SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
IT professionals destroying end-of-life hardware over fears of data breaches - report
Wed, 20th Jan 2021
FYI, this story is more than a year old

IT directors are destroying end of life tech hardware as opposed to erasing its data out of fear of making a mistake and facing data breaches, according to new research.

A survey carried out by DSA Connect found three out of ten IT directors admit to mothballing technology hardware rather than having its data wiped in case it is not done correctly, while a further 10% said they are doing this because they are not confident of being able to sell it to a reliable third party who can guarantee that the data on it will be erased properly.

The survey found 52% have growing concerns about the quality of data erasure services, while 82% are concerned about the security issues around data erasure.
 
These concerns come at a time when 66% of IT directors believe the amount end of life hardware technology held by their employers is increasing. Some 52% said this is happening because of growing concerns about the quality of professional data erasure services and 39% who said its because of the growing number of people leaving their firms due to the COVID-19 crisis. Nearly one in ten (9%) say they are storing more because of increasing regulation around data storage and erasure, and a fear of doing something that breaks these.    

Overall, the research found that 32% of IT directors are very concerned about the security issues around the disposal of IT hardware, and 50% are quite concerned.

"We are pleased to see how seriously businesses are taking the laws around data erasure and IT hardware destruction," says Harry Benham, chairman of DSA Connect.

"Businesses are right to be cautious when it comes to their end of life hardware, if not wiped correctly, they could face significant fines for data breaches, which could also damage their brand and reputation," he says.

"We are seeing an increasing number of companies that claim to legally and professionally dispose of data and end of life hardware, however we have found that the processes some of them use are flawed and the data they have deleted can be retrieved."

DSA Connect is an IT asset disposal company (ITAD) that specialises in the secure destruction of electronic data and the secure disposal of redundant IT equipment.

The company was established in 2011 to partner the Ministry of Defence in developing the MoDs asset disposal service.  The partnership combined its commercial and public sector skills to develop an asset management service that was secure, auditable and accountable. DSA Connect continues to apply the same methodology in its contracts with both the commercial sector and government departments.

DSA Connect provides a full audit trail from collection point to final disposal of equipment which includes full certification, asset inventories and sales and recycling reports. The company also offers an on-site IT decommissioning service together with on-site data destruction and on-site audits.

Data contained on electronic storage media is erased using only tools approved by the National Cyber Security Centre (NCSC) and full certification is provided.