Cancer Research

Cancer Research is a nationally recognised charity leading the world in cancer research and development of new strategies to beat cancer. They employ many thousands of volunteers as well as carrying out research in 12 locations across the UK. There are 1400 staff based in Angel Building, London and EOL IT Services provide IT asset disposal services. The customer’s requirements are as follows:

  1. Compliance with data protection regulator ICO and use of CESG approved software – EOL utilise the industry leader in data erasure software, Blancco, which is approved to CESG standards. All staff are Blancco certified to carry out data erasure using the software.
  2. Compliance with all current and relevant environmental and WEEE legislation – EOL have the ability to dispose of all IT asset and electrical devices including white goods ensuring a complete disposal solution for work environments.
  3. Compliance with the latest ISO legislation and industry standards – EOL are ISO27001, ISO14001, ISO9001, OHSAS18001, BSEN 15713, BS7858 and ADISA Distinction Plus accreditation so exceeded the customer’s requirements in all aspects of legislation and standard.
  4. Ethical, environmental and behavioural compliance – EOL have their own standards for these areas but as part of our engagement we comply with the customer’s policies if they differ from our own
  5. Full inventory of kit being received and leaving premises – this is standard practice for all our collection services where we provide, within 24hrs of collection, a full inventory of all equipment collected including asset tag and serial numbers and make and model of all assets.
  6. Provision of waste transfer notes – under WEEE waste transfer notes are issued at the point of collection and with the booking in report.
  7. Tracking procedures and documentation for all IT assets – assets are tracked from point of handling at the customer’s site to the point of confirmation of data wiping and resale or confirmation of physical shredding. This includes our own fleet of GPS tracked vehicles ensuring full custody of assets while in transit.
  8. Destruction Certificates – We provide certification for data bearing assets and media such as tapes, hard drives and flash memory. The certificates confirm complete data destruction including a detailed list of the serial numbers for each hard drive.
  9. Allow an on-site inspection of the local supplier premises – a site inspection is in the pipeline for early 2015 to allow Cancer Research to visit our processing facility and audit our processes and procedures for IT Asset Disposal.

The level of data managed was official. EOL carried out other services such as peripheral disposal, and recycling of all IT assets following successful data wiping. All staff used in the end to end process are permanent employees of EOL IT Services with all being Security Cleared and CRB checked. The service is managed by an account manager including any planning and logistics for any services requested.

Each of the customer’s requirements was successfully delivered on time. Complying with all customer’s security and audit requirements as well as compliance with all regulatory standards for data management and asset disposal.

LATEST NEWS

We’ve Left the EU. Does GDPR Still Apply?

We’ve Left the EU. Does GDPR Still Apply?

Untangling data protection policy, post-Brexit.



The General Data Protection Regulation was the result of the biggest overhaul in European data protection legislation in 20 years. GDPR sought to standardise data privacy across all EU member states along with those doing businesses within the European Union or with its citizen’s.

Covering any forms of data that could be used to identify an individual, the new laws gave individuals more rights and far more control of what happened to their data. Enterprises of all scales invested significant amounts of time, effort and resources to ensure that they were full compliant by the time GDPR became law in May 2018.

The UK officially left Europe on 31st December 2020, so do UK businesses need to abide by the same data privacy laws? Company directors have been left confused – what exactly are your responsibilities?

 

Does GDPR still apply now the UK has left the EU?

Almost every businesses holds information on its customers or employees – without data, it would be impossible to trade. Businesses have legal responsibility to protect that sensitive information. Data and adhere to the legislation.

As the UK is no longer an EU member state, you may be thinking that the previous European regulations no long apply – and in part, you would be right.

At the end of the transition period on 31st December 2020, GDPR no longer applied in the UK. However, from 1st January 2021, the UK merged the Data Protection Act 2018 with a UK-specific amended version of GDPR. This new law is known as UK GDPR.

For UK business, much will remain the same as it incorporates the vast majority of EU GDPR, with a few changes. For example, there is a more limited definition of personal data and the rights for Subject Access Requests (SAR’s) can be waived if they significantly constrain an organisations legitimate need. Although, there is certainly one change to be aware of – the maximum fine the Information Commissioner’s Office (ICO) can issue is now greater than the 20 million Euros or 4% annual global turnover of EU GDPR– this has increased to 17.5 million pounds.

