MSP tips to properly dispose e-waste

Managed service providers (MSPs) have a lot to do when it comes to keeping their clients safe. For example, they must watch patches, firewalls, IoT, and even dumpsters. While it is illegal to toss electric waste (e-waste) into the dumpster in 25 states across the U.S., that doesn’t mean it doesn’t happen.

The financial implications

“Sometimes it’s just easier and cheaper to toss electronic devices into the trash,” said a manager of a company in Lexington, Kentucky, who asked to remain anonymous. However, if authorities catch your business doing so, it won’t be cheaper. Additionally, MSPs may be on the hook for any financial implications, too.

In a well-publicized incident in 2019, for example, Target faced a $7.4 million fine for improperly disposing of 2,038 computers and laptops.

And according to a UN report released this year, the problem of e-waste is getting worse:

The world’s generation of electronic waste is rising five times faster than documented e-waste recycling, the UN’s fourth Global E-waste Monitor (GEM) reveals today.

A record 62 million tonnes (Mt) of e-waste was produced in 2022, up 82 percent from 2010; on track to rise another 32 percent, to 82 million tonnes, in 2030; billions of dollars worth of strategically-valuable resources squandered, dumped; just 1 percent of rare earth element demand is met by e-waste recycling.

Consider proper disposal techniques

Yes, some enterprises, when their computer hardware reaches the end of its life cycle, simply toss the old machines into a dumpster. That’s a bad idea for many reasons, but it is also a cybersecurity risk.

“If hurting the environment and potentially doing something illegal (in some jurisdictions) doesn’t stop you from throwing old iPads and laptops in the trash, perhaps the rather serious security risks will,” says Joe Warnimont, Security and Technical Expert at HostingAdvice in an interview with SmarterMSP.com. He also points out that disposing of the device without clearing personal data can pose significant risks, adding, “Someone who discovers your discarded device now knows there’s a potentially new replacement sitting right inside your home or office for the taking. And that random person fishing through your trash probably won’t have the same motivation as a reputable recycling center to destroy any lingering data on the hard drive.”

Best practices

Warimont offers three minimum best practices to simplify the process for those tempted to throw devices in a dumpster:

• Google how to perform a factory reset for each device.
• Seek a donation or recycling solution that promises to eliminate all remaining data from your devices.
• Destroy hard drives.

Warimont is a fan of charities that repurpose phones and tablets for the less fortunate. However, large consumer tech sellers, he notes, also provide reputable recycling programs. There are companies like Iron Mountain that provide proper pick-up, data wiping, and disposal.

When destroying the hard drive specifically, there are multiple options to consider.

“Computer hard drives have the pesky tendency to hold onto some data even after a memory wipe. If you’re concerned about that, there are options. Either look up how to remove the hard drive yourself (usually pretty easy) or find a local recycling center that removes and drills a hole through the hard drive right in front of you,” Warimont shares, adding that once the hard drive is destroyed, no one can access the data.

Secure disposal

Caleb Coffie, a cybersecurity specialist and security engineer in Texas, says that when disposing of old office laptops, desktops, and electronic devices, it’s critical to consider the cybersecurity risks associated with improper disposal. “Data on hard disk drives (HDDs) can often be recovered even after deletion, as the data remains on the disk until it’s overwritten. Secure disposal of HDDs involves overwriting the entire disk multiple times with random data, using a degausser, or physically destroying the drive,” he states.

Other e-waste poses different sets of risks, according to Coffie. “With solid state drives (SSDs), for example, data can linger due to wear-leveling algorithms. Secure erase commands, encrypting the drive before disposal, or physically destroying the drive are effective methods,” he advises.

Other ways to properly dispose of data and protect it, Coffie adds, is through full disk encryption. “By encrypting the entire drive, you ensure that even if the drive is recovered, the data remains inaccessible without the encryption key.”

Avoid risk by being proactive

While the temptation to discard old devices into a dumpster may seem cost-effective, the risks are far greater. Adhering to proper disposal practices not only ensures compliance and environmental responsibility, but also protects against potential security threats. By proactively managing e-waste, MSPs can safeguard their clients’ data and contribute to a more secure and sustainable future.

Photo: Veja / Shutterstock