Reasons to upgrade business hardware, devices such as servers, laptops mobile devices and desktop PCs:
- Running slow
- The operating system is reaching the end of life.
- Wanting added functionality of the new machine
- Better screen resolution
- Faster processor
- New software won’t work with older operating systems
But what Happens to the Old Machine(s)?
“Well, we will just throw it away, no one wants it anymore, do they?”
Unfortunately, they do. Criminals want these old machines for the sensitive data that could be held upon them. Why risk stealing or hacking on and being traced back, throwing them away literally hands it to them?
There are several laws and legislation that you need to follow or consider as the owner of these machines:
- WEEE – Waste Electrical & Electronic Equipment
- GPDR & Compliance – General Data Protection Regulation
- National Cyber Security Centre CAS Scheme
So Why is this so Important Anyway?
Ignoring the concept that certain materials need to be disposed of safely to prevent pollution, this article will concentrate on the shredding service as a way to ensure total destruction of sensitive data.
Examples of Personal Identifiable Information (PII):
- Dates of Birth
- Phone numbers
- Email addresses
- Credit or Debit card information
- Bank account numbers
- Password Hints i.e. mother’s maiden name, first pets name etc
Cybercriminals make money by removing this information. Some selling on to other criminals while others use it themselves. Not to mention the implications of a data breach and your duty to the General Data Protection Regulation (GDPR).
Having hard drives completely wiped is often not enough. Criminals can still retrieve the information. Hackers are capable of recovering data from a hard drive that has been subject to MOD approval and ‘completely wiped’.
Writing new data over the top and wiping it again would be sufficiently secure to prevent a data breach, right? Even this can still leave retrievable data behind that skilled hackers can take advantage of. Would destroying the drive with a hammer would be enough? Possibly yes, but if the metallic section remains intact, information can be retrieved.
With enough information, criminals can assume another person’s identity and amass significant amounts of debt in their victims’ name before ever risking discovery.
If the criminal can capture passwords, they can log on to computer networks and steal information, steal payment details, adjust documentation etc. By simply changing the bank details on your invoices before you send them out, criminals can receive payments directly from your customers. They will be long gone before you have noticed that you haven’t received the payment for the invoice.
This can damage relationships with your customers when you chase a payment that they have already made. (It’s not their fault that the details on ‘YOUR’ invoice were incorrect).
Credit card insurance can recover the loss. Otherwise, you may have to claim against your own insurance. The worst-case scenario of not having insurance that covers cybercrime forces you to absorb the loss.
If the Hard Drives have been Stolen by Criminals, how Could this be Traced Back to Me?
Even if the criminals dispose of the physical hard drives after removing the data, there are ways to trace the information back to you.
The Police and anti-cybercrime forces have amassed significant experience and procedures in fighting cybercriminals over the years. Like the old Sherlock Holmes concept. ‘Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth’. It may take time, but they will eventually uncover linking factors between the victims.
If a link between the victims is that they are customers of yours, the investigation will discover that you have recently changed hardware and they will ask how you disposed of your old machines.
Once you have been found negligent as disposing of the hard drives incorrectly, it will leave you liable for paying for additional loses. Those of every victim of the cybercriminal that can be proven to be connected to you. When considering that the average victim of a cybercrime loses roughly £132K – (source Kaspersky Lab / B2B International 2018), these kinds of figures could put even the strongest company out of business.
So, what should I do?
There are a few methods to destroy a hard drive securely and safely, but some offer more risks than others. Greenpoint recommends physical destruction in the form of drive shredding and data destruction. This ensures that the only remains are very small pieces where data is irretrievable.
Greenpoint’s shredder is MOD approved and shreds hard drives up to 3.5” in thickness. We then recycle what remains. Shedding the hard drive leaves nothing behind for the criminals to examine, even with the extremes of programming skill. You can rest assured that no information will ever get into the wrong hands.
- Drop the hard drives and small devices into our head office.
- One of our trusted staff will come to retrieve the hard drive(s) from you.
The devices are then put through our state of the art media destruction service. We will provide a certificate of destruction/certificate of media destruction as proof that you are no longer liable.
Bringing the hard drives to us ensures data security and that there are no other links in the chain (i.e. couriers / postal service). No one other than your appointed staff members and our trusted staff ever has access to your hard drives and anything sensitive upon it.
If you hold particularly sensitive data or too many hard drives to transport easily. Greenpoint will send a trusted member of staff out in a van to bring the shredder to you. Giving greater peace of mind of knowing that the hard drives remain on your property until after it has been destroyed. If you chose this option, you still receive the certificate of destruction.