End-of-life IT assets pose serious security risk to most firms

The research, from SustainMobile, notes that the disposal of mobile phones is an area that is often overlooked in many firms.

This year alone, says the company, an estimated 50 million company-issued mobile phones across the European Union will reach end of life (EoL).

The report says that less than 10% of these will be recycled, leaving the vast majority of devices to find their ways into drawers, dustbins and onto auction sites like eBay.

"The average smart phone contains more than 30 thousand pages of data when reaching EoL", says the research, adding that SustainMobile's investigations show that, whilst large corporations claim they have adequate solutions in place for handling EoL mobile devices, in reality less than 5% of them do.

These companies, says SustainMobile, have typically transferred responsibility to their telecom services provider and consider themselves protected by the outsourcing contract.

On investigation, the firm claims these operators themselves demonstrated a glaring absence of proper solutions.

"All of them run sustainability programs, but these typically concentrate on minimising the energy-use of their data centres and base stations", says the report.

"If available at all, business-to-business EoL programs entail little more than auctioning off obsolete or returned stocks of devices to the highest bidding party", it adds.

The report goes on to say that operators hardly keep track of the destination of these devices, which has led to illegal transport of electronic waste - along with illegal dumping practices, hazardous child labour - and classified company data ending up on public websites.

And now here's the bad news for company management, Infosecurity notes, as under certain national environmental regulations in the EU, SustainMobile claims that a firm's senior management may be held personally liable if their business is found not to handle its end-of-life assets responsibly.

"Even if not held liable, a business would have left untapped an attractive opportunity to enhance their corporate social responsibility and information security profiles without a lifecycle solution in place", concludes the report.

 

What’s hot on Infosecurity Magazine?