sss78 - Fotolia

Manage

Are recycled PC components hiding data security risks?

Recycled PC components can potentially retain data after the device is turned off or discarded. Enterprise Threats expert Nick Lewis discusses how to avoid the threat.

Nick Lewis

I read that recycled PC components -- keyboards, trackpads, monitors -- can retain data even after the PC is turned off. Is there any truth to this and, if so, is it something my enterprise should be concerned about? How can we keep data safe?

It's been long known that desktops must be securely erased prior to them leaving your enterprise, and this basic idea extends to other types of devices with hard drives or some type of storage that can hold hidden data. For example, multifunction printers or other similar printing devices have hard drives that can retain print jobs. Even RAM can retain data long enough after it is turned off and back on that cold boot attacks could be successful. In addition, many keyboards have on-board memory that saves specific keyboard configurations and commands.

Data is stored in many different buffers throughout the system -- wherever there is an input or output -- so that integrity checking can be done to make sure that sent data was received. Even paper retains data when erased in the form of the indentions in the paper.

Enterprises with the highest security requirements are likely already aware that data can hide on or escape from almost any part of a computer. For these reasons, enterprises must securely destroy all parts of the computers that can't be securely erased when removing the devices from service, including printers, keyboards and other components that can potentially store data.

While the majority of enterprises today do not have these high security requirements, organizations should take standard precautions when disposing old equipment -- this could include degaussing or securely erasing the storage on the components before recycling them. However, the added cost of just destroying the hardware components may be the easiest and most secure way of disposing of old equipment.

Ask the Expert!
SearchSecurity expert Nick Lewis is ready to answer your enterprise threat questions -- submit them now! (All questions are anonymous.)

Next Steps

Take a quiz on smart recycling of electronic equipment.

Learn how to quickly and securely erase a hard drive.

This was last published in November 2014

Dig Deeper on Network device security: Appliances, firewalls and switches

Key steps to destroy an SSD and protect your data Donating a used SSD may seem like a nice thing to do, but not if you want to keep your data secure. SSD disposal and recycling are more complicated than you might think.

Can remote wipe completely erase mobile phone data? Remote wipe is the option most people think of when looking to erase data on mobile phones, but it isn't always the most effective. Expert Nick Lewis explores how to fully remove data from a device.

New HP services unveiled for data sanitization, retention, recovery Resellers can now offer HP services that are designed to ease customers' data sanitization, retention and recovery efforts.

Security firm Secarma recovers data from drives bought on eBay Formatting hard drives does not delete data, security firm Secarma has warned after recovering data from recycled drives bought on eBay

iOS Erase iOS Erase is a feature that obliterates everything stored in the iOS encrypted file system’s user partition. All user partition contents – including contacts, calendars, device settings, third-party applications, and associated application data – become cryptographically inaccessible.

Privacy Tools

Nick Lewis asks:

Does your organization worry about hidden data on old PC components? What do you do before recycling to ensure data is eradicated?

Join the Discussion

Related Q&A from Nick Lewis

What are the benefits and challenges of cloud penetration testing?

Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading

How can companies prevent and respond to island hopping attacks?

Island hopping attacks create enterprise risk by threatening their business affiliates. Here's how to create an incident response plan to mitigate ... Continue Reading

What are the best criteria to use to evaluate cloud service providers?

Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

SearchCloudSecurity

How to implement zero-trust cloud security

The nature of cloud environments and workloads is changing. Security team approaches must evolve in response. Learn how to ...

AWS Access Analyzer aims to limit S3 bucket exposures

Amazon Web Services introduced the Access Analyzer tool at its re:Invent event. The new option aims to help users avoid ...

How to evaluate CASB tools for multi-cloud deployments

When it comes to evaluating CASB tools, it's essential to be an informed customer. Identify your organization's usage and ...

SearchNetworking

4 SD-WAN vendors integrate with AWS Transit Gateway

Aruba, Cisco, Citrix and Silver Peak are among the first SD-WAN vendors to integrate their products with the AWS Transit Gateway.

Assess the Wi-Fi 6 features available in Wave 1 and Wave 2

Catch up on the different features available with the first wave of Wi-Fi 6, including OFDMA and Target Wake Time, and find out ...

3 networking startups rearchitect routing

Networking startups Arrcus, DriveNets and Volta Networks help service providers redefine routing in the data center and at the ...

SearchCIO

Shell, Halliburton, Unibap AB execs share real-world AI strategies

Technology advances like quantum computing mean AI's best years are still to come, but that doesn't mean companies aren't already...

What's the difference between RPA and IPA?

To prepare for robotic process automation combined with the more sophisticated intelligent process automation, CIOs first need to...

The technological evolution of IT industry leaders: 2000 - 2020

As technology has shifted since 2000, so have IT leaders. This guide looks at how Oracle, Cisco, Dell and SAP have adapted to ...

SearchEnterpriseDesktop

Microsoft extends Office 365 benefit to nonprofit volunteers

Thursday's announcement extends the company's September offering of 10 free Microsoft 365 Business licenses for nonprofits' ...

Cut through confusion of the digital workspace market

What is a digital workspace, exactly? Find out the definition of this new technology, what it means for the future of end-user ...

Windows 10 issues top list of most read stories for IT pros

IT pros seemed focused on the latest Microsoft OS, based on our most read stories for 2019. That may not come as a surprise, ...

SearchCloudComputing

Review these Azure Service Bus best practices

When applications talk, you need to listen. Learn about Microsoft's cloud messaging service, its main features, best practices to...

Instill cloud change management best practices

Automation is essential to change management in the cloud. Discover the best practices that ensure your IT team is in sync and ...

How much cloud does an IT disaster recovery plan need?

It's not easy to get the right mix of traditional and cloud-based DR resources. Here's how to strike a balance between what's ...

ComputerWeekly.com

Top APAC telecoms predictions for 2020

The 5G bandwagon is the talk of town, but 4G will remain the priority for much of Asia-Pacific, among other key trends that will ...

FCO to boost cloud analysis setup

A new procurement process has been launched to bring in new features such as geospatial analysis

Tories plan electronic visa waiver for EU citizens

Pledge introduces the idea of electronic travel authorisation as part of plans to protect the UK border after Brexit

Join the conversation

2 comments

Send me notifications when other members comment.

Oldest

[-]

searchsecurity - 18 Nov 2014 6:02 AM

Does your organization worry about hidden data on old PC components? What do you do before recycling to ensure data is eradicated?

carol482 - 16 Mar 2015 2:43 PM

Old and outdated equipment that was used to store our company data is always a concern. Our enterprise has protocols in place that ensure the old PC gear is properly wiped and data removed prior to releasing it for recycling. Any gear up for replacement and recycling goes through a five step procedure with our IT department that ensures all data is removed and written over. The hard write-over is the key to safe recycling.

Are recycled PC components hiding data security risks?