The Preventable Breach

Privacy breaches can grab worldwide headlines when hackers access millions of customer records. It can be an endeavor for experts to determine the source and a technical challenge to prevent future attacks.

On the other hand, when an employee takes 55 retired laptops over a six-year period, the source of the breach is not sophisticated, nor is it difficult to prevent. The theft of retired equipment is completely preventable.

Businesses spend an estimated $68 billion per year on IT security measures including firewalls, network monitoring, encryption, and end-point protection. In comparison, organizations spend almost nothing on measures to protect and track retired equipment.

Today, most organizations outsource ITAD to electronics recyclers, often for free. Businesses simply assume that disposal vendors will responsibly recycle unwanted equipment and destroy any sensitive data. What could go wrong with that approach? A lot.

Without simple security measures, trusted insiders can take retired assets any time before the hand-off to a disposal vendor. As former IT employee of North Country Hospital recently explained, “there’s a pile with discarded laptops, you grab the one with the least scratches on it.”

Coincidentally, that same former employee is being accused of demanding monetary compensation to return a retired laptop to the hospital.

While it is impossible to expect an organization to prevent every privacy breach, especially ones that stem from sophisticated cyber-attacks, it is not unreasonable to expect an organization to safeguard retired IT equipment.

IT asset disposition is the preventable breach. There are seven steps every organization should take in order to prevent a breach from retired equipment.