The InformationWeek Strategic Security Survey, now in its 15th year, is a great trend spotter–when we see a double-digit, year-over-year percentage-point shift, we take notice. For example, based on 946 responses, only 15% feel they’re more vulnerable than a year ago, which is the same percentage as in 2011. However, among those feeling more vulnerable, the percentage of IT pros worried that there are more ways to attack their networks plunged, from 76% to 62%. The concern that’s on the rise is the growing amount of customer data to secure: up to 44% from 34% a year ago.

IT’s also paying closer attention to the security of public cloud service providers. Last year, just 18% conducted their own audits; now it’s up to 29%. Use of providers’ own audit reports is also up. To the 9% who want to conduct risk assessments but are stymied by uncooperative vendors, we say consider that resistance a big red warning flag.

One area where we saw surprisingly little movement is mobile security: 25% say smartphones and tablets represent a significant threat, up just a tick from 24%. Loss or theft is IT’s greatest concern, and for good reason, since end users are more likely to leave a tablet in a cab than they are to download a malicious app. That’s why mobile device management software that can remotely wipe data, protecting the organization from a potentially messy information leak, is so critical.

Another constant among our respondents is perceived cloud risks. Top worries include leaks of customer data and security defects in the providers’ systems, unchanged from last year…

Read the full article

American Disposal Services, Inc., a leading provider of waste removal services, and PC Recycler, a compliant data destruction and electronics recycling firm, recently engaged a partnership to offer electronics recycling and data destruction to customers of American Disposal Services.

“We are always interested in finding solutions that will add value to our community. By partnering with American Disposal Services, over 300,000 residents in the metro D.C. area will have access to convenient, responsible electronics recycling. Both companies have a commitment to minimizing the use of landfills and protecting communities from hazardous materials in waste. This is one way to further execute our mission,” stated Jeremy Farber, President of PC Recycler, Inc.

By developing this partnership with PC Recycler, American Disposal Services is able to offer customers a convenient pick-up solution for end-of-life electronics. Recyclable items in this program include televisions, monitors, computers, computer peripherals, audio and stereo equipment, VCRs, DVD players, video cameras, telephones, facsimiles, copying machines, cell phones, wireless devices, video game consoles, kitchen appliances, and other household electronics. Data destruction services are offered with the option of receiving inventory and destruction documentation. All collected items will be transported to PC Recycler’s secure facility where they will be destroyed or recycled in accordance with a Zero-Landfill, Zero-Export policy.

American Disposal Services customers can call customer service at 703-368-0500 with any questions or to schedule a pick-up appointment.

Roughly seven years ago, PC Recycler engaged with the Fairfax County Public Schools’ Work Awareness & Transition (WAT) program. The Work Awareness and Transition (WAT) is a course for middle and high school students with disabilities that give students the opportunity to develop their personal awareness, explore career options and learn more about workplace expectations. The program combines in-school and community work experiences helping students extend their exploration and work readiness skills. To collaborate with WAT, PC Recycler developed a program where students would work in the warehouse throughout the school year, tasked with the job of destroying and taking apart computers. Through this physical activity, children of various functioning ability have the opportunity to gain stronger hand-eye coordination while learning valuable workplace skills. As the partnership, has evolved over time students now report back to a specific PC Recycler lead technician and participate in a learning session once a week. Students get to build their self-confidence through the hands-on activity, while learning how to work in a team and contribute to the team and build an understanding for where/how their role and position plays into the bigger picture and success of the organization.

The Washington Business Journal’s 2012 Corporate Philanthropy Awards on Friday recognized the region’s most active and inspirational companies and nonprofits who have had a positive impact on their communities through dedicating both financial and volunteer philanthropic work.

PC Recycler's Andrew Portare and Jeremy Farber with Fairfax County Public School's Sue Collins and Michele Bechtel

May 2, 2012

Before recycling or selling your aging laptop or cellphone, you might want to consider smashing it to bits instead.

That’s especially true for older Windows XP laptops and netbooks, or Android smartphones because they can be a gold mine to identity thieves, says McAfee identity theft expert Robert Siciliano. “I would beat the thing to death.”

