Data Destruction and the Impact on Recycling
With each passing year, the world of technology evolves and improves. Unfortunately, cybercriminals are continuously adapting and acquiring new techniques, too, and successfully exploiting emerging technologies in a perpetual game of security leapfrog PCWorld – December 2013
Ransomware Attackers encrypt your data or lock you out of your PC or device using malware exploits Demand payment in exchange for restoring your access Report from Dell suggests that CryptoLocker raked in $30 million in only 100 daysCryptoLocker raked in $30 million Average cost $300 to unlock PC PCWorld – December 2013
Mobile Malware The volume of mobile malware has continued to grow exponentially FortiGuard Labs reported 500 malicious Android samples a day in January 2013 By November the number had risen to1500 new malware samples per day PCWorld – December 2013
Data Breaches According to DataLossDB, the top five breaches in 2013 affected about 450 million records Infamous Target breach, 40 million people had their credit card information captured during the Christmas shopping season
Data Breaches Average costs: –Per compromised record – $194 –Per incident - $5.5M Damages trust and reputation Increased legislation to address: –Health Insurance Portability and Accountability Act (HIPPA) –Identity Theft and Assumption Deterrence Act (ITADA) –Gramm-Leach-Bliley Act (GLBA)
Low Tech Theft Most data breaches made public in were due to criminals using the high tech means listed on the previous slides Items for recycling often fall outside of established security protocols Items for recycling just a vulnerable
Low Tech Theft Data is in more than computers and servers; copiers, printers, scanners, and fax Machines often come with HDDs and flash memory Employee owned devices –Do your employees use their own…cell phones, tablets, other? Affinity Health Plan, a New York based not-for- profit managed care plan learned the hard way –Information left on hard drive of a copier
Low Tech Theft Bad guys getting smart Electronic materials sent to developing countries for crude, illegal and inexpensive metal extraction process Potential data in material more valuable than commodity value
How Should I Manage My Data on End of Life Assets?
Electronics Recycling Industry Electronics recycling is a fairly young industry Companies entering the industry could so with few barriers to entry –Warehouse, truck, low cost labor Most recyclers continue to be, mom and pop operations with small facilities and fewer than 15 employees Easy to Export – US did not ratify rules set by Basel Action Network (BAN )
What to Look for - Types of Certifications R2 & e-Stewards: Recycle Responsibly ISO 14001:2004 Environmentally Responsible OHSAS 18001: Safety TAPA: Transported Asset Protection Microsoft Authorized Refurbisher: able to load operating system for refurbished resale.
Transported Asset Protection Association HVTT (High Value Theft Targeted) asset theft poses a major problem for many industries Theft of electronics and almost any other cargo of value is a daily event throughout the world This type of crime leads to potential liability of data breaches and compromised brand integrity While government programs such as C-TPAT focus on keeping dangerous items out of the supply chain, TAPA focuses mainly on the issue of theft
Not All About Certifications - Observe Do a Site Visit Security –Are there adequate security controls in place? Theft of a HDD or tablet with data on it is a breach. Safety –If the company does not care about the safety of their people will they care about the safety of your data? Environment –If the site is careless about the environment will they be careless about your data? Employees –Background checked? Prison labor? Equipment
Found a Recycler, Now What? Protecting data: Three main methods of erasing HD (Magnetic Media)
Three Options Available Destroy Physical destruction of media Purge All data destroyed (including firmware) Clear Data overwritten
Clearing Ensure information cannot be retrieved by data, disk, or file recovery utilities Resistant to keystroke recovery attempts from standard input devices Overwriting is one method (software) Replace written data with random data Cannot be used for media that are damaged or not writeable Size and type of media determine if this is possible
Why three passes? Some organizations are not specific on number of passes When specified, normally three Why? –US NIST Special Publication
Purging Process that protects data from laboratory attack using non- standard means Degaussing – exposing media (hard drive) to strong magnetic field Usually destroys drive as key firmware info on drive is destroyed Ideal for large capacity drives Does not work on optical media or flash drives Eliminates boot sector
Destruction Ultimate form of sanitization Variety of methods but shredding is typical method of destruction Shred sizes may vary depending on customers requirements
Hard Drives (non SSD) Clear Overwrite media by validated overwriting software Purge Use approved degausser on entire HD unit or disassemble HD and purge platters Shred Commodity separation Material sent to proper metal smelter
Cellphones/Tablets/Flash Drives Clear Delete all memory (internal and external) Perform manufacturer reset Use of external software Purge Same as clear Shred Remove battery and shred device Device shredded and processed at precious metal smelter
Asset Retirement On average, servers and data storage systems are replaced every three years. Managing these assets at the end of their useful life can be onerous and raise many questions: Aside from data, how to put together a great recycling program 27
The Three Rs of Recycling
Reduce Managing carbon footprint with efficient logistics –Reduce carbon and cost of program Find a recycler with multiple sites
30 SRS Global Operations 45 Operations Globally 12 US Operations 4 Canada Operations 25 EU Operations 1 New Zealand Operation 5 Australia Operations 3 India Operations 1 UAE Operation 1 South Africa Operation 1 Singapore Operation Asia Representative Offices
North American Locations Sacramento, CA San Francisco, CA Los Angeles, CA Montreal, QC Edison, NJ Toronto, ON (2) Vancouver, BC Nashville, TN Chicago, IL (2) Dallas, TX Tampa, FL Washington, DC Tucson, AZ
Recycle Locally - Avoid Export Whole Processing near generation site –Increases security – Do you want your data sent to out of country on an un-wiped drive? SRS Other ?
Reuse Consider allowing recycler to reuse/resell assets With proper controls, it is safe and can return value to the recycling program Huge energy savings versus recycling and fabricating new product 500% Energy Savings
Recycle Overall, the processes used to make consumer goods from recycled material versus raw resources is much more energy and water efficient Recycling 1 million laptops saves the energy equivalent to the electricity used by 3,657 US homes in a year (EPA) A ton of circuit boards can contain up to 800 times the amount of gold mined from one ton of ore in the US. (EPA) EPA tool to calculate energy savings from recycling:
Q&A