If you are a UK business and perform transactions with European Union or if you process any data belonging to EU nationals, you will still be governed by EU GDPR, as well as the new UK GDPR data privacy laws. If you solely do operate in the UK and only have UK customers, then only the UK GDPR applies.

The EU law is applicable to the data for EU citizen no matter where the processing takes place. For example, if your servers are located outside of the EU. This was the reason global social media giant, Facebook, ended up in hot water in 2015.

 

The ICO remains the lead supervisory authority with the power to fine any UK enterprise that fails protect company data adequately. It not only has the power to issue a fine, the ICO can also place ban on data processes or suspend a company’s ability to transfer data to another country. Further restrictions placed on business operations can damage reputation and may mean you can no longer serve your customers. In short, a data breach can be catastrophic.

 

How do you ensure you remain compliant?

Whilst the huge fines imposed make the headlines, such at the £20 million penalty issued to British Airways in 2018, the thought of EU and UK GDPR compliance doesn’t need to fill you with terror.

The ICO are there to help, they have comprehensive guides and checklists that are available to download. There are three relatively simple steps that enterprises of all sizes can take for peace of mind and ensure you remain compliant.

1 – Review. 

GDPR came into force three years ago so whether you solely do business within the UK, the EU or both, it is always a good idea to regularly review your operations. A risk assessment to help you make informed decisions.

Revisit how your business processes personal data, check that processing have the appropriate legal basis and that it is relevant and necessary. Could the same purpose be achieved in a less intrusive way? Not only does all data need additional resources to secure it, the ICO can impose fines for leaked data, which wasn’t needed to perform that function. Only gather the data you need.

UK businesses are responsible for verifying, which legislation and laws are applicable to them and the ways they process data along with the identifying the appropriate lead supervisory authority.

If you provide goods, services or have many EU customers, you will need to appoint an EU Representative within each EU country or EEA member state where the individuals reside. This is required in addition to the approved agreements relating to cross-border data transfers.

This is a company, which is either controlled by the UK enterprise or recruited to act on your behalf when it comes to GDPR related data requests, such as SAR’s. Similarly, an EU business would require a UK Representative.

2 – Document. 

UK organisations must amend their documentation to align it with the requirements of the EU and UK GDPR.

You will need to update policies, procedures and documentation relating to your data processing to ensure they reflect the relevant changes in the law post-Brexit. You’ll need to reassess your privacy policy, cookie policy and website banner. Be open about these; publish these on your corporate website to enhance your reputation. You should also ensure that UK GDPR is included within your cybersecurity strategy and Incident Recovery Plan.

Your data processing registers should not only include the ‘who, what, where, why and how’, it should detail security measures and record which of the six legal bases applies for each data process. You should also identify the conditions for processing special category data, such anything relating to an individual’s health, race or religion. Should a data breach occur detailed records would help you as you will need to notify the ICO and/or European Data Protection Supervisor (EDPS) within 72-hours of the incidents discovery.

It is always a good idea to appoint a Data Protection Officer within the business to take overall responsibilities for data security issues, whether this is a specific role or is overseen by the CISO.

UK-EU data transfers.
The EU GDPR restricts data transfers to third countries, outside the EU GDPR zone. For the first six-months of 2021, the UK awaited the European Commission adequacy decision relating the security of UK-EU cross-border data transfers. In June 2021, the Commission approved transfers between EU, EEA and UK organisations without restriction, so long as all enterprises conform to the EU GDPR laws.

Businesses are responsible for ensuring that their partners adhere to the regulations. The best way to update contracts via a Data Processing Agreement to clarify the security measures required.

Data transfers outside of the EU and EEA.
Extra safeguards are required for businesses that transfer data outside of the EU, for example, U.S-based search engine companies. Standard Contractual Clauses (SSC’s) govern how the receiving organisation securely handles the information, for which you are the owner. These should already be in place but it is essential that these are reviewed and updated now Brexit has been completed.

