Data Security… The Untold Story on Embedded Media
The computer recycling industry is young and as with any new industry, lessons are learned as it gains maturity. Unfortunately, in this industry gaps in data security are being discovered the hard way, which we’ve seen from the data breaches and numerous large retailers this and last year. Although the number of data security laws on the books is increasing, we’ve still encountered shocking gaps in data security simply because of lack of knowledge. At Brass Valley, we help to educate our customers and the public at large on some of the hidden dangers they may be exposed to. Here are just a couple of examples of hidden data and potential threats that we’ve found.
Last year a client was moving and needed to get rid of their old phone system, which was a few hundred phones and a few controller units. When we discussed data security, we were told that someone came in and erased all their hard drives, so we brought the equipment into our facility for processing and remarketing. As part of the process we test these items. We found IP addresses, passwords, and voicemails, among other things.
Another client, a well-known box store, sent us all their inventory scanners for disposal. They insisted no data security would need to be applied because someone shredded their hard drives. Again, what we found was a wireless card in each scanner with complete login credentials to the wireless network of the client and their inventory database.
In a more recent situation, a client was refreshing their CISCO switches and we were called in to provide a trade in value. We asked if part of the buy price would include proper erasure of the devices. The client thought for a minute and said, “I’m not sure.” We talked further and discovered that they had no idea which switches had media in them and which ones didn’t. Because he didn’t track it, he wasn’t sure what needed data security. This realization made him think about the wide open exposure his company had by not erasing prior switches that were recycled.
A large financial client was replacing and reselling their multifunction fax machines. They insisted that they flushed the memory buffers and everything was gone. Two months later, the manufacturer showed up at their door looking to fix a fax machine that was dialing home for repairs. The client didn’t realize there was more than one memory buffer and that it had a call home feature in it.
These are just a few examples of where we find data on devices. Some constitute a total breach. Some provide data like IP addresses and passwords that are the point of entry for a data breach.
The major reason for these lapses in data security is lack of knowledge about the potential dangers of embedded data, and Brass Valley is passionate about changing that. This is one of the reasons why we developed our DataFinder Database(™), which provides information on every type of computer equipment we have seen in the last 13 years. It outlines the proper nomenclature for the device, where the serial number (fingerprint) is, and where any potential media could be on the device and how to locate and erase/destroy it. We will continuously update the DataFinder Database as we encounter new devices and computer equipment. With DataFinder and our other IT asset management services our clients and their clients will have greater protection from data security breaches.
For more information about the Gaps in Data Security for end of life devices, please feel free to contact us!