Most companies are constantly refreshing their computers as technologies change, needs evolve, and security upgrades occur. As a result, there could be a cybersecurity threat collecting dust in a closet, or perhaps on its way to a dumpster. Furthermore, with the pandemic scattering workers from offices where “old-fashioned” desktops still held sway, the need for a more mobile workforce, and devices to support them is on the rise.
All of this means a lot of churn in computer hardware, with sales of new devices surging over the past year. Before the pandemic, most experts recommended desktops be replaced every 3–4 years. Laptops could have a shorter lifespan depending on the wear and tear. But what to do with the old computers?
“Never toss them into the dumpster, that is a really bad idea. And it would be best if you didn’t attempt to wipe a computer yourself as there’s quite a bit of a process to it. It’s generally not something the average office staff can do,” advises Patrick Dawson, an IT security expert in Atlanta.
MSPs can assist with disposing laptops and other devices
Not disposing properly of devices that have reached the end of their lifespan can pose a security risk and be costly. For example, in late 2020, Morgan Stanley was fined $60 million for not properly disposing of equipment and supervising server wipe-downs. There are also plenty of laws and regulations (local, state, and federal) governing the improper disposal of devices that contain personal information.
Experts say that electronic equipment disposal presents an opening for MSPs to expand their services, add to their bottom lines, and provide customers with a valuable service. Channel Futures put it this way:
The beauty of adding hardware disposal to the services you provide is that this doesn’t have to be your main business. It can just be something you do on the side, and it doesn’t take much effort or added expertise on your part. If clients are already relying on you for other managed IT services, there’s a good chance they’ll be happy to have you help them get rid of old hardware, too.
With many MSPs already stretched thin, there’s been a reluctance to jump into providing these services. Still, Dawson echoed Channel Futures in saying MSP involvement is a win-win.
“Most MSPs have the technical skills in-house to wipe a computer properly, and then these devices could be resold or repurposed. You’ll be removing a headache and potential liability from a client,” Dawson notes. “Your MSP could also donate computers to need or to underbudgeted schools which is not only an altruistic move but also is great community outreach.”
Utilize vendors to meet cybersecurity standards
Suppose your MSP does not have the in-house skills and or certification for disposing of end-of-life devices? In that case, you can at least help your customer contract with an established vendor in this space.
A data breach after a computer has left your client’s office could still come back to haunt the MSP in charge, even if you aren’t involved. It is in an MSPs’ best interest to at least have some involvement in the disposal process, as improperly disposed of end-of-lifespan computers and desktops can pose a grave cybersecurity threat to companies.
“Old computers usually contain a trove of information, from PII to PHI to passwords to other credentials. You have to know what you are doing to wipe a server clean completely,” Dawson states. “Amateurs shouldn’t attempt it. Some cybercriminals will go through great lengths to get their hands on an end-of-life span computer.”
Even innocent incidents can lead to a cybersecurity threat
“One client thought he wiped a work laptop clean, gave it to his daughter to take to college, and at some point, she found a file with customer’s personal information and credit information,” Dawson recalls. “To its credit, the company self-reported the incident to their customers and authorities, but they were ultimately fined.” It was as a tough lesson learned.
“A lot of people think once you put something into a computer’s trash bin that it is gone, but it is not. You need a certified professional to ensure a computer is completely clean,” Dawson says.
Experts recommend the following steps for MSPs wanting to jump into the disposal service market:
- Become involved in conversations with clients about how long they expect to get out of each piece of equipment. Figure out if your MSP has the time and talent necessary to secure end-of-life computers, and if it can be done in a way that adds to your MSP’s margins while offering your client a valuable service.
- If you can hit that sweet spot, have additional discussions with your clients.
- Know your laws about data governance and follow them precisely.
“People who are new to the field of equipment disposal may overlook things like chain-of-custody. You can’t just hand over computers to a courier service to take them to a disposal site,” Dawson says. “There are proper protocols and procedures in place, and MSPs need to learn them.”
The cost of not disposing of hardware properly can result in a cybersecurity threat that causes fines and damaged reputations. None of these are desirable outcomes, but the chance that they might occur creates an opportunity for MSPs to minimize any incoming cybersecurity threat.
Photo: Poring Studio / Shutterstock