3 – Delete.

Any vulnerability within your IT infrastructure can lead to a data leak. The cybersecurity risk is ever evolving and hackers are getting increasingly clever. It is vital that we don’t gift them sensitive personal data, which is held upon old or redundant IT equipment.

One of the key challenges for data governance is improper or incomplete data erasure of redundant IT assets. Technology has become such an integral part of our day-to-day lives that we almost forget that our devices and the growing network of the Internet of Things all hold regulated data along with the importance of secure IT asset disposal. Data that if exposed can result in a substantial fine.

Your partnership with your ITAD supplier will form part of your enterprise cybersecurity plan. IT asset disposal companies provide GDPR data destruction certification for each hard drive, desktop, server or data centre decommissioning. This supplies an IT chain of custody and a paper-trial as written evidence that you have acted within the law.

Professional data destruction will guarantee that your organisation remains fully GDPR compliant, along with ensuring you comply with WEEE regulations and contribute to the circular economy as most ITAD companies have zero-landfill policies. Sustainability is great for business. Environmentally friendly ITAD, and often free IT asset disposal, will also demonstrate a positive ethical attitude to those you do business with.

Data protection legislation is not well known for being easy to understand; Brexit only compounded this, along with the six-month bridging mechanism agreed in the trade deal regarding cross-border data flows.

Time spent ensuring GDPR compliance in 2018 has not been wasted. Although the majority of the same laws and regulations apply, all UK businesses must reassess the specific ways they process data in line with the changes to make sure they conform to the correct legislation – whether this is just UK GDPR, EU GDPR – or both.

Reviewing and documenting all procedures relating to processing and data destruction, is not only an essential part of compliance, but it also demonstrates transparency and your commitment to customers, supply chain and data protection authorities. Whether using a secure sharing platform rather than email or ensuring you have an ITAD chain of custody certification for each end of life IT asset, a ‘privacy by design’ approach, which incorporates data protection into all business operations will boost your reputation and ensure that you remain fully complaint with the both GDPR legislations.

 

Contact us today on 0845 600 4696 or visit www.eolitservices.co.uk to find out more about how we can help with GDPR destruction of data, environmentally friendly ITAD, or our data wiping services.

 


Resources.

The Information Commissioner’s Office, The Focus Group, IT governance, GDPR Associates, proxyclick.com, NAQ, Meta Compliance, Active Mind, dataprotection.ie, European Data Protection Supervisor

Can WEEE Legislation Help Businesses Solve the E-waste Crisis?

Can WEEE Legislation Help Businesses Solve the E-waste Crisis?

71% of the world’s population is governed by e-waste legislation, yet the latest figures from the UN report that globally, only 17% of our electrical and electronic devices were recycled in 2019.

At June’s G7 summit, world leaders were met by Mount Recyclemore. A vast sculpture of their faces made entirely of electronic waste created to raise awareness of the issue with both politicians and the public.

Of the 196 UN member states, only 78 have e-waste laws. In 2019, up to 10 million tonnes (mT) was exported to low-income countries to be burnt or landfilled. However, much goes undocumented. Its transportation only increases emissions further. It’s a substantial issue for the environment and human health. Greenpeace and The National Commission for the Protection of Children have reported children as young as eight breaking the toxic waste by hand, with no protection.

Thankfully the European Union made a big step forward with regulation of this ‘entirely avoidable environmental crisis’, as experts have commented. You will often hear us talking about the WEEE regulations, which the ITAD industry is governed by. But what is WEEE and how does it affect your business operations?

WEEE explained: What is WEEE legislation? 

The Waste Electrical and Electronic Equipment regulations (WEEE) ensure that all electrical and electronic equipment is recycled or disposed of in an environmentally friendly way when it reaches end of life. It became law in the UK in July 2007 and was subsequently rolled-out across all EU member states. You will no doubt have spotted the logo of a wheelie bin with a cross through it on your qualifying devices.