Apple’s iPad and iPhone and Research In Motion’s BlackBerry don’t represent the same risk, he says. But you should reset your used Apple or RIM device to the original factory settings before it leaves your possession.

Siciliano randomly purchased 30 used devices off Craigslist, and had them examined with simple forensics tools. Half the devices were thoroughly wiped clean, but 15 disgorged plenty of sensitive data, ranging from bank account and Social Security numbers to work documents and court records…

Read the full article or Watch the Video

It is important to note that encryption of data storage devices is just one component in a total data security solution; it goes hand-in-hand with auditing and reporting, written policies and procedures, and advanced methods of sanitization, such as degaussing. However, challenges with encryption still persist, leaving data breach opportunities available to hackers.

For example:

• First, human errors can lead an asset or IT manager to believe that a hard drive is encrypted even though it is not. One main reason for this is that there is no visible difference in the appearance between an encrypted and an unencrypted hard drive. Should a device end up in the wrong pile during the encryption process, the consequences can be devastating.

• Secondly, the encryption arena is a playground for hackers. Hackers have been known to gain access to encryption keys and lock out users unless they pay a steep ransom. Lastly, encryption can be overly restrictive to an enterprise’s productivity. There have been cases where the users of encryption keys accidentally lock out themselves, causing the data to be inaccessible even by authorized parties.

Manufacturers that offer discounts for obsolete data storage devices make this return practice appear financially beneficial to their customers. But the potential data breach costs of devices lost or stolen during transit back to manufacturers far outweigh any savings. According to the Ponemon Institute’s annual study of data loss, data breaches in 2011 averaged $7.2 million in losses per breach for large companies, and that amount is growing. Along with the embedded costs of notification, litigation, and assessed fees and fines from state Attorney Generals, breaches significantly damage the reputations of companies as the public perceives them to have lax security practices.

March 22, 2012

The U.S. government is about to bar contractors who use computers bought with federal dollars from dumping the devices in landfills, an official said on Wednesday.

The new rule, which has not yet been released publicly, will be issued soon and take effect within 90 days. It will require that government contractors bring IT equipment to recyclers certified through federally recognized programs, said Stephen Leeds, senior sustainability officer at the U.S. General Services Administration.

The pending regulation will apply to thousands of government contractors like AT&T Inc., T -0.41% SAP AG SAP.XE -1.04% and Verizon Communications Inc., VZ -0.30% who work with equipment paid for through federal funds. The date of enactment hasn’t been established, but it will occur within three months, according to Mr. Leeds.

The rule is the latest effort by the Obama administration to curb the growth of electronic waste, much of which ends up in landfills in the developing world.

“The federal government has made the determination that disposal of non-functioning electronics, done incorrectly, is a significant risk to the public,” Mr. Leeds said. “The federal government wants to set an example.”

Earlier this month the federal government, America’s biggest electronics customer with an annual IT budget of nearly $80 billion, applied the ban on tech-dumping to its own agencies.

In 2011, the federal government issued at least 140,000 IT equipment contracts, worth at least $11 billion, to outside organizations, according to a Wall Street Journal review of data available on www.USAspending.gov. The Journal’s review included equipment such as data processors, computers and mainframes, but not more highly specialized gear, such as military systems and laboratory hardware.

The Obama administration’s e-waste push began last summer when the Environmental Protection Agency released a National Strategy for Electronic Stewardship. As part of the plan, the EPA received commitments from device makers Sprint Nextel Corp.,S +0.36% Dell Inc., DELL +0.18% and Sony Corp. SNE +1.47% to recycle all warranty and return items it gets back from customers, by 2014.

The program is to address what experts call a growing health risk both for America and developing nations. The equipment is laden with toxins such as mercury and lead, and most of it ends up getting dumped or shipped to poor countries. The EPA estimates that in 2009, 2.37 million tons of computer equipment were thrown away, but only a quarter of it was recycled. Much of the rest ended up in U.S. landfills or in developing nations, said Oladele Ogunseitan, an expert on the issue and chair of public health at the University of California at Irvine.

