Author Elizabeth Wilmot

Avoid Data Breaches

Turtle Wings/Data Killers is always on the lookout for news and information pertinent to the electronics recycling and data destruction industries to share with our many readers.  We recently spotted an article on crainsnewyork.com about how businesses often expose themselves to data breaches when they dispose of their end-of-life computers and electronics.   The article, originally published on June 9, 2015 specifically stated “the equipment New York companies throw away can be an invitation for cyber-thieves to steal their secrets,” but Turtle Wings/Data Killers knows first-hand from years of industry experience that compliant electronics recycling and data destruction is essential for businesses throughout the country in order to avoid data breaches.

The following is Crain’s New York article, but we thought the information would benefit our readers and customers:  “In response to high-profile data breaches at such companies as Target, Sony and JPMorgan Chase, many New York businesses, health care providers and educational institutions have begun to realize how insecure their data can be. Most organizations have begun enhancing IT security, particularly for systems holding sensitive customer information such as credit-card numbers, health records or Social Security numbers.

Yet from Wall Street to Hospital Row, New York businesses often walk highly sensitive information right out the door—literally—when they replace computers, tablets, smartphones or other IT assets. Indeed, the same CEOs, IT directors and facility managers taking extraordinary care with security protocols for systems in use are often woefully uninformed—and even negligent—when it comes to disposal. New York companies large and small run the risk that electronics containing sensitive client and employee information can be compromised: stolen by organized crime, shipped unprotected to landfills in Africa, China or other nations, or overwritten by new users but with the data still available to the technologically savvy.

Unscrupulous recyclers have taken assets purportedly bound for data destruction and shipped them directly to Third World countries with hard drives, sensitive customer data and even corporate name tags still intact. PBS’ Frontline found hard drives from corporate computers at open-air markets in Ghana—including drives from a U.S. defense contractor containing information on intelligence agencies, NASA and the Department of Homeland Security.

In addition, employees now have access to corporate data over their personal phones and tablets. This has created a new set of issues because data-bearing devices are easily misplaced or stolen. Even if they don’t initially fall into the hands of criminals, these devices can be ticking time bombs and present an enormous risk to an organization. Businesses are most vulnerable when “recyclers” don’t perform the data destruction they claim. Such recyclers are really exporters with a single goal: to get your company’s IT assets to developing countries where a thriving black market exists for computers with sensitive corporate and personal information.

What can be done? Consider that most breaches of this type stem from bad inventory control or the failure to follow established procedures. True data security comes from control of all the IT assets and “procedural discipline” in their end-of-life disposal. There are several vendor certifications that organizations should look for that relate to recyclers’ environmental practices, data security, chain of custody and documentation (eStewards and R2 certifications are generally considered the most rigorous).

In the end, a chain is only as strong as its weakest link. There are a host of risk-mitigation measures New York companies can take for end-of-life corporate IT assets. History has shown that these precautions are every bit as important as those taken to keep hackers from penetrating IT systems in use.”

The only sure way to destroy data and avoid data breaches is by trusting your electronic equipment disposal to a trusted and certified company like Turtle Wings & Data Killers.  We are a globally responsible recycler and we hold all of our affiliates to our same high standards.  As a company with full downstream accountability, our downstream recycling affiliates have all been thoroughly vetted and approved so that we can trace each piece and component to its ultimate recycling destination.   All of our recycling affiliates have been chosen based on their globally responsible recycling processes.  In addition, our data destruction services are secure, certified and compliant with all regulations which help companies avoid paying costly fines.  Our hard drive shredding is absolutely guaranteed; as we physically destroy the hard drive utilizing NSA approved degaussers and/or patent protected shredders.  Turtle Wings / Data Killers is an R2 certified e-waste recycler who provides nationwide data destruction services as well.   Our processes are in full compliance with all NIST, DoD, HIPAA, SoX, GLB and PCI standards for data destruction.