The legislation places responsibility firmly at the manufacturer’s door, making them accountable for collection, recycling or eco-friendly disposal of each of the 14 equipment categories. Producers, distributors and retailers must finance sustainable end of life treatment and inform consumers about recycling facilities; particularly when new, replacement equipment is purchased. Manufacturers must join a compliance scheme, which is governed by the Environment Agency throughout the UK, who gather data and report on WEEE waste.

The directive covers large appliances such as refrigerators and air conditioners, through to light bulbs and smoke detectors. You may expect things such as monitors, laptops, printers, scanners and routers to be included, but the mandate also covers keyboards, mice, cabling, wiring, landlines and even the office calculator. For the UK’s businesses, one of the biggest considerations is their IT asset disposal policy for their growing pile of redundant IT assets.

 

 

 

Why does WEEE legislation exist?  

When our tech is burnt or ends up in landfill, it releases dangerous toxins and poisonous metals as they break down. Chemicals leach into our soil system and our waterways – finding their way into our food chain. Circuit boards break into micro-shards, release corrosive fluids and noxious gases, if burnt. The vast numbers of batteries from the ever-increasing Internet of Things can explode in when buried. Lead, cadmium, arsenic and flame-retardant materials can all be found in landfill sites. Mercury, well-known to damage the human brain, is a big offender. It can be found in any device with a backlit-screen or with a circuit board. Whilst it was banned in 2006, much equipment is still in use. The UN University estimate that there are 50 tonnes of Mercury in undocumented e-waste, annually. The Restriction of Hazardous Substances (RoHS) legislation also seeks to increase recycling of restricted items.

 

“The UN predicts that e-waste will increase by 39% by 2030;
equating to 74.7 mT, annually”.

 

The need for governmental intervention is clear. WEEE aims to reduce landfill of e-waste and the amount of new components and devices manufactured – both generate damaging emissions.

What are the legislative responsibilities for businesses?   

 

Ultimately the choice of sustainable or inappropriate disposal rests with the end-user. For European and UK businesses, is it vital to adhere to the regulations. Not only morally the right thing, failing to do so could result in a substantial fine of up to £5,000 if issued by the magistrates’ court. For more serious breaches, the Crown Court has the power to issue unlimited fines. If data remains on devices – you may also be hit with a substantial GDPR penalty. However, WEEE can provide business growth opportunities for businesses who demonstrate their CSR.

 Take-back schemes. 

 

Distributors have an obligation to encourage recycling or offer take-back schemes so unwanted, outdated or broken electronics can be returned free of charge, particularly at the point-of-sale for a replacement. However, whilst retailers offer the scheme, it creates additional work for an additional cost so consumers may not be made aware what to do with their end of life IT assets.

In 2020, IBM and the National Retail Federation surveyed almost 19,000 consumers in 28 countries. They found that 77% of global consumers say that sustainability is important to them. Of those customers, 7 in 10 are willing to pay a premium for ethical brands. Tech consultancy Accenture’s 2020 research supports this with 80% of consumers stating they will shop sustainably in next 5 years.

Successful businesses are recognising this, demonstrating their commitment to the circular economy with their own buy-back schemes. Samsung Recycle offers reasonable prices for old tech. When they launched the S21 smartphone, purchasers received £150 off the price of a new handset, if they traded-in a faulty handset. Undamaged handsets were even more. Whilst well-known by consumers, third-parties, such as Music Magpie, offer considerably less.

These schemes have certainly helped by offering an incentive as it is human nature to take the easiest route to disposal, rather than take items to the recycling centre or pay the council for removal.

Increasing lifetime value of assets. (LTV).

 

EU Circular Economy action plan seeks to expand the short life cycles of devices that are difficult or impossible to repair. This includes new equipment being designed with repair or reuse in mind; extending its lifetime value.

The ‘Right to Repair’ became legislation in the UK in spring 2021. Manufacturers must provide parts, repairs and support for at least 10 years. This makes it easier for businesses to redeploy older assets and maximise IT LTV. This prevents landfill but reduces CO2 emissions from the manufacturing of new devices and transportation.

Buying from sustainable tech companies is a great way to demonstrate your CSR. Focused on creating a long-lasting, eco-friendly modular technology is emerging with easily swappable parts such as the Fairphone3, an easily repairable modular smartphone.

