of the business premises, it becomes vulnerable – and as more and more employees incorporate flexible working into their schedules, the pressure on organisations to keep track of all equipment integrated across their network increases. Implementing a defined ITAD process and placing the assets in trusted hands for disposition is therefore the natural next step in minimising an organisation’s data security risk, as equipment gets upgraded and employees adapt to new modern working norms.

Indeed, electronic and electrical waste (e-waste) is the world’s fastest growing waste stream, with a report from the UN establishing that the world currently produces as much as 50 million tonnes of e-waste a year. This is expected to vastly increase, with current trends, such as hybrid working, fuelling predictions that e-waste will reach 120 million tonnes per year by 2050. E-waste management is a big challenge for many African countries due to a lack of awareness and environmental legislation as well as restricted resources.

A secure and trackable chain of custody

A quality contractor will offer a secure and fully visible chain of custody from the moment they begin handling your assets until disposition is complete. Real-time asset tracking showing the location and status of equipment at all times is optimal here, as not only does it help to ensure that no equipment is misplaced during the process, but it also adds a layer of assurance that third-party interference is impossible.

Ideally, the item will be scanned onto a tracking system immediately and assigned a unique identifier code. The item should then be scanned and logged at every step of its journey, and each time it leaves or arrives at a new facility, until the full data destruction or, if applicable, successful repurposing of the asset has been recorded.

Furthermore, it is also important to ensure that any processing facilities your assets go through have adequate fire protection, power, HVAC and communication systems, as well as security guards, secure entry systems (i.e., key card entry) and video surveillance.

The improper disposal of IT assets exposes your organisation to unnecessary risks that can otherwise be reasonably avoided. It is well worth adhering to best practices and/or engaging a reputable contractor for this process, so that your chances of suffering any form of data breach are minimised.

The average cost of a data breach is now nearly R50 million and breach costs have increased by nearly 20% over the last two years. As data protection legislation continues to tighten across the globe, ensuring that all data is fully expunged from any retiring IT asset and that equipment is recycled, repurposed or destroyed in a secure and compliant way, is one of the most critical steps in your entire data security system.

Ensuring a compliant disposal procedure for all your organisation’s data, be it physical or digital, will also ensure that your business can keep track of its environmental impact more successfully, with a view to improving its sustainability across the long-term.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Three new portable power stations to ease load shedding
News Security Services & Risk Management Products
EcoFlow has launched three portable power stations that provide sufficient power for consumers wherever they are; the DELTA 2 and RIVER 2 Series are feature-filled power solutions to the volatile electricity supply.

You cannot bribe a computer
Access Control & Identity Management Security Services & Risk Management
Corruption is a cancer that destroys the prospects and stability of countries and businesses. It widens wealth gaps and punishes the poor. It costs countries many billions in lost revenue.

How much protection does cyber insurance really give businesses?
Cyber Security Security Services & Risk Management
If organisations don’t meet even the minimum requirements of security and data protection, insurance will do them little good. Instead, it needs to be just one part of the digital resiliency toolbox.

Off-grid power solution for residential estate
Editor's Choice Security Services & Risk Management Residential Estate (Industry) Products
Coral Beach Estate, an upmarket residential estate based in East London, has been struggling with load shedding and power outages due to South Africa's energy crisis, as well as the vandalism of its power infrastructure.

SafeCity Guarding rolls out across 14 suburbs in Johannesburg
News Security Services & Risk Management
In a major drive to provide communities across Johannesburg with additional safety, Vumacam, in partnership with Fidelity ADT and other security providers across the region, rolled out the innovative SafeCity Guarding initiative in 14 suburbs.

FleetDomain underpins Afrirent’s value proposition
Logistics (Industry) Security Services & Risk Management
Afrirent, a 100% female black-owned fleet management company, has been relying on FleetDomain software for a number of years to help it deliver outstanding service to a growing number of clients.

Choosing an inferior lithium battery can be detrimental and unsafe
Uniross Batteries Security Services & Risk Management Products
South Africans looking to mitigate the impact of load shedding by installing a solar system for their home must do so through an accredited installer or electrician to avoid insurance claims being rejected.

Employee screening, a hiring necessity or an invasion of privacy?
Security Services & Risk Management
There is a fine line between checking a potential employee’s qualifications and references, and investigating aspects of their lives that have nothing to do with their job application.

Keeping students, staff and communities safe
Vumacam News CCTV, Surveillance & Remote Monitoring Security Services & Risk Management
South African schools are facing increasing security challenges, making effective surveillance systems more important than ever. To address this issue, Vumacam is offering advanced security solutions with security partners, aimed at keeping students, staff, and the community safe.

Technology is key to securing physical and cybersecurity
Education (Industry) Security Services & Risk Management
The interpretation of security in educational institutions depends on whom you are talking to and whether their focus is on the physical security of the institution, its assets and its people, or its information and communication technology perspective.