Skip to content
Contact Us

Enhance Cybersecurity in IT Asset Disposal: Best Practices & Standards

- 8 minute read

In an era where digitization drives business operations across the globe, the risk of cyber-attacks and third-party vulnerabilities has escalated to unprecedented levels. The increasing sophistication of these attacks poses a significant challenge to organizations of all sizes.

Companies in high-stakes sectors such as finance, healthcare, and technology are particularly vulnerable, facing not only direct threats but also risks originating from their third-party vendors. This blog discusses the action SK tes is taking to ensure robust cyber security throughout our ITAD global business services, allowing our clients to trust in us. 

1. Recent cyber attacks and the growing risk of third-party vulnerabilities

2. Resourcing cyber security

3. Cyber security incident readiness

4. The ISO/IEC 27001:2022 Information Management Standard

5. The Cyber Essentials Certified Cyber Security Scheme

 The growing risk of cyber attacks and third-party vulnerabilities

The volume of cyber-attack attempts on large global companies has seen a significant rise in recent years. With the increasing digitization of business operations, companies are becoming more susceptible to various forms of cyber threats. These attacks range from phishing schemes and ransomware to more sophisticated tactics like advanced persistent threats (APTs). In 2022 alone, the number of cyber-attack attempts globally reached over 2,200 per day. This alarming statistic underscores the need for information security management systems, cyber security measures and constant vigilance.  

Financial institutions, healthcare organisations, and technology companies are among the most frequently targeted sectors. Companies such as JPMorgan Chase, Anthem and Microsoft have all been high-profile victims of cyber-attacks. These industries are particularly vulnerable due to the sensitive nature of the data they handle and the significant financial gains that can be made by exploiting this information. Additionally, the interconnected nature of the global economy means that a successful attack on a single company can have wide-reaching repercussions, affecting partners and clients alike.  

One of the increasingly common strategies used by cybercriminals is targeting service providers to gain access to larger, more lucrative targets via ‘back doors’. This method involved compromising third-party vendors or service providers that have legitimate access to the larger company’s systems. This highlights the critical need for companies to not only secure their own systems but also to ensure that their service providers maintain rigorous cybersecurity standards. Regular audits, comprehensive vetting processes, and continuous monitoring are essential practices in safeguarding against these indirect attack vectors.  

Robust cybersecurity and Information security management is more critical than ever for service providers. This is especially relevant for IT Asset Disposition (ITAD) and e-waste recycling companies like SK tes, responsible for managing the chain of custody of data-bearing client IT equipment. Global ITAD companies handle a significant amount of sensitive assets on behalf of large global companies, making robust information security measures paramount. 

Resourcing cybersecurity in IT asset disposal

 ITAD companies handle the recycling, and remarketing of retired information technology equipment, which often contains sensitive and confidential information.  

Cybersecurity starts with ensuring that data is securely erased from devices before they are disposed of or repurposed. This involves using advanced data destruction methods and adhering to industry standards and regulations, such as GDPR or HIPAA. By investing in cybersecurity, ITAD providers can implement rigorous protocols for data sanitization, thus guaranteeing that no residual data can be recovered from disposed assets.  

Moreover, having a dedicated cybersecurity team allows ITAD service providers to stay ahead of emerging threats. Cybersecurity is a rapidly evolving field, with new vulnerabilities and attack vectors constantly being discovered. A specialized team can monitor these developments, update security practices accordingly, and provide ongoing training to staff. This proactive approach ensures that the ITAD company remains compliant with the latest security standards and can quickly respond to any potential breaches, thereby minimizing risk and enhancing the overall security posture of both the provider and its clients. SK tes employs dedicated full-time Cyber Security Practitioners to ensure that all our facilities around the world are protected.  

Cyber Security Incident Readiness

 

The importance of having cyber incident readiness cannot be overstated. Global ITAD companies handle sensitive and potentially vulnerable technology assets, making them potential targets for cyber-attacks. Ensuring that they are prepared to respond to incidents effectively is crucial in protecting their own operations, but also the data and privacy of their clients. Demonstrating this readiness globally is essential, as it builds trust with clients and partners while also adhering to international data protection and privacy regulations. 

SK tes has taken steps to enhance its cyber incident readiness and align with global security standards across its extensive network. With over 40 locations in more than 20 countries, it is a complex task to maintain a consistent and robust security posture across diverse geographies. By leveraging advanced security solutions like Cortex XDR from Palo Alto Networks, SK tes has evolved its network visibility and management. This powerful tool provides unmatched visibility, regardless of deployment location, which is critical for identifying and mitigating threats in real time. 

SK tes has established a standardized, centralized environment that strengthens its overall cybersecurity framework. This approach simplifies the management of security protocols and ensures that the SK tes can swiftly respond to incidents, minimizing potential damage. This proactive stance not only safeguards operations but also sets a benchmark for the ITAD industry, emphasizing the importance of robust cybersecurity measures in today's interconnected world. 

The ISO/IEC 27001:2022 Information Management Standard

 

Information security management standards play a pivotal role in safeguarding sensitive data, ensuring operational integrity, and maintaining customer trust. One of the most widely recognized information security management standards is ISO/IEC 27001:2022. This international standard provides a systematic approach to managing sensitive company information, ensuring it remains secure through a well-defined framework. The updated ISO27001:2022 standard outlines the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).  

For ITAD and e-waste recycling companies, adhering to ISO 27001 means they can confidently manage client data-bearing equipment, mitigating the risks of data breaches and other security threats.

SK tes has committed to accrediting all global ITAD sites to the updated ISO27001:2022 standard. SK tes facilities in Australia and Europe, are the most recent sites within the SK tes network of over 40 operating facilities around the world to certify to the ISO27001:2022 standard.  

Cyber Essentials Certified Cyber Security Scheme for ITAD

In the UK, another important certification is Cyber Essentials, a UK government-backed scheme designed to help organizations protect themselves against common cyber threats. While Cyber Essentials provides a basic level of assurance through a self-assessment, Cyber Essentials Plus involves a more rigorous, independent assessment of an organization’s cybersecurity measures. Key requirements that companies must have in place to be compliant with Cyber Essentials Plus include secure configuration, access control, robust malware protection and patch management.  

For ITAD and e-waste recycling companies, achieving Cyber Essentials certification means they have validated their defences against cyberattacks, further ensuring that the data they handle is protected throughout its lifecycle. This certification not only helps these companies manage their own information security but also reassures clients that their sensitive data is in safe hands.

Both SK tes ITAD facilities in the UK, located in Birmingham and Glasgow, are certified to Cyber Essentials and Cyber Essentials Plus, respectively.  

These standards help set the foundation for a secure and trustworthy operation by ensuring that sensitive data is managed and disposed of securely. By choosing ITAD companies certified to these standards, companies can rest assured that their equipment and information is being handles in a safe digital environment. 

The role of cybersecurity and information management systems in the ITAD and e-waste industry cannot be overstated. As cyber threats continue to evolve and become more sophisticated we face increasing pressure to protect sensitive data throughout the entire lifecycle of electronic equipment. By implementing rigorous security measures, adhering to internationally recognized standards such as ISO/IEC 27001:2022, and achieving certifications like Cyber Essentials, ITAD providers can enhance their security posture, mitigate risk, and build trust with clients. The proactive stance taken by SK tes demonstrates our commitment to providing a secure global service that our clients can rely on. 
Contact us to discuss about Cyber security for your IT asset disposal projects. 

 

Find out more about SK tes locations around the world.

Visit our interactive global facilities map to see SK tes's processing sites.

SpareParts_World (1)