A global leader in asset disposition, data sanitization applies industry best practices to ensure data is not compromised in its technology lifecycle solutions.
SINGAPORE (June 27, 2023) – There were more than 1,800 data breaches at U.S. companies in 2022, nearly triple the number in 2010, with an average cost of more than $4.3 million. TES, a global leader in sustainable technology services, closes off a common vector for cyberattacks: sensitive information stored on computers and devices designated for disposal, recycling, or refurbishment.
While many cyber-attacks originate from malware, ransomware, or user carelessness, organizations are also highly vulnerable to access credentials that leak into view: One study found that 59 percent of financial services companies have more than 500 passwords that never expire, and nearly 40 percent have more than 10,000 ghost users.
When companies replace technology as part of lifecycle management, those long-term passwords may be leaked and accessed by malicious actors, exposing the organization to financial losses, legal ramifications, customer distrust, and damage to its reputation.
"Many businesses are unaware of the potential exposure they incur when they recycle or refurbish their technology," said Stuart Hebron, Group Chief Information Officer at TES. "It's essential that your partner IT lifecycle management facility employ the latest and most comprehensive security protocols."
TES invests in cybersecurity at all points of the IT asset disposition (ITAD) practice, preventing data leaks across the entire chain of custody. It begins with physical security in inter-location transport and continues with separate and secure storage of unprocessed assets to stop intra-site leakage. Internal security measures include camera surveillance, auditable access controls, security screening of employees, and security training.
Specific onsite security measures include:
- State-of-the-art video surveillance and integrated Security system (S2/LenelSystem) - NVR, Access Control, and Alarm Monitoring
- Over 1,000 cameras in TES Sites, with remote portal viewing capability
- Regional control center (RCC) with multi-site viewing and access control capability
- Storage capacity of 180 days, exceeding industrial practice
- Integrated Access Control Management system
- TeamGo VMS is in full compliance with PDPA/GDPR
TES also invests in security via its access policies and personnel practices, including:
- Ongoing cybersecurity training and campaigns
- Physical security training
- Comprehensive Network Security Solutions (SASE)
- Best-in-class endpoint protection
- Vulnerability and penetration testing programs
- Software and system update and patching programs
- Dedicated 24x365 Managed Detection and Response (MDR)
- Multi-factor authentication (MFA)
- Strong account policies (password, expiration, and uniqueness)
- Least-privilege user access to data
- Privileged access account controls
- Regular auditing of user accounts
TES conducts storage device sanitization through its Platinum partnership with Blancco, a recognized leader in enterprise data erasure services. As partners for 15 years, TES provides training for data-erasure staff, and Blancco processes are controlled to reduce variation or deviation from client-required standards.
Asset erasure is performed on the TES Sentinel Network - a separate, dedicated, secure network segment for processing assets and devices, and is firewalled from other TES corporate network segments. Blancco also supports on-site erasure for TES customers who select to have their equipment erased and certified at their locations before transport to TES facilities.
TES's Group Security Management Systems meet or exceed most customers' existing security requirements:
- TAPA Certifications Personnel screening program
- Security Awareness program
- Whistleblower program
- Employee spot-checks
- Personnel and vehicle exit checks
- Trash inspection program
- Security recognition award
- Security monitoring, virtual patrol, and prowling
- TES InXsights Security Management tool/dashboard
TES also complies with GPDR and other regulations with:
- Data at-rest and in-transit encryption
- Personal Identification obfuscation
- Assigned data protection officers in respective jurisdictions
"TES is known and trusted worldwide for how we manage the disposition of our client's physical assets," Hebron said. "However, clients should also know that we've designed our services to protect the confidential nature of their data and to mitigate any risks to them in the asset-recovery process."
For more information, visit the TES website at www.tes-amm.com.
