Erasing data is not straightforward

Issue 1 2023 Security Services & Risk Management


Takalane Kashane.

Safeguarding your data is a business imperative. Regardless of size or industry, confidentiality is vital for maintaining the trust and positive public standing your organisation has earned. But, in an increasingly regulated and privacy-conscious world, the concerns around a misstep are not limited to your business’s reputation alone; between fines from data protection bodies and potential settlement fees, the fiscal impact of a data leak can be enormous.

The threat of an old laptop

While the threat of cybercrime, phishing and hackers gaining access to digital infrastructure is increasingly well understood and mitigated, the risk of a data breach from tangible physical assets must not be overlooked. Companies that improperly dispose of outdated equipment or seek to destroy documents containing sensitive information with no thought to the privacy concerns involved, put themselves at a far greater risk of harmful data breaches, unwanted disclosures, and vast reputational and financial damage than they realise. With the lion’s share of business data still being stored on computers, hard drives and servers, repurposing, recycling or otherwise discarding your IT assets appropriately is key.

IT asset disposal should always follow a defined process. Most crucially, whatever the method of disposition, it is always the owner’s responsibility to ensure that any data on the assets is destroyed. While businesses today do tend to be savvy enough to know that their IT assets should be erased before they dispose of them, what many do not realise is that erasing data effectively is more complex than simply reformatting a drive or deleting files.

So, with this in mind, here is how to ensure that you are wiping data properly, as well as mitigating other data security risks throughout the IT asset disposition (ITAD) process.

Comprehensive data destruction

Data destruction is the most important part of the entire ITAD process. It must never be overlooked or improperly completed. The very first thing you should do when discarding or repurposing IT equipment is to thoroughly remove any data from it, as best as you are able.

However, truly thorough removal requires specific techniques and tools and sadly, it is not sufficient to simply delete files, empty your device’s virtual ‘bin’ or reformat a disc drive. While a deleted file will be removed from directories, most of the data itself remains untouched. A reformatted drive deletes the pointers to files, but all it takes is the appropriate software to recover most of the content that existed on that device. Instead, purpose-designed data erasure software that complies with the NIST 800-88 standard should be used, or the hardware needs to be completely physically destroyed, if it cannot be wiped.

When entrusting your asset disposal or recycling to a third-party vendor, make sure that they can demonstrate the use of NIST 800-88-certified software or provide proof of the physical destruction and dismantling of the equipment. A reputable vendor will use certified overwriting software to scrub your data entirely, provide audit reports to verify that the data has been completely removed, and provide certificates of recycling, or proof of destruction and appropriate disposal, for every single asset you assign to their care.

The anticipated boom in e-waste

As soon as an asset leaves your IT team’s possession and the confines of the business premises, it becomes vulnerable – and as more and more employees incorporate flexible working into their schedules, the pressure on organisations to keep track of all equipment integrated across their network increases. Implementing a defined ITAD process and placing the assets in trusted hands for disposition is therefore the natural next step in minimising an organisation’s data security risk, as equipment gets upgraded and employees adapt to new modern working norms.

Indeed, electronic and electrical waste (e-waste) is the world’s fastest growing waste stream, with a report from the UN establishing that the world currently produces as much as 50 million tonnes of e-waste a year. This is expected to vastly increase, with current trends, such as hybrid working, fuelling predictions that e-waste will reach 120 million tonnes per year by 2050. E-waste management is a big challenge for many African countries due to a lack of awareness and environmental legislation as well as restricted resources.

A secure and trackable chain of custody

A quality contractor will offer a secure and fully visible chain of custody from the moment they begin handling your assets until disposition is complete. Real-time asset tracking showing the location and status of equipment at all times is optimal here, as not only does it help to ensure that no equipment is misplaced during the process, but it also adds a layer of assurance that third-party interference is impossible.

Ideally, the item will be scanned onto a tracking system immediately and assigned a unique identifier code. The item should then be scanned and logged at every step of its journey, and each time it leaves or arrives at a new facility, until the full data destruction or, if applicable, successful repurposing of the asset has been recorded.

