Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/22/2009
11:25 AM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

Being Secure While Being Green

Tossing out digital devices with data on them is a security risk. Disposing of digital devices improperly, with or without data present, is an environmental risk.

Tossing out digital devices with data on them is a security risk. Disposing of digital devices improperly, with or without data present, is an environmental risk.No news to bMighty readers that green is the way small and midsized businesses are going, both making and saving money as they green themselves and their operations.

It's important, though, to keep security matters in the foreground as you green your business.

The primary security risk you face as you pursue admirable environmental goals is unsecure recycling of data-bearing devices.

While computers, PDAs, notebooks, phones and other electronic devices should never go into the landfill, they should also never go to even reputable e-trash recyclers without first having their data-storage capabilities physically removed.

Again: physical removal of data storage is a must, even if you're just positive that you've wiped the disk clean of all data.

I've made this suspenders, belt, and more suspenders case here before, and gotten plenty of good-natured kidding about it. But I stand by my argument:

The only way to be sure that no data is going out with the device you're disposing of is to remove the data storage tool itself, not just that data it stores.

(I used to say that once you'd removed the hard disk or other storage element, you could smash it with a sledgehammer, run over it with a bulldozer, then smash it again and feel pretty secure, but the recovery of data from a disk that was badly mangled during the breakup of the Space Shuttle Columbia cured me of that belief.)

I recently had occasion -- and opportunity, our rural area's first formal e-trash recycling day -- to get rid of a couple of decades' worth of accumulated hardware.

Closets and storage corners that had held the stuff are now clear -- and all too ready, knowing my nature, to all too soon hold all too much non-digital stuff. But where the computers and printers and etc. had been, there is now empty space... except for one small box of hard disks and storage media.

Save the planet -- but save your business's private information while you do so.

(And don't forget to pass the word to your employees and colleagues, some of whom may well have business data on those old PCs and PDAs that they're getting ready to recycle.

Join us on the 29th for bMighty's bSecure online event: SMB Security On A Budget.

Register now:

bMighty bSecure is a virtual event designed to help your company stay secure in the most cost-effective way possible. bMighty and InformationWeek editors will bring together SMB security consultants, analysts, and other experts, along with real IT execs and users from small and midsize companies to share the secrets of keeping your company secure without breaking the bank.
REGISTER NOW!

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27235
PUBLISHED: 2021-04-13
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the description parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-27236
PUBLISHED: 2021-04-13
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-13566
PUBLISHED: 2021-04-13
SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_group.php, when the POST parameter action is “Delete�, the POST ...
CVE-2020-13568
PUBLISHED: 2021-04-13
SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST parameter action is “Submit�, the POST p...
CVE-2020-27227
PUBLISHED: 2021-04-13
An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowing e...