 

Recycling.  

 

“Recycling one million laptops saves the equivalent amount of energy
used to power 3,657 U.S homes for a year”.

 

IT assets are a complex network of pre-moulded circuit boards, hard drives, processors and memory components. They should only be salvaged and recycled by professionals that are fully trained in safe, WEEE techniques. Specialist management ensures Mercury isn’t released from circuit boards, for example. Treatment facilities comply with DEFRA and the Environment Agency standards, along with WEEE regulations.

We throw money away without a second thought. We’re not talking about the recoverable cost of the device alone. Our tech contains the earth’s finite resources – gold, silver and platinum, amongst others. The estimated value of recoverable materials in 2019 alone was $57bn. In fact, recycling circuit boards can be more profitable than gold-ore mining. A ton of circuit boards contains between 40-800 times more gold than a ton of ore.

ITAD partners pass these savings on to their clients. Businesses can capitalise on residual payments for their redundant IT assets. Most components are still functional and can be reused in the remanufacturing process. Alternatively, an ITAD supplier can refurbish devices, software can be updated, and memory or graphics cards added… many components are replaceable.

It’s also a safe way to protect your company data. Secure IT asset disposal companies offer data wiping services providing an IT asset disposal accreditation to ensure your compliance with GDPR. Your ITAD chain of custody will help you avoid any future data governance issues.

Unbelievably, some e-waste recycling firms have been found to be secretly exporting their surplus. When seeking to dispose of electrical devices responsibly, it is important to find an ITAD partner who is WEEE regulated.

 

 

 

All businesses require technology in one form or another. UK businesses are legally liable for its sustainable disposal of their redundant IT equipment. However, it can also be very good for business.
CSR is top of the board meeting agenda for leading businesses. They have achieved significant growth by actively marketing their sustainable credentials to the new generation of customers who take their ethical values seriously.

Compared to other high-income nations, the EU leads the way on e-waste policy, recycling 42.5% in 2019; the U.S recycled just 9.4% – demonstrative proof that WEEE legislation is working. However, more must be done. The EU directive certainly drives change but global evolution cannot take place without unity; all businesses across the world must take responsibility for their own environmental impact.

Contact us today on 0845 600 4696 or visit www.eolitservices.co.uk to find out more about how we can help with environmentally friendly ITAD, free IT asset disposal or any of our data erasure services.

 


Resources.

Recycling Light, The Health and Safety Executive, Environment Law, United States Environmental Protection Agency, Statista.com, Fortune, UN University, United Nations, Earth911, pcmag.com, Department for Business Energy and Environmental Strategy, Earth911, The Guardian, The BBC,

Should Your Fridge Form Part of Your Cybersecurity Strategy?

Should Your Fridge Form Part of Your Cybersecurity Strategy?

Meeting the new challenges presented by the Internet of Things.

It wasn’t so long ago that ‘personal data security’ meant shredding financial information and memorising your PIN. Fast-forward a decade and it has become necessary to share our sensitive data far and wide just to complete daily tasks.

Increasingly smarter, faster and more responsive, our physical world has begun merging with the digital. Smart cities monitor Clean Air Zones and congestion; industry is booming with internet-enabled plant machinery and our homes are packed with smart devices from doorbells to white goods. In fact, there are already more connected devices than there are people on earth.

 

What is the Internet of Things? (IoT)  

From light bulbs to jet engines, the Internet of Things refers to the billions of physical technological devices that connect to the internet, collecting and sharing often sensitive data – with no need for human interaction.

The term broadly describes devices that you wouldn’t usually expect to have this connectivity, such as a plug or a watch. The rapid growth of these innovations is the result of falling prices of sensors, RFID and semiconductor chips along with the widespread availability of the internet. The adoption of IPv6 has provided more IP addresses than we will ever need and cost-effectiveness has seen us become an internet-driven society.

