Get rid of your old hardware
Time for an office clear-out? Make sure your old PCs are disposed of properly
Is there a reason we can't just dump our old computers in a skip?
There are several. The obvious one is the legal restrictions on disposal of electronic items: the Waste Electrical and Electronic Equipment Regulations 2013, or WEEE, which are intended to protect the environment from the toxic chemicals found inside old kit.
There's also the danger that if you just leave your old computers sitting out on the street, anyone who comes along could pick them up and mine the hard disks for sensitive data. Unless you happen to have a car crusher on the premises, or some other means of physically destroying your old drives, you should think about disposing of your old computers in a more managed way.
Our computers still work. Can we sell them off? Maybe stick them on eBay?
You can -- but be sure you understand the software licences that came with the machine, the OS reinstallation options, and your rights to resell them. Be upfront with buyers: having to accept a PC back because Windows won't activate is a job for an equipment broker, not something your business wants to be distracted by. And, of course, you must be certain that there isn't a single byte of identifying data hidden anywhere on the system. It might be easier simply to sell the machines without the hard disk.
Is our data really that valuable? Our spreadsheets aren't meaningful to anyone else.
Perhaps your company documents really are of no interest to anyone else. But that's not the only data that's in danger of leaking. Been logging into trade websites to buy supplies? Saved any passwords? Can you be certain that no-one might have used that machine to visit any adult or troublesome sites at any time? It's shocking how many second-hand machines I've bought over the years that have come with saved passwords -- or malware, for that matter.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Is "secure delete" software worth the bother?
It is, because there are a lot of knowledgeable people out there who make it their business to scrape together exploitable information. Even if your disk yields only a small amount of seemingly trivial data, it could be significant to them once combined with a larger database.
It's good to report that the UK's professional services sector has been ahead of this game for some time. These days, both insurers and accountants will often ask for the serial numbers of decommissioned disks, to be matched up with a report from professional-grade data-erasure software to confirm that they've been wiped properly. Probably the most widely accepted package is Blancco: either get a licence yourself, or appoint a computer recycling business that has one.
What if we break up the RAID arrays on our old servers? That should prevent anyone from reconstituting the data right?
It would be nice if data security regulators and auditors were thinking at this sort of level. In practice, a broad-brush rule applies. Whether you're dealing with servers or workstations, secure deletion is expected in all cases.
However, that might be for the best. Many RAID controllers can recognise disk signatures and automatically rebuild your arrays even, in the case of certain RAID levels, if one or more disks is missing.
So we do need to be cautious about disposing of old systems. What's the safest approach?
A good bet is to appoint a professional recycler. Some organisations do this commercially; others redistribute machines to foreign countries for charitable purposes. When making contact with a potential taker, make sure to ask about OS licensing, and how your hard disks are to be erased. Some charities like to receive machines in a working state, and will ask you to simply delete your proprietary files. Other organisations are more interested in the precious metals contained in your hardware the copper, gold, tin and so forth. If you're dealing with a firm such as this, you should take out the disks and destroy them yourself.
This all sounds like a bit of a hassle. How can we make life easier for ourselves in future?
For a small business, it certainly can be a hassle to carry out a deep search of each old PC for any valuable information that may be accidentally, or deliberately, stored on it. Happily, the problem is shrinking on its own as more and more services move into the cloud: with remote management tools and browser-based applications, you can clean a laptop or tablet in a matter of minutes. Recyclability isn't the only reason to invest in such technologies, of course, but it certainly helps with the painful bits of the disposal process.
Main image credit: Bigstock