Furthermore, it is also important to ensure that any processing facilities your assets go through have adequate fire protection, power, HVAC and communication systems, as well as security guards, secure entry systems (i.e., key card entry) and video surveillance.

The improper disposal of IT assets exposes your organisation to unnecessary risks that can otherwise be reasonably avoided. It is well worth adhering to best practices and/or engaging a reputable contractor for this process, so that your chances of suffering any form of data breach are minimised.

The average cost of a data breach is now nearly R50 million and breach costs have increased by nearly 20% over the last two years. As data protection legislation continues to tighten across the globe, ensuring that all data is fully expunged from any retiring IT asset and that equipment is recycled, repurposed or destroyed in a secure and compliant way, is one of the most critical steps in your entire data security system.

Ensuring a compliant disposal procedure for all your organisation’s data, be it physical or digital, will also ensure that your business can keep track of its environmental impact more successfully, with a view to improving its sustainability across the long-term.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

SAFPS issues SAPS impersonation scam warning
News & Events Security Services & Risk Management
The Southern African Fraud Prevention Service (SAFPS) is warning the public against a scam in which scammers pose as members of the South African Police Service (SAPS) and trick and intimidate individuals into handing over personal and financial information.

Read more...
Rewriting the rules of reputation
Technews Publishing Editor's Choice Security Services & Risk Management
Public Relations is more crucial than ever in the generative AI and LLMs age. AI-driven search engines no longer just scan social media or reviews, they prioritise authoritative, editorial content.

Read more...
How can South African organisations fast-track their AI initiatives?
AI & Data Analytics Security Services & Risk Management
While the AI market in South Africa is anticipated to grow by nearly 30% annually over the next five years, tapping into the promise and potential of AI is not easy.

Read more...
Efficient, future-proof estate security and management
Technews Publishing ElementC Solutions Duxbury Networking Fang Fences & Guards Secutel Technologies OneSpace Technologies DeepAlert SMART Security Solutions Editor's Choice Information Security Security Services & Risk Management Residential Estate (Industry) AI & Data Analytics IoT & Automation
In February this year, SMART Security Solutions travelled to Cape Town to experience the unbelievable experience of a city where potholes are fixed, and traffic lights work; and to host the Cape Town SMART Estate Security Conference 2025.

Read more...
Stallion repositions itself as a services provider
News & Events Security Services & Risk Management
Stallion has rebranded as Stallion Integrated Solutions to reflect its expanded capabilities beyond traditional security services to delivering integrated solutions that enhance safety, asset management, and operational efficiency.

Read more...
Seven tips to help ensure your backup batteries work
Power Management Security Services & Risk Management
Load shedding is back, officially or not. Lance Dickerson offers seven tips to prolong the life of your power backup systems and ensure they perform as intended when needed.

Read more...
Cybersecurity best practice
Information Security Security Services & Risk Management
Breach and attack simulation has become an essential element of cybersecurity strategies in any modern business by allowing companies to actively detect and resolve vulnerabilities through real-world attack simulations.

Read more...
Historic Collaboration cuts ATM Bombings by 30%
Online Intelligence Editor's Choice News & Events Security Services & Risk Management
Project Big-Bang, a collaborative industry-wide task team, has successfully reduced ATM bombings in South Africa by 30,7% during the predetermined measurement period of November, December and January 2024/5.

Read more...
Keeping safety central to enterprise risk management
Zulu Consulting Security Services & Risk Management
[Sponsored] As employee safety becomes an ever-more critical aspect of corporate risk management, Risk-IO assists risk managers in ensuring a safe working environment, whether in an industrial setting, an office, or anywhere.

Read more...
Empower individuals to control their biometric data
Information Security Access Control & Identity Management Security Services & Risk Management
What if your biometrics, now embedded in devices, workplaces, and airports, promising seamless access and enhanced security, was your greatest vulnerability in a cyberattack? Cybercriminals are focusing on knowing where biometric data is stored.

Read more...