Improper disposal of old servers leads to serious cybersecurity vulnerabilities
According to a recent Business Insider article, Western companies are routinely exposed to cybersecurity vulnerabilities when they upgrade their servers for newer hardware. This is because old servers are often sold to refurbishment companies before being fully wiped clean. Depending on the data that was left on such hardware, the chance of sensitive information reaching the wrong hands is all too great.
An IT hardware refurbishment company based in Romania recently reported finding sensitive information on acquired servers such as public health insurance records, credit card data, even codes for traffic lights and railway signaling of major cities in Europe. The misuse of such information can have devastating consequences. Imagine the potential chaos that could be created by disrupting traffic signals in a busy city environment.
The issue is that many companies are simply not aware that their sold hardware may still contain sensitive information. This could be a result of mitigating disposition of old hardware to junior employees who may not have the necessary training to wipe hardware completely. Or, breakdown in processes could mean that hardware disposition is unintentionally overlooked.
One way to address this issue is for companies to perform a careful IT asset disposition (ITAD). Companies can outsource this task to an ITAD provider, a business that specializes in disposing of obsolete or unwanted IT hardware and equipment. Such vendors offer streamlined processes and minimize the costs associated with disposition of IT assets. This is in part because it spares the internal team from being pulled away from an existing project but also because it avoids the cost of systems and software necessary for data erasure.
The other option is to handle IT asset disposition in-house. According to an article in SearchDataCenter.com, this process involves “uninstalling apps and operating systems before using software tools to overwrite the contents of the disk, therefore scrubbing it clean of information.” Also, local hard disks can be destroyed physically with a tool, such as a sledgehammer.
At William Woods University, students earning an online Bachelor of Science in Cybersecurity learn to create innovative solutions to protect sensitive information against growing cybersecurity threats. One of the core courses of this program is CMJ447 — Information Security. This course focuses on various ways in which individuals and corporations can secure their information resources, including physical and architectural methods. Students will also learn about practical applications related to the development of effective information security measures intended to mitigate current and emerging threats and vulnerabilities.