Understanding the threat

The threat from the mismanagement of EOL assets range from regulatory fines to an existential attack on a bank’s reputation in the industry. Yet unlike other threats which result in fines, when it comes to EOL assets, it’s not only harder to predict how the threat may happen, but also the fines that will follow.

The potential for a data breach due to EOL assets comes from, not only all departments within a bank, but from all staff too. From a disgruntled employee who decides to steal a company smartphone, to insufficient auditing processes when wiping data from old laptops, the possibility for such a threat runs across the entire fabric of a bank.

Defining your ITAD Strategy  

• Depending on the strategy in place for the specific asset, we move on to the following step: Maximising your Return on Investment (ROI).
• Part of this tracking should not only report on the condition, location and people who use the asset, but also its expected EOL date. As that date approaches, a process should be in place whereby the asset – for example, a smartphone, photocopier or laptop – is readied for decommissioning.
• At the heart of the lifecycle of your IT assets should be a robust IT Asset Disposition strategy. This strategy shouldn’t just cover the EOL aspect of your assets, but the moment a PO has been raised to buy the latest piece of hardware, each asset needs to be tracked and fed into this process.

Maximising your Return on Investment (ROI)

While all assets will eventually face their EOL, different assets will still have value which is recoverable. For example, let’s imagine that you have 400 old PCs. One course of action would be to sanitise their data and then disposed of them, in line with environmental legislation.

Alternatively, you could audit the assets to see what is recoverable, both as reusable parts for sale on the ‘as new’ parts market, or to reuse the parts within your organisation.

This not only helps from an environmental perspective it unlocks value in the EOL assets and returns cash to the bank.

Educating your staff

Recent research showed that around 25% of data breaches in banks were down to lost or stolen mobile phones and laptops. While headlines often talk about hackers, the reality is that asset mismanagement is a serious threat too.

While IT has a stake in the education of staff, it’s also a HR onboarding process. When a new employee starts, or an existing employee is given access to a new device, mandatory training should be part of the process.

It’s crucial that all staff understand that the value of the IT asset is not the asset, but the potential breach of the data it contains.

Choosing your ITAD vendor

Due to the risks involved, a suitable ITAD vendor needs to be able to perform the following tasks:

• • • Global auditing / tracking of all IT assets in order to have a detailed and accurate log of devices in use
    • On-site / off-site data destruction – onsite data destruction is preferable for banks with compliance concerns
    • Asset recycling – the repurposing of used IT parts in order for banks to resell / reuse parts as ‘new’ equivalents
    • Full accountability – Certificate of erasure of data for each hard drive; Evidential video file of device destruction for each hard drive; Date and time-stamped of the destruction process; Full chain of custody tracking and reporting of all redundant/obsolete assets from receipt of goods to final disposition

According to Gartner, worldwide IT spending is projected to total $3.8 trillion in 2019, an increase of 3.2% from expected spending of $3.7 trillion in 2018. Of that, over $700 billion will be spent on devices.

For more information contact our expert team: https://wisetek.net/contact/