Read the full article

Most electronic consumers in the United States do not realize the impact of e-waste on the local and world environments; they simply view their obsolete electronics as trash. According to the Environmental Protection Agency‘s (EPA) 2009 statistics, 3.19 million tons of e-waste was generated, and this number continues to grow.¹ These electronics contain materials such as antimony, arsenic, lead, and mercury that are unhealthy to us. It is surprisingly easy for these materials to ultimately end up in our bodies and cause major issues including lung damage, cancer, and seizures.

One color monitor alone contains 6 ½ pounds of lead and measurable amounts of cadmium, mercury and other toxic metals. At PC Recycler, EVERY PART of your electronic assets is recycled. Each item is strategically and securely dismantled. All toxic elements are responsibly disposed of, and all remaining metals, plastics, glass and circuitry is processed domestically.

What Items are Considered to be Electronics?

Under the Resource Conservation and Recovery Act (RCRA) issued by the Environmental Protection Agency (EPA): televisions, monitors, computers, computer peripherals, audio and stereo equipment, VCRs, DVD players, video cameras, telephones, facsimiles, copying machines, cellular phones, wireless devices and video game consoles are primary examples of electronics. Kitchen appliances and other household electronics can also be recycled. PC Recycler will accept practically anything with a plug.

Why Prevent Electronics from Entering a Landfill?
Some electronic device components contain constituents that, if improperly handled, could be harmful to the environment and its inhabitants. E-waste that is not recycled ends up in the environment. Water is poisoned, air turns toxic, soil becomes dead, and wildlife and plant life suffer. Certain components of electronics contain measurable amounts of regulated heavy metals, including lead, silver, barium, cadmium and mercury. Many of these metals can be recovered and responsibly disposed of, based upon Environmental Protection Agency standards.

How Will Recycling My Obsolete Computer and/or Electronic Equipment Make a Difference?
It is estimated that of the approximately 250,000,000 tons of solid waste generated annually in the United States, around 5% is classified as e-waste.² Of this, only an estimated 10% to 18% of electronics are recycled (according to WellHome’s 2011 Infographic).³ PC Recycler wants to help change this for the good of our local and global environments.

What are the Outcomes if We Dispose of Electronics Improperly?
NOTICE OF VIOLATION as issued by the Resource Conservation and Recovery Act. Failure to correct the alleged violations cited required by this NOTICE, may result in the assessment of penalties, not to exceed $27,500 per violation pursuant to Section 3008 of Resource Conservation and Recovery Act (RCRA) of 1976, 42 U.S.C. § 6928.

What About Donating My Electronic Assets?
Donation programs can work well if all involved parties understand the limits and liabilities associated with the transfer of equipment. Questions such as, ‘who will ensure that proprietary data is eliminated before the donation’ need to be answered prior to ownership transfer. The Gramm-Leach-Bliley Act of 1993, Health Insurance Portability and Accountability Act (HIPAA) and many others makes all companies and organizational entities legally responsible for the protection of client privacy. Failure to effectively destroy all informational data prior to the transfer of ownership leaves an organization open to corporate liability. PC Recycler’s Data Destruction process helps eliminate the worry of such a risk.

Isn’t My Equipment Worth Something?
With the cost of new computer equipment dropping each year, your used devices are worth less and less. The resale market for used equipment in the United States is extremely low due to regular product innovation. Simply put, older machines regularly do not fit the system requirements needed to optimally run the newest software programs. Machine upgrades have become less of a priority for most organizations, given that they can purchase a new machine cost-effectively. However, PC Recycler recognizes that some equipment may retain some portion of its residual value. In these situations, PC Recycler will credit a portion of the residual value back to the customer to cover recycling costs on a consignment basis.

Why Does it Cost Money to Recycle Electronics?

Materials such as antimony, arsenic, lead, and mercury used to manufacture electronics are unhealthy to us. If not recycled properly, it is surprisingly easy for these materials to ultimately end up in our bodies and cause major issues including lung damage, cancer, and seizures. E-waste that is not recycled ends up in the environment. Water is poisoned, air turns toxic, soil becomes dead, and wildlife and plant life suffer. ³

To avoid these harmful effects on both our bodies and our environment, reputable e-cycling companies provide outlets for responsible riddance of your old electronics. As we’ve mentioned in a previous blog post, some of these companies lower their costs by exporting e-waste to countries like Ghana, Nigeria, Pakistan, India, and China where it gets broken down by men, women, and children who are usually unprotected from the toxins. To comply with government regulations and environmental laws, e-cycling companies are resorted to charging fees to properly break down hazardous electronics.