When it comes to controlling our devices and accessing information at speed, our technology has been designed for maximum convenience. Building automation is the fast-growing sector. Voice-activated lighting, smart plugs and intelligent heating systems are all becoming commonplace along with the installation of smart meters by our utilities companies. Increasingly affordable Wi-Fi cameras secure our homes and the demand for smart speakers continues to soar. Even everyday household goods are connected, hoovers, dishwashers and refrigerators.

 


How big is the Internet of Things?

According to Statista, there are currently 35.82 billion Internet of Things devices, globally. Today, the average Briton has access to nine connected devices. It is projected that the total number of the IoT will more than double, reaching 75.44 bn by 2025 – exhibiting an annual CAGR of almost 25%. With the technology industry growth and the changing societal behaviours of 2020, it is anticipated that this figure may be higher.

 

What is the industrial IoT?

Almost everything electronic has become measurable. Accurate real-time data gives businesses far greater insight and agility, helping them improve products and internal systems, maximising efficiencies and streamlining processes.

The industrial Internet of Things (IIoT) has become known as the fourth industrial revolution or Industry 4.0. AI and machine-to-machine technologies deliver manufacturing precision and the ability to analyse and optimise performance to increase responsiveness and productivity whilst reducing operating costs.

Unfortunately, despite the considerable benefits and the technological advances, the Internet of Things does not have the security we have come to expect as standard. Our thirst for data and the associated benefits has meant that this is often overlooked.

Manufacturers have appeared to give little thought to the security basics, such as encrypting data during transit or at rest. In fact, many IoT devices were not designed to receive updates. Technology moves fast but the lifecycles of these devices mean that they are likely to remain in use in 10-15 years. With no means of implementing patches, businesses are left open and at risk.

 

Can the IoT enable a cyber-attack?

Connecting industrial machinery to the network poses a risk of industrial espionage or strikes on critical systems for political or financial gain. Whilst the financial stakes are high for business, attacks can result in real-world consequences should hackers gain control of power stations, vaccine refrigeration or fuel supplies, as they did in the U.S colonial pipeline in 2020.

With the growth of remote working practices, the cyber criminals honed in on home Wi-Fi routers and web cams, presenting a significant new challenge for IT departments. In addition, due to their inherent low security, the hackers were able to gain access though exposed smart appliances, then progress to the wider network. After all, that smart refrigerator is connected, sending data to a back-up cloud… a cloud that holds more than your reminders to buy milk – it also holds an array of valuable data that could result in a financially devastating breach.

In 2017, LG were forced to update their SmartThinQ app when researchers found they could gain entry and control their smart fridges, dishwashers, ovens and vacuum cleaners via their cloud application. In the same year, global cybersecurity experts, Bitdefender, revealed a massive vulnerability in 175,000 low-cost security cameras from Shenzhen Neo Electronics.

The IoT are easy pickings for the hackers who use them to unite a vast digital army, known as a ‘Botnet’. Used to deploy Distributed Denial of Service attacks, (DDoS), the Botnets flood a website with requests so it crashes. In February 2020, Amazon Web Service managed to fend off the largest DDoS attack in history.

Furthermore, the IoT includes equipment that doesn’t connect to the internet but joins to another device via Bluetooth. This accessibility has been responsible for a recent spike in data breaches. In 2020, a cybersecurity expert demonstrated the vulnerability of Bluetooth when he hacked the technologically advanced Telsa Model X in less than 30 seconds. Without stricter enterprise security, it is highly likely we will see some substantial IoT mishaps in the coming years.

 

How does IoT Security differ from traditional cybersecurity?

In a recent survey of 600 tech decision makers by PSA Certified, 90% agreed that Internet of Things security is highly important today and will be in five years’ time. Yet, most organisations lack a robust IoT cybersecurity program due to the multi-layered nature of this complex ecosystem. Traditional cybersecurity doesn’t take account of diversity of data, range of power and vast ‘attack surface’ of IoT devices. There’s no ‘one size, fits all’ solution; IoT security must include a variety of strategies to mitigate the huge number of vulnerabilities.

 

Secure all end-points.

Network security should address all types of physical and digital end-points. Segmenting IoT devices into their own micro-network will provide functional access and protect the wider, restricted network. Whereas many Internet of Things technologies do not integrate with antivirus software, a security gateway has greater processing power so can act as an intermediary to implement firewall protection to connecting IoT devices.

