Few businesses realise that the data residing on personal devices could result in a data breach. They also don’t understand that it’s possible to recover the data from damaged hard drives, broken phones, credit card machines and even memory cards.
Xperien CEO Wale Arewa warns that business owners have lost track of all the devices that are accessing their networks and more importantly, which staff are accessing confidential information.
“They urgently need to secure their data, both internally and externally, to ensure their data is not compromised or that they fall prey to a data breach,” he said.
“In nearly every business, employees have access to data that they shouldn’t have. This makes businesses vulnerable to data breaches, especially with cybercrime on the rise and companies of all sizes being targeted. But whose responsibility is it to know which staff are privy to the most confidential digital assets.”
Abandoned hardware is by far the biggest cause of data breaches and the haphazard approach to IT Asset Disposition (ITAD) is costing companies millions of Rands. Most IT managers don’t have a clue what hardware they own or where the old redundant devices have been stored.
However, those companies that do have a strategy, spend much of their time and effort on their Information Technology Asset Management (ITAM) process but treat ITAD, the last component in the ITAM process, as an afterthought.
The massive volume and variety of connected Internet of Things (IoT) devices has brought attention to ITAD. This has also led to new and complex legislative mandates for secure and environmentally responsible disposal of equipment.
Arewa says data at end-of-life is a massive challenge for most companies, especially with uncontrolled data growth that has resulted in new corporate policies for data storage and retention.
“This is largely as a result of new global legislations and regulations such as GDPR and PoPIA,” he said.
IT asset disposal must therefore be addressed early on in the ITAM lifecycle. Businesses need to define asset classes, asset use and data storage. They also need to track End of life (EOL) and End of Service (EOS) dates to prepare for upgrades, recycling and proper disposal.
“The risk of data breaches and loss of sensitive company and customer data is one of the main drivers for a sound ITAD program,” said Arewa.
“For this reason, companies are investing heavily in security and data loss prevention tools, especially focussing on assets that reach retirement or need to be disposed.”
To reduce possible company exposure to unnecessary risk, it is extremely important to consider ITAD across the entire lifecycle of each asset. One can reduce the manual administrative burden by implementing ITAM tools that can automate trigger notifications.
Partnering with an experienced ITAM partner like Xperien will help define the appropriate triggers and actions across the IT asset lifecycle.
The ITAD function is often outsourced to a third-party to manage this responsibility. However, it is critical that when selecting a disposal vendor, that they operate to International standards, that they have consistently passed external audits, and possesses common industry certifications like ISO9001:2015. This demonstrates the ability to consistently provide products and services that meet customer and regulatory requirements and the accreditation reduces the risk for customers and gives them complete confidence that the vendor has been independently evaluated for our competence and performance capability.
Arewa says companies like Xperien help customers move away from the traditional linear economy by encouraging a more circular economy by keeping precious resources in use for as long as possible instead of disposing of them at an early stage.
“With various lease options available today, the new trend is to move away from owning products, businesses can now keep up with latest technologies without tying up working capital,” he said.
“Xperien enables companies to lease high specification, refurbished laptops and PCs at a low cost. Secure data destruction is done at the end of each lease to eliminate any concern of disposing of company data.”