You’ve rolled out a new mobile device for your employees. It’s packed with the latest, greatest features and functionality. Your employees love it and adoption rates are high. Everything is perfect!
But now you have some decisions to make about your employees’ retired mobile devices. These devices should be handled and treated the same as every other data-bearing device in your enterprise.
You can’t just power them down and toss them in the trash. You must guarantee that your corporate data doesn’t get stolen from any of these used devices. You must also ensure that the devices are properly recycled or disposed of so that your company isn’t contributing to the global e-waste problem.
Make these steps part of your IT Asset Disposition (ITAD) strategy for used mobile devices:
1. Require complete removal of data from devices as part of your corporate policy.
Email, contacts, messages, downloaded documents and application information — what do these things have in common? They’re all types of data that are on the average company-issued mobile device. Moreover, this data is housed all over the device. Depending on the make, model and operating system of your mobile device, data may be contained on:
- Internal memory
- Solid-state drives (SSDs)
- NAND flash drives
- Subscriber identity module (SIM) cards
- Micro secure digital (SD) cards
For corporate-owned devices, all of this data — no matter how insignificant it seems — is sensitive, private, and extremely valuable to the wrong people. As such, you must ensure that every scrap of data is gone.
2. Follow the appropriate corporate and industry policies and procedures in determining whether to resell your used devices.
Some industries, such as healthcare, pharmaceuticals, finance and government, have extremely strict policies in place concerning data governance and security. Simply put: the nature of those industries and the sensitivity of the data contained on the average mobile device may prohibit resale of retired assets. The “factory reset” — a simple procedure that’s available on most smartphones — isn’t enough to ensure that sensitive data will be safe. Even dedicated data sanitization software is not enough to satisfy the extremely stringent data safety and privacy regulations in those industries. The only foolproof solution is the complete destruction of those devices.
3. Work with your provider to decide a sanitization strategy, if device destruction is not mandated.
Unfortunately, if your company is in one of the above verticals, destruction of the device is your only course of action. However, It is the only way to guarantee corporate data is 100 percent safe. If you opt for device destruction, a good ITAD provider will recycle materials when appropriate and handle hazardous materials in an environmentally conscious manner.
If your industry does not require destruction, there is another option to sanitize mobile devices — with software. Software-based data wiping means a second life for your mobile devices. A good ITAD provider will use military-grade software to ensure that the device is sanitized of any corporate data. The ITAD provider (and their partners) may also provide an auditable and verified report that confirms your corporate mobile devices were properly data sanitized, providing you with peace-of-mind.
However, as good as the data wiping software is, there is no solution — besides device destruction — that can guarantee complete data sanitation. The data will be exceedingly difficult to recover, but not impossible. If your company is comfortable with that low level of risk, and if there is a market for your corporate devices, you can reap the reward in the form of device resale.
Note: ITAD in general includes vendors who are specialists in different aspects of the process, such as recycling or refurbishing assets, but not in all of them. Choose a trusted partner with specialists in all areas, mobile-specific knowledge and experience, and a holistic view of IT asset disposition.
Are you outfitting your staff with new mobile devices? Do you have mobile-specific ITAD questions that we didn’t cover in this post? We’d love to hear from you! Please leave a comment below.