sss78 - Fotolia

Manage Learn to apply best practices and optimize your operations.

Are recycled PC components hiding data security risks?

Recycled PC components can potentially retain data after the device is turned off or discarded. Enterprise Threats expert Nick Lewis discusses how to avoid the threat.

I read that recycled PC components -- keyboards, trackpads, monitors -- can retain data even after the PC is turned off. Is there any truth to this and, if so, is it something my enterprise should be concerned about? How can we keep data safe?

It's been long known that desktops must be securely erased prior to them leaving your enterprise, and this basic idea extends to other types of devices with hard drives or some type of storage that can hold hidden data. For example, multifunction printers or other similar printing devices have hard drives that can retain print jobs. Even RAM can retain data long enough after it is turned off and back on that cold boot attacks could be successful. In addition, many keyboards have on-board memory that saves specific keyboard configurations and commands.

Data is stored in many different buffers throughout the system -- wherever there is an input or output -- so that integrity checking can be done to make sure that sent data was received. Even paper retains data when erased in the form of the indentions in the paper.

Enterprises with the highest security requirements are likely already aware that data can hide on or escape from almost any part of a computer. For these reasons, enterprises must securely destroy all parts of the computers that can't be securely erased when removing the devices from service, including printers, keyboards and other components that can potentially store data.

While the majority of enterprises today do not have these high security requirements, organizations should take standard precautions when disposing old equipment -- this could include degaussing or securely erasing the storage on the components before recycling them. However, the added cost of just destroying the hardware components may be the easiest and most secure way of disposing of old equipment.

Ask the Expert!
SearchSecurity expert Nick Lewis is ready to answer your enterprise threat questions -- submit them now! (All questions are anonymous.)

Next Steps

Take a quiz on smart recycling of electronic equipment.

Learn how to quickly and securely erase a hard drive.

This was last published in November 2014

Dig Deeper on Network device security: Appliances, firewalls and switches

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Does your organization worry about hidden data on old PC components? What do you do before recycling to ensure data is eradicated?
Old and outdated equipment that was used to store our company data is always a concern. Our enterprise has protocols in place that ensure the old PC gear is properly wiped and data removed prior to releasing it for recycling. Any gear up for replacement and recycling goes through a five step procedure with our IT department that ensures all data is removed and written over. The hard write-over is the key to safe recycling.