The Electronics TakeBack Coalition gives consumers tips on how to spot a fake recycling company. They recommend finding out who is paying for the recycling cost, especially if there is no request for a small recycling fee. These fees ensure that what you are recycling is handled responsibly and complies with government regulations, including whether or not this process takes place in the United States or overseas.⁴

¹ http://www.epa.gov/osw/nonhaz/municipal/pubs/msw_2010_rev_factsheet.pdf

² http://www.greenpeace.org/usa/en/campaigns/toxics/hi-tech-highly-toxic/e-waste/

³ http://www.treehugger.com/clean-technology/crazy-e-waste-statistics-explored-in-infographic.html

⁴ http://www.electronicstakeback.com/how-to-recycle-electronics/beware-of-fake-recycling/

• Personal motivations to develop PC Recycler
• How PC Recycler came into existence
• Resources used to grow the business
• Service offerings and markets where we’ve grown
• PC Recycler’s key differentiators
• Primary challenges working with federal contractors
• 5-year vision for PC Recycler
• Advice and insight for new start-ups

“Our NAID certification is recognition of PC Recycler’s commitment to ensuring a secure data handling and destruction process,” stated PC Recycler’s President, Jeremy Farber. “We have worked hard to set the right systems and procedures in place to be complaint and meet the standards set by NAID, and provide our clients with the most secure data destruction options available.”

PC Recycler’s recent completion of the comprehensive program, in which it was awarded AAA Certification from NAID’s Certification Review Board, demonstrates the company’s commitment to destroying data in the most secure environment possible. NAID members are not required to become certified; however, companies that earn NAID Certification are on the vanguard in establishing standards for secure destruction processes. And to customers responsible for protecting sensitive files such as patient records and classified information, working with a partner who provides air-tight data destruction services is imperative.

During the certification program NAID auditors investigate every aspect of a company’s data destruction operation: security, personnel, the destruction process, responsible disposal of destroyed media, and whether or not the company has purchased enough insurance. One of the most important standards a NAID certified company must meet is to have written policies and procedures to guide the data destruction process. Separate certifications are needed for mobile and plant-based operations, of which PC Recycler has both.

To receive their re-certification, PC Recycler met the following NAID High Standards:

• Current employees and future hires are subjected to background checks and drug testing.
• Plants must have a secure area within the building devoted to processing and destroying media. Buildings are monitored by alarms and closed circuit cameras.
• All personnel must wear uniforms. Individuals with access to secure areas must display photo I.D. badges. Visitors are required to wear guest badges, sign a log, and be escorted.
• Drivers of secure vehicles must carry two-way communication devices.
• Media to be destroyed is physically secured and attended to by employees while in the company’s custody.
• Serial numbers on all hard drives are recorded and delivered after destruction.
• Customers receive a certificate of destruction.

NAID Inspectors carry out random audits to test systems related to the facilities, storage containers, and vehicles used to provide destruction services throughout the year to ensure companies are staying within compliance. PC Recycler has demonstrated positive results when randomly audited and continues to pass the systems tests. Companies must reapply annually for NAID Certification.

In recent news,  service providers to California’s Office of Technology Services (OTech), IBM and Iron Mountain, reported that they were unable to locate several storage devices containing names, addresses, Social Security numbers, driver’s license numbers, names of health insurance providers, and employers of 800,000  California residents and customers of Department of Child Support Services. As a result, authorities have begun notifying customers of the security breach. Those affected by the breach have been urged to place a fraud alert on their credit cards, retrieve copies of credit reports, and review any explanation of benefits statements they receive from health insurers. Click here to read the full article.

Please take a moment to review our previous blog post to ensure you are taking the right steps to protect sensitive data devices:

Myth: Transporting Retired Data Storage Devices to Manufacturers is 100% Safe