The use of a Public Key Infrastructure will facilitate encryption and decryption of private messages; the digital certificates secure connections between multiple devices. The role of PKI is vital for transaction-based ecommerce websites, protecting the data input by the user.

 

Better design and greater support.

The UK government has announced plans to hold IoT manufacturers and retailers accountable with new laws, which focus on three principles of data governance. Device passwords must be unique and unable to be reset, manufacturers must state the minimum time that they will provide security updates and they must provide a contact to enable vulnerability reporting.

Building tamperproof hardware, providing the most recent OS and releasing firmware updates from the outset of product development is critical when it comes to safeguarding both businesses and consumers alike. In the immediate future, however, buyers can vote with their feet, ensuring that they only purchase from manufacturers offering guaranteed support.

Correct IoT asset disposal.

The data collected by the Internet of Things will grow exponentially with the increasing demand, marketplace and applications. The availability of cheap, power-efficient processors has seen the IoT become disposable commodities. Despite GDPR legislation encompassing the IoT and government mandates on the circular economy, many organisations don’t have an IT asset disposal policy for these unpatched legacy devices.

ITAD services have responded quickly, embracing the challenges presented by the IoT assets that have been silently gathering data for years. Many large organisations have previously performed the data erasure function in-house, prior to shipping the redundant IT assets to their ITAD partner for disposal. But today, this represents one of the biggest challenges in data governance.

Due to the fragmentation of the operating systems used, it is exceptionally difficult for IT teams to protect company data in this way. No in-house software tool is capable of addressing the vast magnitude of the Internet of Things to guarantee complete destruction of files, encryption keys and even Wi-Fi passwords. The latter can be all a hacker requires. As they are built with basic processors, the batteries in these end of life IT assets no longer have the reserves to run the software of remote data wiping services. A further complication to asset disposal is the batteries themselves, which are regulated by the WEEE legislation.

CISO and CIO’s understand the importance of data destruction and IT asset disposal of their redundant IT equipment. However, there is also a responsibility to do so in an environmentally friendly ITAD manner. Contributing to the circular economy, an ITAD supplier can identify components with residual value so the device can be recycled and remanufactured. Their zero-landfill policies prevent vast qualities of e-waste, annually.

 

The Internet of Things is of increasing importance to enterprises and industry alike, enhancing communication, productivity, industry advancements and enabling business growth – However, it presents significant data security challenges, which we cannot ignore.

Whilst policymakers plan to demand responsible manufacturing and security support in the future, steps should be taken now to mitigate the immediate risk. All forms of IoT devices connected to the corporate network should be isolated via gateways, data encryption and retired assets should be securely erased and recycled by professional data erasure services that can ensure an ITAD chain of custody.

To meet the new cybersecurity challenges, CISO’s and CIO’s must consider a complete IoT lifecycle approach to ensure that the bridge between the physical and the digital doesn’t provide access to the cyber-criminals.

Contact us today on 0845 600 4696 or visit https://www.eolitservices.co.uk/services/it-asset-disposal/ to find out how we can help you dispose of your data safely and reliably.


Resources.
Zdnet; Gartner, Paloalto Networks, The Internet of Things Agenda, The Thales Group, CDR Global, The BBC, Mainstream Global, Rethink Research, Statista, Globe News Wire, The Telegraph, PSA Certified, findstack.com,

 

To arrange a demonstration then please complete the form below and we will be in touch to arrange a convenient appointment:

[cf7lead cf7_id=”595″ fields=”Company=company|Email=email|Phone=telephone|First Name=fname|Last Name=lname”]

Protect My Data:

Complete the form below and we will be in touch.

[cf7lead cf7_id=”3320″ fields=”Company=company|Email=email|Phone=telephone|First Name=fname|Last Name=lname”]

Request Information:

Complete the form below and we will be in touch.

[cf7lead cf7_id=”3378″ fields=”Company=company|Email=email|Phone=telephone|First Name=fname|Last Name=lname” title=”Request Information Form”]