Blog Post:

Liabilities Beyond the Books

Don’t Let Your Cybersecurity Keep You Up at Night

I’m always amazed at how little companies know about the liabilities embedded in their used electronics devices.  Exhaustive efforts are taken to protect a company’s brand, integrity, and backing up the company server.  Yet, many companies remain unaware about the security risks associated with the sensitive data stored in retired office laptops, mobile devices, copying machines, processing units, and data centers. 

For example, a hard drive used by a prominent northeastern university’s information technology services department was discarded without the data being properly sanitized or destroyed.  The mishap placed the university in a precarious position when 5,800 social security numbers of mostly undergraduate students were made public.  No company wants this type of exposure, and mitigating this risk is achievable with some practical due diligence.

Recently, we had the privilege to sit down with one of the most exciting business consultant and accounting firms in the country.  When we introduced them to HiTECH, a privately owned Information Technology Asset Disposition (“ITAD”) company, and explained the comprehensive steps they take to secure their clients’ electronic data, they insisted on helping us spread the word to their network.  They instantly recognized that many of their customers could be unaware of cyber related liabilities and how to choose a best-in-class ITAD company.

Unfortunately, not all ITAD companies play by the same ethics and rules.  There are a number of distinguishing characteristics you should be looking for in choosing an ITAD partner to manage your secure data disposal.

Many industries are regulated by some type of Privacy Protection Rule such as HIPAA or FACTA.  ITAD companies should also be audited to voluntary standards which require that the organization have a robust security policy and an effective program in place to sanitize or destroy all data-containing devices. 

Data security and brand protection should be your ITAD provider’s top priority.  Client protection should begin the moment the company takes possession of your retired electronics equipment.  The company should have extensive background checks on employees that handle your equipment.  The ITAD facility should be monitored inside an out by cameras, metal detectors and security guards.

All internal data sanitization and destruction processes should be designed to meet or exceed conformance with Department of Defense 5220.M process under NIST 800-88.  Data security should be performed by certified technicians with verifiable checks and independent audits to ensure a 100% verification pass, daily internal random testing and third party forensics testing.

After consultation with the client, the company should recommend best-practice overwrite procedures consistent with their expertise with laboratory forensic techniques and overwrite methods.  If a data-bearing device cannot be wiped clean to such standards, the company should insist on shredding or physically destroying the media in-house.

Entrusting your data to an ITAD company that cannot ensure these best-in-class cyber security practices is gambling your company’s brand, reputation, and integrity.  In the modern era, cybersecurity for your retired electronics equipment must be elevated to a top priority.  Rest easy by choosing an ITAD company that you can trust.

Insisting on these best-in-class cybersecurity standards is a primary reason why Caretta and GBT Capital under the leadership of George Slessman, a founder of one of the world's leading data center companies, IO, partnered with HiTECH Assets LLC.  HiTECH’s unique focus on environment, compliance and cybersecurity helps us sleep at night and exemplifies our commitment to build companies with long-term value that are changing the world for the better. 



About HiTECH

HiTECH is one of the largest independent ITAD companies in the United States.  Founded in 2002 and headquartered in Oklahoma City, HiTECH is a trusted partner of large North American enterprises across multiple industries, including many Fortune 1000 companies.